Medical Web Experts Security Bulletin: November 2021

Pablo Bullian

Pablo Bullian

Posted on November 09, 2021

PHI Leaked Due to Fresno’s Health Network Hack

A group of health clinics in the Fresno area that belongs to United Health Centers were hit by a ransomware attack. Not only did the attack render data unavailable, but some documents were also leaked online, exposing PHI and PII of patients and personnel. Under HIPAA and state laws, healthcare data breaches have to be reported, which was not the immediate case of this attack. In response, the State Attorney General sent a notice to industry organizations reminding them of the disclosure regulations. Not only should healthcare providers have a strong security defensive posture, but they should also make sure that they comply with federal and state regulations, especially in cases of data exposure.

CISA, FBI, and NSA Joint Advisory on BlackMatter Ransomware

BlackMatter is a ransomware-as-a-service (Raas) tool that allows cybercriminals to deploy this ransomware suite in exchange for a piece of the ransom, which then goes back to the original developers. It’s important to note the actions recommended to protect against ransomware attacks in general: having a thorough backup policy, implementing transversal monitoring, using MFA (multi-factor authentication), and training personnel to be aware of phishing attacks and the importance of having unique and strong passwords for each account.

One-Time Passwords Phishing Campaign Hits Hundreds of Users

OTPs (One-Time Passwords) can be seen as a good solution to mitigate password spraying attacks in the case of users reusing passwords. But in this case, a group of Italian users of the famous cryptocurrency site, Coinbase, were lured into giving their temporary passwords to the attackers, which allowed them to access the victims’ accounts. Organizations should invest in training their personnel to be alert and know how to detect phishing attacks. More advanced, personalized, and creative techniques to lure users are seen every day, so companies should continually remind employees about the dangers of it.

Payment Processing Terminals May Be Tied to Hacks

PAX, a company that manufactures point-of-sale terminals, is being investigated over security concerns with their devices. A client of those terminals detected that the terminals were connecting to unspecified internet websites, which the company didn’t clarify. The FBI joined the investigation in PAX offices in the United States to try to identify the source of these connections. An important part of the internal security policy process is vetting your company’s providers in terms of cybersecurity since, nowadays, supply chain attacks are on the rise.

Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Bridge’s HIPAA-compliant hosting infrastructure. He is an Amazon Web Services (AWS) Certified Solutions Architect, Certified Information Systems Security Professional (CISSP), and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about alll things related to cybersecurity and cloud hosting.

Related Posts

Illustration of three cell phones, each with a different screen pertaining to a lab portal.

Posted on November 03, 2021 by Paul Galbraith

Anyone offering laboratory testing services to physicians or directly to patients should offer a modern patient-facing lab portal that incorporates key features and is aligned with the principles of the…Read more

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Posted on October 06, 2021 by Pablo Bullian

Walgreens’ Poor Security Measures Exposed Patient Data and Covid-19 Test Results Patients who got a Covid-19 test at Walgreens, possibly as far back as July 2020, were vulnerable to data…Read more

Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.