ransomware

Malicious email and data breach

May 11th, 2016

Mayfield Brain and Spine may have suffered data breach due to malicious emails. It has notified some patients about the healthcare ransomware incident. According to OCR reporting tool, the breach has affected 23,341 individuals.

According to the statement, Mayfield Brain and Spine medical center mentioned that an unauthorized entity accessed its account related to outside vendor. After accessing the database it has sent a fraudulent email. The modus operand was simple. When email recipients opened the attachment, malware gets downloaded.

“The vendor receives only email addresses from Mayfield,” said Mayfield Clinic Inc.’s Vice President of Communications Thomas Rosenberger. “No other health or financial information is shared. In this incident, no Mayfield systems were involved, and no patient health or financial information was compromised.

Facility works with vendor to email Mayfield information, such as newsletters, educational information, invitations, and announcements. The vendors also send the emails to patients, business associates, event attendees, website contacts, and other people associated with Mayfield Clinic Inc.

“Mayfield’s first priority is always the well-being of our patients. Once we learned of the incident, we immediately communicated with recipients by email, by social media, and on our website, including both notification and instructions on how to remove the virus.”

Mayfield Brain and Spine guided recipients to resolve the issue by downloading free software to eliminate the malware.  Also, it has collaborated with the vendor’s compliance office to analyze the situation. The facility is also working with computer virus protection service to nullify the virus.

“We are continuously monitoring the situation,” continued Rosenberger. “With all of the action taken to date, we do not believe that recipients of the fraudulent email need to take any additional steps at this time.”

According to the statement:

Mayfield Brain & Spine is the full-service patient care provider of the Mayfield Clinic, one of the nation’s leading physician organizations for neurosurgical treatment, education, and research. With more than 20 specialists in neurosurgery, interventional neuroradiology, physical medicine and rehabilitation, and pain management, Mayfield Brain & Spine treats 20,000 patients from 35 states and 13 countries in a typical year. Mayfield physicians specialize in the treatment of back and neck pain, sciatica, Parkinson’s disease, essential tremor, NPH, epilepsy, brain and spinal tumors, stroke, moyamoya, brain aneurysms, Chiari malformation, scoliosis, kyphosis, facial pain, facial twitch, trauma, concussion, spinal cord injury, and carpal tunnel. As leading innovators in their field, Mayfield physicians have pioneered surgical procedures and instrumentation that have revolutionized the medical art of neurosurgery for spinal diseases and disorders, brain tumors, and neurovascular diseases and disorders.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ransomware and Data Breach

April 21st, 2016

“Is ransomware considered a health data breach under HIPAA?”. The answer is explored in the recent issue of Forbes magazine by author Dan Munro. He researched healthcare and compliance domains.

According to the information presented, a ransomware attack should not be considered data breach as per PHI disclosure restrictions in HIPAA. It is more about the message of lax security that’s being broadcast to cyber-criminals around the world. But Dan believes otherwise.

Ransomware attacks should be considered as unauthorized exposures of private information. It is same as the outright theft of the laptop, desktop, or server breach.

Acccording to the records of Office of Civil Rights (OCR) in 2015, there were more than 300 disclosed healthcare breaches. One-third are due to the loss or theft of some piece of equipment like laptop, desktop, server, or other portable electronic device.

The report also states that more than 100 of the disclosed breaches were due to attack like ransomware. The breaches affected more than hundreds of thousands of records.  It is believed that the records under the hands of criminals can cause breach.

HIPAA rules states that the notification letters to be sent to affected individuals because the systems and the PHI are not under control of the healthcare provider.

Ransomware Attacks

Types of Ransomware –

Few attacks takes control of machine and lock it down. This action blocks the access to legitimate users. The system is unlocked only paying after ransom amount and clearly the system is under the control of criminals.

Few attacks involves remote access control by criminal. They awaits the Bitcoin payment to unlock and reconfigure the system.

Common form of ransomware includes a software which encrypts certain important files with certain password. The process includes accessing the files and encrypting and storing the files  in the same place. Once the payment is done, files are unlocked.

Now a days, ransomware attacks to extort money are on the rise.

There’s more and more documented evidence that this is going on,” says Ori Eisen, founder and chief innovation officer of fraud prevention company 41st Parameter. “It’s more prevalent in the United Kingdom, which is sort of a staging or testing ground. It’s starting there and getting more momentum.”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hospitals and Ransomware

March 28th, 2016

The Ottawa Hospital, Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital was recently infected with ransomware.

As per Kentucky Methodist Hospital, “Methodist Hospital is currently working in an internal state of emergency due to a computer virus that has limited our use of electronic Web-based services. We are currently working to resolve this issue, until then we will have limited access to Web-based services and electronic communications.”

“It did cause significant disruptions of our IT systems,” Fred Ortega, spokesman for Prime Healthcare Services, which operates Chino Valley Medical Center and Desert Valley hospital, told BBC News. “However, most of the systems and the critical infrastructure has been brought back online.”

Locky ransomware was delivered by email and spread from the initial infected computer to others on the network. Jamie Reid, Kentucky Methodist’s information systems director mentioned in the statement.

“We have a pretty robust emergency response system that we developed quite a few years ago, and it struck us that as everyone’s talking about the computer problem at the hospital maybe we ought to just treat this like a tornado hit, because we essentially shut our system down and reopened on a computer-by-computer basis,” David Park, an attorney for Kentucky Methodist, told Krebs.

Attackers demanded four bitcoins (approximately $1,600) to decrypt the files.

Canada’s Ottawa Hospital was also infected. Around 9,800 computers were infected with ransomware. “The malware locked down the files and the hospital responded by wiping the drives,” hospital spokeswoman Kate Eggins told the National Post. “We are confident we have appropriate safeguards in place to protect patient information and continue to look for ways to increase security.”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.