U.S. Health Care Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (DHS), have issued a cybersecurity advisory to the U.S. healthcare sector (Alert: AA20-302… Continue reading U.S. Health Care Under Attack

Safeguarding Our Health Information in a Global Pandemic

HHS Can Use Cloud Web Isolation to Stop Cybersecurity Threats without Impacting Productivity.
The U.S. Department of Health and Human Services (HHS) has been on the front lines of the Covid-19 pandemic, working with other federal departments to co… Continue reading Safeguarding Our Health Information in a Global Pandemic

DDoS attack on US Health agency part of coordinated campaign

It coincided with a disinformation campaign carried out via SMS, email and social media claiming that national quarantine was imminent. Continue reading DDoS attack on US Health agency part of coordinated campaign

Texas HHS Commission Penalized $1.6M for HIPAA Violations

The Texas Health and Human Services Commission (TX HHS) must pay a civil penalty of $1.6 million for having violated HIPAA. The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) imposed the penalty in response to H… Continue reading Texas HHS Commission Penalized $1.6M for HIPAA Violations

Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes. Continue reading Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

Attackers behind CMS portal breach used legit accounts to swipe data

The attackers responsible for a breach of an online portal run by the Centers for Medicare and Medicaid Services last month did so by taking advantage of lax privileges given to legitimate accounts, CyberScoop has learned. In October, CMS announced that hackers obtained data on 75,000 people from a portal used by health insurance agents and brokers assisting people with direct enrollment in the government’s health insurance exchanges. On an internal briefing call held Wednesday at the Department of Health and Human Services, Acting CMS CIO Rajiv Uppal updated agency IT officials with more details on the breach. The details of that call were shared with CyberScoop. Uppal said the breach happened after 45 portal accounts were discovered to be conducting millions of searches in order to pull information from the database. From those searches — which included names, birthdates and the last four digits of Social Security numbers — attackers […]

The post Attackers behind CMS portal breach used legit accounts to swipe data appeared first on Cyberscoop.

Continue reading Attackers behind CMS portal breach used legit accounts to swipe data

Further Down the Trello Rabbit Hole

Last month’s story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support companies are publishing credentials via public Trello boards that quickly get indexed by the major search engines. Continue reading Further Down the Trello Rabbit Hole

Former HHS CISO to join voting technology vendor as security lead

The former chief information security officer of the Department of Health and Human Services is taking a role at one of the country’s largest voting machine manufacturers as its head of security. ES&S announced on Wednesday that Christopher Wlaschin will be its new vice president of systems security responsible for the company’s security efforts, including that of its products as well as operational and infrastructure security. He will be involved in ensuring the security of ES&S’s products and engaging in the certification process they undergo in order to be used in elections, the company announced Wednesday. “Our priority at ES&S is developing resilient, auditable and secure voting software and equipment to support our customer’s mission of delivering secure, fair and accurate elections,” said ES&S CEO Tom Burt. Wlaschin departed as CISO of HHS last month, which he has said was due to family medical issues. Surrounding his departure, however, was controversy over an investigation of […]

The post Former HHS CISO to join voting technology vendor as security lead appeared first on Cyberscoop.

Continue reading Former HHS CISO to join voting technology vendor as security lead

Watchdog group calls on HHS to improve cyber defenses

An internal audit of the Department of Health and Human Services’ cybersecurity posture found that four HHS divisions need to improve their security controls, according to a summary report released Tuesday. The HHS’s Office of Inspector General said that it conducted penetration testing on four of HHS’s 11 operating divisions throughout fiscal year 2016 with the help of contractor Defense Point Security. The summary did not specify which divisions were part of the audit, but said that OIG identified “configuration management and access control vulnerabilities.” The OIG hasn’t released the full report to the public, saying that some of the information is restricted. The OIG says it issued recommendations to HHS to improve security controls, but didn’t specify the recommendations. The summary also said that the HHS operating divisions have corrected or are correcting the vulnerabilities, but that the OIG hasn’t validated those corrections yet. Cybersecurity was identified as a focus area in the OIG’s 2017 report […]

The post Watchdog group calls on HHS to improve cyber defenses appeared first on Cyberscoop.

Continue reading Watchdog group calls on HHS to improve cyber defenses