A group of health clinics in the Fresno area that belongs to United Health Centers were hit by a ransomware attack. Not only did the attack render data unavailable, but some documents were also leaked online, exposing PHI and PII of patients and personnel. Under HIPAA and state laws, healthcare data breaches have to be reported, which was not the immediate case of this attack. In response, the State Attorney General sent a notice to industry organizations reminding them of the disclosure regulations. Not only should healthcare providers have a strong security defensive posture, but they should also make sure that they comply with federal and state regulations, especially in cases of data exposure.
BlackMatter is a ransomware-as-a-service (Raas) tool that allows cybercriminals to deploy this ransomware suite in exchange for a piece of the ransom, which then goes back to the original developers. It’s important to note the actions recommended to protect against ransomware attacks in general: having a thorough backup policy, implementing transversal monitoring, using MFA (multi-factor authentication), and training personnel to be aware of phishing attacks and the importance of having unique and strong passwords for each account.
OTPs (One-Time Passwords) can be seen as a good solution to mitigate password spraying attacks in the case of users reusing passwords. But in this case, a group of Italian users of the famous cryptocurrency site, Coinbase, were lured into giving their temporary passwords to the attackers, which allowed them to access the victims’ accounts. Organizations should invest in training their personnel to be alert and know how to detect phishing attacks. More advanced, personalized, and creative techniques to lure users are seen every day, so companies should continually remind employees about the dangers of it.
PAX, a company that manufactures point-of-sale terminals, is being investigated over security concerns with their devices. A client of those terminals detected that the terminals were connecting to unspecified internet websites, which the company didn’t clarify. The FBI joined the investigation in PAX offices in the United States to try to identify the source of these connections. An important part of the internal security policy process is vetting your company’s providers in terms of cybersecurity since, nowadays, supply chain attacks are on the rise.