Researchers at McAfee uncovered a hack that allows attackers to take control of B. Braun infusion pumps, which are used in hospitals around the world. The attack requires physical network access to gain access to the SpaceStation, which could manage one or more pumps through one of its network-exposed endpoints. This could potentially lead to disastrous situations wherein patients are over-administered, or not administered, the drugs they need. The FDA is already reviewing this with McAfee as well as the provider in order to patch the vulnerabilities.
The OnePercent ransomware group, which is linked to use of the legitimate security tool Cobalt Strike for malicious purposes, is one of the largest hacking groups attacking US companies since November of last year. The FBI released a list of indicators of compromise, as well as some mitigation measures (which we’ve already recommended implementing in past security bulletins!) – such as maintaining offsite or offline backups, patching servers, periodically reviewing administrator account actions and privileges, and educating the workforce about phishing and the threats it poses.
T-Mobile confirmed that an attack was made on their infrastructure. Though they didn’t confirm in their official release whether personal data was exposed, news outlet Motherboard reviewed some leaked data on the dark web and confirmed that personal data of clients was being sold. Telecommunications infrastructure has been a prime target for state-backed hacking groups in the past few years, as has healthcare – so it’s important to have a good security strategy in place, as well as controls to match your organization’s needs.
A healthcare organization from Ohio, and another from Nevada, have been hit by ransomware in recent months. One of these organizations was in negotiations with the hacking group to recover its information after the attack. Experts followed the trail to the dark web, where they found some of the information being leaked, including individuals’ names, addresses, dates of birth, Social Security numbers, and clinical information (such as history, diagnoses, and test results).
Ransomware is a complex threat that requires the full attention of your organization’s IT security experts. Keeping offsite backups and disaster recovery sites can ensure operational continuity in the event of an attack.