Hospitals under attack!

 

One industry that continues to be attacked, and with growing numbers successfully, are hospitals and the medical field. Their data continues to be valuable with the immediate uses and to be dissed and sold several times across the dark web. A method commonly used includes with these attacks is ransomware. The attackers are able to encrypt files, folders, and entire systems and demand a fee, or in addition exfiltrate the data and demand a fee for not publishing this in the public forums. The Sky Lakes Medical Center recently had the opportunity to deal with this issue, arising from their successful attack. Sky Lakes Medical Center is located in Klamath Falls, Oregon.

Data Security Incident

As with any breach, the operations get pretty exciting after one is detected. After all, an unauthorized party is in your system doing who knows what for an indeterminant amount of time. This is especially the case with a healthcare facility due also to a few federal statutes focused on ensuring patient’s data remains private and confidential. In this case, several computer systems were encrypted as part of the attack. The issue was discovered on 10/27/2020. As an initial step, the organization contracted with a cybersecurity firm to investigate the breach.

Data

There was a limited amount of data involved with the breach. The attackers were able to access a limited number of older medical images. Due to the age of these, the effect may be moot. It is fortunate the attackers were not able to access the other areas holding much more current patient data.

Post-Breach

The systems were brought online to continue the facility’s operations. There, also, fortunately, was no evidence any of the accessed data had been misused. To improve the security stance, the organization has taken additional safeguards and added technical security features. At this point, the information published was lacking. For example, the breached systems were not named, if the hospital used recent back-ups or paid the ransom, or if this was accomplished from a phishing email. Regardless of the method, this still shows the importance of employee training and checking your back-ups regularly.

Resources

Hottman, T. (2020, December 24). Sky lakes medical center identifies and addresses data security incident. Retrieved from https://www.skylakes.org/news/releases/sky-lakes-medical-center-identifies-and-addresses-data-security-incident/

Klamath Falls News. (2020, December 24). Sky lakes medical center identifies and addresses data security incident. Retrieved from https://www.kalmathfallsnews.org/news/sky-lakes-medical-center-identifies-and-addresses-data-security-incident

 

 

 

 

PLEASE contact us when we may be of assistance with embedded systems cybersecurity architecture, validation, and penetration testing. We have a full lab ready to perform.

Charles Parker, II; Principal Scientist; MBA/MSA/JD/LLM/PhD/DCS (IP)

charlesparkerii@gmail.com

810-701-5511

 

Phishing continues to evolve

 

Phishing has been one of the more profitable ventures for attackers. This is especially true when phishing is coupled with other attacks, such as ransomware. Since phishing is so useful and potentially a revenue-producing activity, it is no wonder a new method has been devised to further the reach. One well-used method to lure the unsuspecting victim has been the landing page which looks to be perfectly legitimate, however, is full of malware and/or malicious links. This spoofing may also include a login page, to further gather data. With the latest tools in place, the malicious website closed, are easier to find. As this has been known, the attackers have thought through a nuance to the age-old attack-creating a landing page for AV and an alternative, malicious version for the unsuspecting user. The AV version has the appropriate background image. The primary difference is the colors are inverted. This is done due to the AV coded to focus on the landing page’s shapes, not colors. The second step involves the user. The user sees the odd coloration and moves on to the alternative version of the landing page. The other landing page has the correct colors with a little something added for the attacker’s benefit. This attack continues to show the need for user vigilance. If something looks odd, don’t keep clicking. If you click something once that doesn’t look right, don’t click the same thing three times. There probably is a problem. Advise your users not to click on provided links, but type them in.

 

PLEASE contact us when we may be of assistance with embedded systems cybersecurity architecture, validation, and penetration testing. We have a full lab ready to perform.

Charles Parker, II; Principal Scientist; MBA/MSA/JD/LLM/PhD/DCS (IP)

charlesparkerii@gmail.com

810-701-5511