Health care IT workers report increased cyberattacks affecting patient care

More than half of the respondents to a health care cybersecurity survey say their organizations suffered a ransomware attack in the past year.

The post Health care IT workers report increased cyberattacks affecting patient care appeared first on CyberScoop.

Continue reading Health care IT workers report increased cyberattacks affecting patient care

Researchers show how to tamper with medication in popular infusion pumps using software flaws

McAfee security researchers on Tuesday said they had found multiple vulnerabilities in infusion pump software that, under certain conditions, a skilled hacker could use to alter a patient’s medication dose to a potentially unsafe level. The vulnerabilities are in equipment made by multinational vendor B. Braun that are used in pediatric and adult health care facilities in the United States. While there are no reports of malicious exploitation of the flaws, the research illustrates the challenge of securing devices conceived decades ago from 21st-century digital threats. The findings come as the health care sector reckons with a series of ransomware attacks that hit aging hospital computer networks during the pandemic. Medical devices “remain vulnerable to legacy issues that have persisted for many years and have exceptionally slow update or upgrade cycles,” said Steve Povolny, who heads the Advanced Threat Research team at McAfee. In a statement, B. Braun said the […]

The post Researchers show how to tamper with medication in popular infusion pumps using software flaws appeared first on CyberScoop.

Continue reading Researchers show how to tamper with medication in popular infusion pumps using software flaws

Sensitive medical, financial data exposed in extortion of Massachusetts hospital

A hospital in Massachusetts quietly paid off a ransomware gang after a February hack that exposed patients’ sensitive medical and financial data, the hospital said in a May 28 statement. Sturdy Memorial Hospital, a 126-bed facility in the city of Attleboro, said that the information exposed in the hacking incident may have included insurance claim numbers, medical history, treatment information, Social Security numbers, bank routing numbers and credit card numbers and security codes, among other data. “In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed,” Sturdy Memorial said. Other Massachusetts health providers with which Sturdy Memorial Hospital has worked were swept up in the incident. The breach affected data belonging to patients of Harbor Medical Associates, South Shore Medical Center and providers affiliated with South Shore Physician Hospital Organization, according to the statement. Nearly four […]

The post Sensitive medical, financial data exposed in extortion of Massachusetts hospital appeared first on CyberScoop.

Continue reading Sensitive medical, financial data exposed in extortion of Massachusetts hospital

Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments

A cyberattack at the University of Vermont Health Network has forced one of the network’s hospitals to delay chemotherapy and mammogram appointments, making it the latest example of how cybercriminals can impact patient care. The disruption of computer systems at the health network, which comprises six hospitals and more than 1,000 physicians, began the week of Oct. 25, the organization said. The attack made some of the data used to process appointments for cancer patients temporarily unavailable. And the health network said that as of Monday it was still unable to conduct mammograms, breast ultrasound screenings and biopsies because of a lack of access to patient data. The health network is nonetheless still treating cancer patients and is working to “expand our capacity” to provide chemotherapy seven days per week, the organization said in a statement on Saturday. The laborious recovery process is ongoing. “We are slowly and methodically restoring some systems,” […]

The post Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments appeared first on CyberScoop.

Continue reading Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments

German investigators treating ransomware attack as negligent homicide, reports say

German prosecutors last week opened a homicide investigation into a deadly ransomware incident on a university hospital, according to multiple German media reports. If confirmed, it would be the first documented case of a death stemming, directly or indirectly, from a cyberattack, analysts say. Christoph Hebbecker, a cybercrime prosecutor in the German city of Cologne, said Friday that his office had opened an investigation into the ransomware attack as a “negligent homicide,” the Germany news agency DPA reported. The investigation centers around a ransomware infection that hobbled the IT systems of the University of Duesseldorf’s main hospital earlier this month. The disruption forced a critically ill patient to be redirected to a hospital 20 miles away. The patient later died, according to German media reports. Hebbecker’s spokesperson did not return a request for comment on Monday. The incident highlights the starkly different risks facing organizations with vulnerable software. For some, […]

The post German investigators treating ransomware attack as negligent homicide, reports say appeared first on CyberScoop.

Continue reading German investigators treating ransomware attack as negligent homicide, reports say

Data Breach at Roper St. Francis Hospital Affects 6,000 Patients

Roper St. Francis Hospital (RSFH) has reported that 6,000 patients are directly affected by a data breach that allowed attackers to steal their medical records and other personal information. Healthcare private data is one of the most valuable commodit… Continue reading Data Breach at Roper St. Francis Hospital Affects 6,000 Patients

Patient PII exposed in leak of Pennsylvania-based rehab center records

A trove of personally identifiable information on patients at an addiction treatment center in Pennsylvania has been left in an insecure database, potentially exposing those people to identity theft. Patient names, their rehab care provider, and specific procedures they received were among the information sitting in a database that didn’t require authentication for someone to access, according to Justin Paine, the security researcher who made the discovery. Taking a tiny sample size of the nearly 5 million rows of data that he found, Paine roughly estimated that over 146,000 unique patients could be affected by the data leak. He emphasized, however, that it is “entirely possible” that the sample was not representative of the full dataset. “I only sampled the 5,000 rows of data,” Paine told CyberScoop in an email. “I didn’t want to go digging through the sensitive data any further than I needed to.” Paine came across the […]

The post Patient PII exposed in leak of Pennsylvania-based rehab center records appeared first on CyberScoop.

Continue reading Patient PII exposed in leak of Pennsylvania-based rehab center records