Collaborate Disseminate
The ransomware has previously received little public scrutiny.
The post FBI, CISA, Treasury: North Korean hackers taking aim at health care with Maui ransomware appeared first on CyberScoop.
The targeted systems are just two of dozens of the group’s attacks in the last year.
The post Ransomware group strikes second U.S. health care system in the last two months appeared first on CyberScoop.
Continue reading Ransomware group strikes second U.S. health care system in the last two months
Five zero-days found in Aethon TUG robots included one that could allow an attacker to control the machines, Cynerio said.
The post Hospital hallway robots get patches for potentially serious bugs appeared first on CyberScoop.
Continue reading Hospital hallway robots get patches for potentially serious bugs
A little more than a year removed from its role in advancing some of the most significant cybersecurity legislation ever enacted, the Cyberspace Solarium Commission is transforming into version 2.0 of itself. With some of its key recommendations now law — such as the creation of the Office of the National Cyber Director in the White House — the remnant of the congressionally created panel is turning its attention to tracking how those ideas are implemented, while studying some of the issues it didn’t get to fully examine before releasing its final report. Those areas of study include protecting the water, maritime transport and health care sectors, as well as strengthening the federal and private sector workforce and ensuring plans to avert disruptions to the economy caused by cyberattacks. Now housed within the Foundation for Defense of Democracies (FDD) think tank, the commission’s 2.0 work should take another two years, […]
The post The Cyberspace Solarium Commission pushed some major policies into law. So what now? appeared first on CyberScoop.
Silicon Valley cybersecurity company Forescout Technologies said Tuesday that it is acquiring CyberMDX, a medical-device security company known for its research into potential cyberthreats against health care technology. CyberMDX is a natural fit for Forescout, which focuses on securing connected devices and operational technology (OT) for large organizations — including what the industry calls the Internet of Medical Things (IoMT). Terms of the deal were not disclosed. “Cybersecurity for IoMT, much like cybersecurity for OT devices, requires specific expertise and technologies,” Forescout CEO Wael Mohamed said. “We are pleased to have the CyberMDX team join Forescout as we continue delivering new capabilities on our market-leading platform and grow our R&D center.” Research by CyberMDX has been responsible for shedding light on critical vulnerabilities in widely used medical imaging devices, patient monitors, anesthesia machines and infusion pumps. Forescout’s platform specializes in “device intelligence and network fabric technology,” or finding and classifying […]
The post Forescout acquires medical IoT security company CyberMDX appeared first on CyberScoop.
Continue reading Forescout acquires medical IoT security company CyberMDX
A team at the Wireless Bioelectronics Lab at the National University of Singapore led by [Dr John Ho] announced the results of their new Wireless Sensing (WiSe) smart sutures program last …read more Continue reading Smart Sutures Become WiSe
Telehealth platform Doxy.me is fixing an issue that allowed three third-party firms to access the names of some patients’ providers, the company told CyberScoop after it notified the company of the problem. The company, which self-reports as holding 30% of the growing U.S. telemedicine market and is currently used by over 1 million providers worldwide, appeared to also be sharing IP addresses and unique device identification numbers with Google, Facebook and the marketing software company HubSpot, privacy researcher Zach Edwards found after examining the platform. The sensitive user data was accessible when patients clicked on a link to the platform’s “virtual waiting room” service, which connects patients with medical professionals. Providers can choose the name of their waiting room, which is often their name or the name of their medical practice. (In a sample observed by CyberScoop, the URL included the name of a provider.) It appears that Doxy.me tried […]
The post Telehealth app Doxy.me is fixing a leak that exposed patient data to Facebook, Google appeared first on CyberScoop.
A group of likely foreign government-sponsored hackers is behind cyberattacks on two bio-manufacturing companies that occurred this year, using a kind of malware capable of operating with independence within a network, an industry group warned. The Bioeconomy Information Sharing and Analysis Center (BIO-(ISAC) dubbed the malware “Tardigrade” after the resilient micro-animal, and said it looks like the work of an advanced persistent threat group, a term that most often refers to government-backed attackers. Researchers first investigated the hacking tool this spring following a ransomware attack. The actor behind Tardigrade doesn’t just appear to want payment to decrypt systems, though. Rather, it could be primarily a tool for intellectual property theft, BIO-ISAC said on Monday. The biomanufacturing sector encompasses makers of coronavirus vaccines and treatments, although BIO-ISAC has declined to say whether the firms hit in the spring and then in October were involved in battling COVID-19. “Bioeconomy” is a term […]
The post Industry group sounds alarm over ‘Tardigrade’ malware targeting biomanufacturing sector appeared first on CyberScoop.
The U.K. National Cyber Security Centre fought a record number of digital intrusions in the past year, the agency reported, driven by a surge in ransomware and hackers targeting the health care sector during the COVID-19 pandemic. Over a 12-month period ending in September, the agency responded to 777 incidents, a more than 7% increase, the center said in its Nov. 17 annual report. Ransomware kept the center busy, with officials handling the same number of incidents in the first four months of 2021 that it did in all of 2020, itself triple the number of incidents in 2019. That made ransomware the “most significant cyber threat facing the U.K. this year,” the report states. Still, businesses aren’t taking it seriously enough, National Cyber Security Centre CEO Lindy Cameron wrote. “In my view it is now the most immediate cyber security threat to U.K. businesses and one that I think […]
The post Ransomware fueled record year for UK cyber response appeared first on CyberScoop.
Continue reading Ransomware fueled record year for UK cyber response
Intruders accessed patient and employee data after infiltrating health-releated IT systems in a breach that’s only now coming into focus. A security incident affecting the province of Newfoundland and Labrador, first detected Oct. 30, took down multiple health networks, leading to the cancellation of thousands of appointments, including for chemotherapy treatments. The regional Eastern Health authority, which employees 13,000 people, on Tuesday announced that its email system was again functioning, more than a week after the initial compromise became known. “As part of the on-going investigation into a cyberattack that impacted health care IT systems in Newfoundland and Labrador, it has been determined that some personal information and personal health information was accessed from the systems,” the provincial government said in a Nov. 9 news release. “A review is ongoing to determine if any other information is affected in the incident and further updates will be provided as appropriate.” Hackers […]
The post Canadian hospitals recovering from breach that forced thousands of appointment cancellations appeared first on CyberScoop.