Number of patient records breached nearly triples in 2019

Number of patient records breached nearly triples in 2019

There continues to be at least one health data breach per day, a trend Protenus first reported in 2016. (weerapatkiatdumrong/iStockPhoto)

Over 41 million patient records were breached in 2019, with a single hacking incident affecting close to 21 million records.

Healthcare data breaches in 2019 almost tripled those the healthcare industry experienced in 2018 when 15 million patient records were affected by breach incidents, according to a report from Protenus and DataBreaches.net.

Protenus, a healthcare compliance analytics firm, analyzed data breach incidents disclosed to the U.S. Department of Health and Human Services or the media during 2019.

New White Paper

Fuel Top Line Growth Across All Lines of Business

Read the latest white paper on how health plans can empower brokers, sales, and marketing teams to increase acquisition and retention rates to achieve their 2020 revenue goals.

There also has been an alarming increase in the number of breaches of patient privacy since 2016. Four years ago, there were 450 security incidents involving patient data, and that jumped to 572 incidents in 2019.

RELATED: Healthcare data breaches cost an average $6.5M: report

This number is likely to be a huge underestimate, as two of the incidents for which there were no data affected 500 dental practices and clinics and could affect significant volumes of patient records, Protenus reported.

There continues to be at least one health data breach per day, a trend Protenus first reported in 2016.

Here are three major cybersecurity trends Protenus found:

1. Hacking incidents surge

It appears hacking incidents, particularly ransomware incidents, are on the rise—hacking was the cause of 58% of the total number of breaches in 2019, impacting 36.9 million patient records

And one disturbing trend: Hackers are getting more creative in how they exploit healthcare organizations and patients alike.

In 2019, there were incidents of hackers attempting to extort money from patients whose records were exposed, not just the affected healthcare organization. In one incident in Florida, hackers sent ransom demands to a number of the affected patients, “threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met,” Protenus reported.

2. One massive data breach

The single largest privacy incident reported last year was a massive security breach at American Medical Collection Agency (AMCA), a third-party billing collections firm. At least four clinical labs, including Quest Diagnostics and LabCorp, were impacted by AMCA’s security breach which, to date, exposed the sensitive data of 21 million patients.

The breach was discovered when analysts discovered patient information including dates of birth, social security numbers and physical addresses, for sale on the dark web, according to Protenus.

RELATED: Clinical Pathology Laboratories the latest company impacted by massive AMCA breach

In the aftermath of the breach, AMCA’s parent company, Retrieval-Masters Creditors Bureau, voluntarily filed for Chapter 11 bankruptcy protection in the Southern District of New York in June.

3. Staff members pose major security risk

Staff members inside healthcare organizations were responsible for breaching 3.8 million patient records in 2019, up from 2.8 million records in 2018.

The report characterized insider incidents as either human error or insider wrongdoing, which includes employee theft of information, snooping in patient files and other cases where employees appeared to have knowingly violated the law.

As one example, the report highlighted an incident where a nurse is suspected of gaining access to patient information and providing the data to a third-party for fraudulent purposes. It is estimated that 16,542 patients could have been affected over the course of almost two years before discovery. The investigation is still ongoing.

Phishing attacks also continue to plague healthcare. Hospital employee education and training to detect and not fall victim to such attacks are imperative to get ahead of the hacking incidents, the report said.

“Hackers are also using credential-stuffing attacks, making it increasingly important to train employees not to reuse passwords across work settings and personal accounts,” Protenus wrote.

Source: Number of patient records breached nearly triples in 2019

Operations at U.S. Natural Gas Facilities Disrupted by Ransomware Attack

Operations at U.S. Natural Gas Facilities Disrupted by Ransomware Attack

A ransomware infection at a natural gas compression facility in the United States resulted in a two-day operational shutdown of an entire pipeline asset, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) revealed on Tuesday.

The targeted organization has not been named and it’s unclear exactly when the incident occured. According to CISA, the cyberattack affected control and communication assets on the victim’s operational technology (OT) network.

A compression facility helps transport natural gas from one location to another through a pipeline. Natural gas needs to be highly pressurized during transportation, and compression facilities along the pipeline help ensure that it remains pressurized.Natural gas compression facility hit by ransomware

The agency said the attackers used spear-phishing to gain initial access to the facility’s IT network, after which they managed to make their way to the OT network. The hackers then deployed commodity ransomware that encrypted files to Windows machines on both the IT and OT networks.

This led to a disruption of human-machine interfaces (HMIs), data historians, and polling servers, which were no longer able to process data from low-level industrial control systems (ICS). Human operators could no longer monitor processes, but CISA said the attack did not affect programmable logic controllers (PLCs) and the targeted organization never lost control of operations.

Nevertheless, the victim decided to respond to the attack by shutting down operations. While the ransomware only directly affected one facility, other compression facilities were also forced to suspend operations due to pipeline transmission dependencies. CISA said the incident resulted in an operational shutdown of the entire pipeline asset for roughly two days.

Learn More About Attacks on Critical Infrastructure at SecurityWeek’s 2020 ICS Cyber Security Conference

“The victim was able to obtain replacement equipment and load last-known-good configurations to facilitate the recovery process,” the agency said in its alert.

According to CISA, the victim had an emergency response plan in place, but it focused on physical safety and it did not specifically cover cyberattacks.

“Consequently, emergency response exercises also failed to provide employees with decision-making experience in dealing with cyberattacks,” CISA said. “The victim cited gaps in cybersecurity knowledge and the wide range of possible scenarios as reasons for failing to adequately incorporate cybersecurity into emergency response planning.”

The agency published an alert to warn gas and other critical infrastructure operators about the risk of cyberattacks, and provide recommendations for mitigating the threat.

Source: Operations at U.S. Natural Gas Facilities Disrupted by Ransomware Attack

Threat Intelligence Company Sixgill Raises $15 Million

Threat Intelligence Company Sixgill Raises $15 Million

Cyber-threat intelligence company Sixgill this week announced the closing of a $15 million funding round.

Founded in 2014, the Israel-based company leverages automation to help Fortune 500 companies, financial institutions, governments, and law enforcement agencies stay protected from cyber-threats lurking on the dark web.

The new funding, Sixgill says, will be invested in expanding its global operations and strengthening core products to support its growing portfolio.

Specifically, the company will use the funding to increase its presence in North America, EMEA and APAC by growing its customer base.

Furthermore, it plans on investing in improving its Automated, Actionable Intelligence (A2I) solution and Dynamic CVE Rating.

The funding round was led by Sonae IM and REV Venture Partners and also saw participation from Our Crowd and from previous investors Elron and Terra Venture Partners.

Sixgill told SecurityWeek that this was its first institutional round, but described it as more of a Series A1 round. The company said it previously raised $1 million in a pre-seed funding round and another $5 million in a seed round in 2016.

“Sixgill uses advanced automation and artificial intelligence technologies to provide accurate, contextual intelligence to customers. The market has made it clear that Sixgill has built a powerful real-time engine for more effective handling of the rapidly expanding threat landscape; this investment will position us for significant growth and expansion in 2020,” said Sharon Wagner, CEO of Sixgill.

Source: Threat Intelligence Company Sixgill Raises $15 Million

White House Claims Huawei Equipment Has Backdoor for Spying

White House Claims Huawei Equipment Has Backdoor for Spying

The Chinese company Huawei can secretly tap into communications through the networking equipment it sells globally, a U.S. official charged as the White House stepped up efforts to persuade allies to ban the gear from next-generation cellular networks.

The U.S. national security adviser, Robert O’Brien, made the statement at an Atlantic Council forum on Tuesday evening after The Wall Street Journal quoted him as saying Huawei can “access sensitive and personal information” in systems it sells and maintains globally. O’Brien did not provide any evidence to support the claim.

U.S. officials have long argued that Huawei is duty-bound by Chinese law to spy on behalf of the country’s ruling Communist Party. Huawei denies that claim and issued a statement Wednesday saying the company “has never and will never covertly access telecom networks, nor do we have the capability to do so.”

Related: Huawei and Supply Chain Security – The Great Geopolitical Debate

The Trump administration has been lobbying for more than a year to persuade allies to exclude Huawei equipment from their next-generation cellular networks, known as 5G.

Britain and the European Union have declined to impose an outright ban, however. London has prohibited Huawei from supplying equipment used in the core of its 5G network but not the periphery. The EU last month unveiled security guidelines that, similar to measures already in place in Britain, are aimed at reducing cybersecurity risks.

Independent cybersecurity experts say the intelligence services of global powers including the United States routinely exploit vulnerabilities in networking equipment — regardless of the manufacturer — for espionage purposes.

The United States and other countries require that so-called “lawful intercept” capabilities be built into networks, though the equipment manufacturers are not supposed to have secret access to them.

Many analysts consider Washington’s intense anti-Huawei lobbying efforts as much about seeking global technological dominance as deterring Chinese cyber-espionage, which is already rampant and equipment agnostic.

They also note that the NSA has previously infiltrated Huawei equipment — as well as network devices of other manufacturers — as detailed in documents disclosed in 2013 by former NSA contractor Edward Snowden.

Source: White House Claims Huawei Equipment Has Backdoor for Spying

Tool monitors flu mutations in real time

Tool monitors flu mutations in real time

A new tool can monitor influenza A virus mutations in real time, researchers report.

The tool could help virologists learn how to stop viruses from replicating, according to the new study.

The gold nanoparticle-based probe measures viral RNA in live influenza A cells. It is the first time in virology that experts have used imaging tools with gold nanoparticles to monitor mutations in influenza, with unparalleled sensitivity.

“Our probe will provide important insight on the cellular features that lead a cell to produce abnormally high numbers of viral offspring and on possible conditions that favor stopping viral replication,” says senior author Laura Fabris, an associate professor in the materials science and engineering department in the School of Engineering at Rutgers University-New Brunswick.

Viral infections are a leading cause of illness and deaths. The new coronavirus, for example, has led to more than 24,000 confirmed cases globally, including more than 3,200 severe ones and nearly 500 deaths as of February 5, according to a World Health Organization report.

Influenza A, a highly contagious virus that arises every year, is concerning due to the unpredictable effectiveness of its vaccine. Influenza A mutates rapidly, growing resistant to drugs and vaccines as it replicates.

The new study highlights a promising new tool for virologists to study the behavior of influenza A, as well as any other RNA viruses, in host cells and to identify the external conditions or cell properties affecting them.

Until now, studying mutations in cells has required destroying them to extract their contents. The new tool enables analysis without killing cells, allowing researchers to get snapshots of viral replication as it occurs.

Next steps include studying multiple segments of viral RNA and monitoring the influenza A virus in animals.

Additional researchers from Rutgers and the University of Illinois at Urbana Champaign contributed to the study, which appears in the Journal of Physical Chemistry.

Source: Rutgers University

The post Tool monitors flu mutations in real time appeared first on Futurity.

Source: Tool monitors flu mutations in real time