Category Archives: Health Care

Hackers who breached European medical regulator leak vaccine-related data

Posted on by

Hackers who stole data related to a coronavirus vaccine have leaked it online, a European regulator investigating the breach said Tuesday. An ongoing investigation into the breach found that “some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet,” the European Medicines Agency said in a statement. It was not immediately clear what the unidentified attackers were trying to accomplish in dumping the data online. Cybercriminals often leak stolen data in an attempt to extort victims. Hackers last month stole documents from an EMA computer server related to a COVID-19 vaccine candidate developed by pharmaceutical firms Pfizer and BioNTech. The EMA emphasized that the breach hasn’t affected the efficacy or approval of the vaccine. The incident again spotlights that vaccine data has drawn interest not only from spies, but also also from scammers aiming to exploit a global […]

The post Hackers who breached European medical regulator leak vaccine-related data appeared first on CyberScoop.

Continue reading Hackers who breached European medical regulator leak vaccine-related data

Cyberattacks on Healthcare Spike 45% Since November

Posted on by

The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike. Continue reading Cyberattacks on Healthcare Spike 45% Since November

Singapore says COVID tracing app data is fair game for criminal investigations

Posted on by

Police in Singapore are authorized to use data collected by an application for tracking exposure to the coronavirus for criminal prosecutions, a Singaporean government official said Monday in a move that could draw criticism from civil liberties groups over potential privacy violations. “Singapore Police Force is empowered under the criminal procedure court to obtain any data and that includes the Trace Together [TT] data, for criminal investigations,” Desmond Tan, Singapore’s minister of state for home affairs, told members of parliament on Monday. “The government is the custodian of the TT data submitted by the individuals and stringent measures are put in place to safeguard this personal data.” Government officials tried to use the Trace Together website to assure Singaporeans that the data submitted throughout the contract-tracing app is limited and protected. A website update on Monday nonetheless informed users that police may request data for criminal investigations. Singapore, an island […]

The post Singapore says COVID tracing app data is fair game for criminal investigations appeared first on CyberScoop.

Continue reading Singapore says COVID tracing app data is fair game for criminal investigations

Pyongyang hackers eye more coronavirus research, Kaspersky says

Posted on by

North Korean-government linked hackers are continuing their effort to break into entities working on coronavirus-related research. In their latest antics, the hackers, suspected to be part of the government-backed hacking team known as Lazarus Group, have zeroed in on a pharmaceutical company and a government health-focused entity, according to Kaspersky research published Wednesday. Kaspersky attribute the hacking spree to Lazarus Group with “high confidence.” Kaspersky did not identify the targeted entities and did not reveal where the pharmaceutical company or the government entity are located. The activity appears to be just the latest of Pyongyang’s campaigns targeting coronavirus-related work. In recent months, North Korean hackers have reportedly gone after Johnson & Johnson and Novavax, both U.S.-based firms working on potential coronavirus vaccines. North Korean hackers have also reportedly targeted three South Korean-based firms and U.K.-based AstraZeneca.  The hackers used malware known as “Bookcode” to target the unidentified pharmaceutical entity in […]

The post Pyongyang hackers eye more coronavirus research, Kaspersky says appeared first on CyberScoop.

Continue reading Pyongyang hackers eye more coronavirus research, Kaspersky says

Hackers breach European agency to access BioNTech, Pfizer COVID-19 vaccine files

Posted on by

The European Medicines Agency, which is currently helping to roll out two coronavirus vaccines, has been hit by hackers, the agency announced Wednesday. Attackers successfully accessed “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate” that were stored on a European Medicines Agency (EMA) server, according to a statement BioNTech released on its investors’ website. The intruders did not breach any BioNTech or Pfizer systems, according to BioNTech’s statement. BioNTech said it is unaware if any study volunteers had been identified in the course of the attack. Moderna, another company working with the EMA on a vaccine candidate, did not immediately return request for comment. The EMA said it is working with law enforcement to investigate the incident further. In the interim, the timeline for the Pfizer and BioNTech vaccine’s review will not be affected, according to BioNTech. “At this time, we await further information […]

The post Hackers breach European agency to access BioNTech, Pfizer COVID-19 vaccine files appeared first on CyberScoop.

Continue reading Hackers breach European agency to access BioNTech, Pfizer COVID-19 vaccine files

Bug could expose patient data from GE medical imaging devices, researchers warn

Posted on by

Security researchers have discovered a software vulnerability that could allow an attacker to steal sensitive patient data from X-ray and MRI machines, or more than 100 models of General Electric medical devices. While there is no evidence that hackers have exploited the vulnerability for their own gain, the flaw points to the recurring issue of health care devices sending patient information over insecure channels. In this case, the maintenance software for the GE medical devices used publicly-exposed login credentials, which could allow attackers to execute code on the devices. “The bigger picture here is authentication and it’s a problem that’s unfortunately typical for medical devices,” said Elad Luz, a researcher at CyberMDX, the medical security company that publicly disclosed the vulnerability on Tuesday. Using the vulnerability to steal patient data would require a malicious hacker to first gain access to a health care organization’s computer network. Actually leveraging the bug […]

The post Bug could expose patient data from GE medical imaging devices, researchers warn appeared first on CyberScoop.

Continue reading Bug could expose patient data from GE medical imaging devices, researchers warn

Ransomware attack may delay scheduled procedures at Baltimore-area medical center

Posted on by

The Greater Baltimore Medical Center on Sunday became the latest U.S. hospital to grapple with a ransomware incident amid a raging pandemic that has stretched health care IT resources thin. The ransomware attack caused “many of our [IT] systems” to go down, the 342-bed medical center said in a statement late Sunday. That means some patient procedures scheduled for Monday “may be affected,” GBMC said. The hospital emphasized that it had “robust processes in place to maintain safe and effective patient care.” It was unclear how many patient procedures were affected by the ransomware attack, or what type of malicious software was involved. A GBMC spokesperson did not respond to requests for comment. GMBC said no patient data had been “misused,” and that it had enlisted outside security experts and law enforcement to help respond to the incident. The Towson, Maryland-based medical center is following a playbook that numerous hospitals […]

The post Ransomware attack may delay scheduled procedures at Baltimore-area medical center appeared first on CyberScoop.

Continue reading Ransomware attack may delay scheduled procedures at Baltimore-area medical center

COVID-19 hacking extends to supply chain for controlling vaccine temperature, IBM says

Posted on by

As drug companies turn their attention from the development to the deployment of a coronavirus vaccine, well-resourced hackers are doing the same. IBM researchers on Thursday revealed a global spearphishing campaign they said was aimed at companies involved in the storage and transport of vaccines in temperature-controlled environments. Those controls allow the medicine to be sent to far-flung places. IBM suspects the attackers are tied to a government, but they said they didn’t have enough evidence to determine which one. The attackers’ goal may have been to steal login credentials from those companies in order to gain future access “to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” the researchers said. It’s unclear how successful the phishing has been. The findings illustrate how virtually every step of the month-long project by drug companies to produce a vaccine has been targeted by hackers. The U.S. government accused Chinese hackers of targeting […]

The post COVID-19 hacking extends to supply chain for controlling vaccine temperature, IBM says appeared first on CyberScoop.

Continue reading COVID-19 hacking extends to supply chain for controlling vaccine temperature, IBM says

Flaw in Philippines’ contact-tracing app served up data on 30K health care providers, research finds

Posted on by

A web and mobile phone application that the Philippines government uses to track coronavirus cases contained a flaw that could have allowed access to the names of tens of thousands of health care providers that use the app in that country, according to new research. The flaw has been fixed, but it stands out as another cautionary tale of how software tools used to combat the pandemic can open up new fronts in data insecurity. Multinational company Dure Technologies and officials from the World Health Organization and the Philippines Department of Health developed the app to efficiently report COVID-19 cases and help with contact tracing, and released it in June. But when researchers from the University of Toronto’s Citizen Lab investigated the app’s code, they found pressing security issues. A web version of the app, which is known as COVID-KAYA, had a flaw in its authentication logic that revealed the […]

The post Flaw in Philippines’ contact-tracing app served up data on 30K health care providers, research finds appeared first on CyberScoop.

Continue reading Flaw in Philippines’ contact-tracing app served up data on 30K health care providers, research finds

Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments

Posted on by

A cyberattack at the University of Vermont Health Network has forced one of the network’s hospitals to delay chemotherapy and mammogram appointments, making it the latest example of how cybercriminals can impact patient care. The disruption of computer systems at the health network, which comprises six hospitals and more than 1,000 physicians, began the week of Oct. 25, the organization said. The attack made some of the data used to process appointments for cancer patients temporarily unavailable. And the health network said that as of Monday it was still unable to conduct mammograms, breast ultrasound screenings and biopsies because of a lack of access to patient data. The health network is nonetheless still treating cancer patients and is working to “expand our capacity” to provide chemotherapy seven days per week, the organization said in a statement on Saturday. The laborious recovery process is ongoing. “We are slowly and methodically restoring some systems,” […]

The post Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments appeared first on CyberScoop.

Continue reading Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments