Healthcare Data Breaches at Fairchild Medical Center, Harvard Pilgrim Health Care, and Indian Health Council Inc.

Fairchild Medical Center based in Yreka, CA, began sending notifications to some patients about the potential access of some of their protected health information (PHI) by unauthorized individuals online.

In July 2020, a third-party security company informed Fairchild Medical Center regarding a misconfigured server, which made it accessible over the web. With the help of third-party computer specialists, the medical center learned that unauthorized people may have gotten access to patient information.

The server held medical images with patient names, birth dates, exam identification numbers, patient identification numbers, names of ordering provider, and dates of exam. The misconfiguration happened on December 16, 2015 and was only corrected on July 31, 2020. A third-party security firm verified the security of the server after making necessary changes.

A forensic investigation couldn’t ensure whether unauthorized persons accessed patient data when the server was accessible, but the possibility couldn’t be excluded.

Mismailing Incident Reported by Harvard Pilgrim Health Care

Harvard Pilgrim Health Care is sending a notification to 8,022 persons regarding a software error in its enrollment data management system. The error caused the association of a person’s mailing address with another address connected to the health plan of that person. Because of the error, a number of mailings were misdirected to the address of a subscriber of the individual’s health plan or to a previous address. Harvard Pilgrim Health Care traced back the problem to an error that happened in 2013.

The types of information that may have been breached varied from mailing to mailing and possibly included the name of the member, ID number, birth date, telephone number, provider names, service dates, treatment details, deductibles, charges for services, co-pay amount, and co-insurance data associated to healthcare coverage.

The problem has now been solved and the procedure of system updates has been evaluated and enhanced. Affected people were instructed to verify their Activity Summaries and to submit a report on any dubious entries to Harvard Pilgrim right away.

Indian Health Council Inc Encounters Ransomware Attack

A ransomware attack on Indian Health Council Inc. based in Valley Center, CA occurred in September 2020 resulting in file encryption that possibly impacted patients’ PHI. Indian Health Council knew about the cyberattack on September 22, 2020 and hired independent computer forensic professionals to assist with the investigation.

An evaluation of the files the attacker had access to revealed that some had patient data included like names, dates of birth, health data, and health insurance details and, for certain persons, data about medical conditions, treatment, or diagnosis details.

Following the ransomware attack, Indian Health Council Inc changed passwords and strengthened security to avoid other attacks. It also enforced additional measures or controls like remote access and multi-factor authentication.

All patients affected by the breach already received notification. The breach report filed with the Office for Civil Rights indicates that the attack potentially impacted 5,769 people.

Ransomware Attack with Data Theft on US Fertility

A ransomware attack on US Fertility (USF) on September 14, 2020 impacted parts of its computer networks and included systems where sensitive protected health information (PHI) is located. US Fertility is the biggest network of fertility centers throughout the United States, operating 55 clinics in 10 states. About 50 percent of its clinics are identified to have been impacted by the attack.

US Fertility reacted promptly to the attack and confirmed the encryption of data on several of its servers and workstations linked to its website. Those systems were taken off the internet right away while investigating the attack. Third-party security and computer forensic professionals came in to help investigate the incident and retrieve data on the impacted workstations and servers. According to USF, it was able to fix all impacted devices and had them connected again to the system on September 20, 2020. USF has reported the attack to federal law enforcement and is helping with the continuing investigation.

After the completion of the forensic investigation, USF confirmed that the attackers stole data. On August 12, 2020, the attackers first acquired access to the network and continued to access it possibly until September 14, 2020 when USF discovered the attack. A review of the system to identify all the files the attackers had access to was concluded on November 13.

USF stated that the unidentified threat actors potentially accessed files that contain names, addresses, birth dates, Social Security numbers and
MPI numbers. The types of information compromised differed from one person to another. The majority of patients had not exposed their Social Security numbers.

Although USF confirmed that there was data theft, no report of PHI misuse was received. Nevertheless, USF notified the affected persons to keep an eye on their accounts and submit a report if they suspect any misuse of protected health information.

USF already took the following steps to strengthen security after the ransomware attack:

  • strengthened its firewall
  • improved tracking of networking activities
  • provided additional training to employees regarding computer security
  • data safety, and identifying phishing emails

Cyberattacks Impact Hendrick Health, First Impressions Orthodontics and Kids First Dentistry & Orthodontics

Hendrick Health EHR Downtime As a Result of Ransomware Attack

The IT and EHR systems of Hendrick Health in Texas were taken offline to address the threat of a cyberattack. The ransomware attack on November 9, 2020 affected some Hendrick Health’s clinics and the main campus medical center. The ransomware attack did not impact Hendrick Health’s medical center in the South and Brownwood.

Hendrick Health reported that despite the cyberattack, patient care was not affected. The medical center continued to offer inpatient services; although, a few patients had to be diverted to other campuses to receive medical care. There were also some changes made to the schedule of outpatient services.

Hendrick Health is working round the clock to fix all its systems. In the meantime, medical center staff had to record patient data manually using pen and paper.

PHI of 28,000 Dental Patients Potentially Compromised

The protected health information (PHI) of 23,000 patients of First Impressions Orthodontics is potentially compromised due to a September 28, 2020 ransomware attack.

First Impressions Orthodontics creates data backups regularly and keeps it safe. So patient data may be brought back without having to pay the ransom. Aside from the 23,000 First Impressions Orthodontics patients, the breach also impacted 5,000 Kids First Dentistry & Orthodontics patients
who go to First Impressions Orthodontics to get their x-rays.

The types of data possibly breached included names, addresses, email addresses, phone numbers, Social Security numbers, dental files, dental x-rays, service charge amounts, dental insurance numbers, and payments made for services. Compromised x-ray images contained patients’ names, birth dates, and insurance details.

First Impressions Orthodontics sent notifications to the affected persons to comply with the requirement of the HIPAA breach notification rules. Though no evidence shows that data was accessed, stolen, or misused, as a safety measure, affected patients received complimentary two-years credit monitoring and identity theft protection services.

Survey Reveals the Cybersecurity Impact of COVID-19 to Organizations That Switch to a Remote Working Environment

Before the 2019 Novel Coronavirus pandemic, a lot of companies granted their employees to work from home on some weeks. With COVID-19, the way people work dramatically changed. National lockdowns forced employers to speedily change working tactics and permitted practically all their employees to work from home.

Even when the lockdowns were removed, a lot of employees went on working from home. The new work from home setup is regarded by many people as the new normal now. Remote working has produced a lot of challenges, particularly for cybersecurity because it is more difficult for organizations to stop, identify, and restrict cyberattacks when most of the employees are doing remote work.

Ponemon Institute conducted a new survey on behalf of Keeper Security to examine the cybersecurity obstacles of teleworking and assess how organizations have taken cybersecurity strategies to tackle the threats of teleworking. 2,215 IT and IT security experts participated in the survey.

One of the important discoveries from the survey is a significant reduction in the effectiveness of an organization’s security posture because of remote working. 71% of the participants rated their security defenses as very or highly effective prior to the pandemic. Only 44% rated their defenses as highly effective during the COVID pandemic.

The survey revealed a number of reasons for the observed drop in the effectiveness of those security defenses. When people work on-site, there are physical security measures that prevent equipment and data theft. 47% of survey participants said that employees’ homes lack physical security.

71% of IT experts stated that remote employees were additional risks to the data breach of an organization. 57% stated that remote employees are a primary target for cybercriminals trying to take advantage of vulnerabilities.

Remote employees must use business-critical applications. 59% of the survey participants said that remote access to those apps is higher at this time of the pandemic. Normally, organizations have got 51 business-critical apps and employees remotely access 56% of those apps.

56% of respondents said that the response time to a cyberattack is longer during the pandemic. The problem is 42% of respondents claimed they lack understanding of the proper way to protect against cyberattacks with lots of remote employees.

A big increase in using personal devices is observed because of the pandemic, and BYOD systems have lowered the security posture of organizations. 67% of survey participants stated that during the pandemic, remote employees were utilizing personal devices like mobile phones, which are mostly vulnerable devices.

If intrusion detection systems were effective in an office-based setup, it’s less effective with teleworking. 51% of respondents claimed that their intrusion detection systems stopped an exploit or malware infection during the pandemic. 61% stated they suffered a cyberattack using phishing and social engineering tactics during the pandemic.

In spite of the threat of cyberattacks, 31% of companies said they have no multi-factor authentication in place for remote workers. Just 43% offer security awareness training to deal with the problems of remote working. Just 47% are keeping track of their systems 24/7. Below 50% of respondents safeguard company-owned devices with updated anti-virus, gadget encryption, and firewalls. When these security problems are not dealt with, organizations will be at a far higher risk of encountering a cyberattack that could end up with a costly data breach. The complete details of the survey are on this page.

Vulnerabilities Discovered in SpaceCom and B. Braun OnlineSuite

Vulnerabilities in SpaceCom and Battery Pack SP with Wi-Fi

There were 11 vulnerabilities found in SpaceCom Patient Data Management System (in PC or USB memory stick} and Battery Pack with WiFi. These products are employed to hook up external devices for the purpose of documenting information.

The vulnerabilities were found in SpaceCom, software program Versions U61 and prior versions as well as Battery pack with Wi-Fi, software Versions U61 and prior versions.

An attacker can exploit the vulnerabilities and compromise the safety of SpaceCom devices. With elevated privileges, an attacker can view sensitive data, upload arbitrary data files, and wirelessly execute code. These are the 11 vulnerabilities:

1. CVE-2020-25158 (CVSS score of 7.6) – Mirrored cross-site scripting (XSS) vulnerability permitting injection of arbitrary HTML or web script into different areas.
2. CVE-2020-25150 (CVSS score of 7.6) -Relative path traversal attack vulnerability permitting an attacker having service user privileges to transfer arbitrary files and implement arbitrary codes.
3. CVE-2020-25162 (CVSS score of 7.5) – Path injection vulnerability enabling unauthenticated persons to view sensitive data and elevate privileges.
4. CVE-2020-25156 (CVSS score of 7.2) – Active debug code that allows attackers with cryptographic material to use the device as root.
5. CVE-2020-25160 (CVSS score of 6.8) -Incorrect access controls that permit extraction and modifying the device’s network settings.
6. CVE-2020-25166 (CVSS score of 6.8) -Incorrect validation of the cryptographic signature of software updates, which enables an attacker to create acceptable firmware updates having arbitrary material that may be utilized to tinker with devices.
7. CVE-2020-16238 (CVSS score of 6.7) – Inappropriate privilege management that allows attackers to control line access to the root Linux system, and to escalate privileges as root user.
8. CVE-2020-25152 (CVSS score of 6.5) -Session fixation vulnerability enabling web session hijacking and elevating privileges.
9. CVE-2020-25154 (CVSS score of 5.4) – Open redirect vulnerability enabling rerouting to malicious web pages.
10. CVE-2020-25164 (CVSS score of 5.1) – uses a one-way hash that permits the retrieval of user login information at the administrative interface.
11. CVE-2020-25168 (CVSS score of 3.3) – using hard-coded credentials to permit command-line access to get into the Wi-Fi module of the device.

Braun already launched updates to fix the vulnerabilities. Users need to acquire an update of the Battery Pack SP with Wi-Fi: Version U62 or more recent version and the SpaceCom: Version U62 or more recent version.

Braun additionally advises users not to make the devices directly accessible from the web and to set up a firewall and separate medical devices from the business connections.

The following persons were responsible for identifying the vulnerabilities: Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH; Julian Suleder, Birk Kauer and Nils Emmerich of ERNW Research GmbH.

Vulnerabilities Discovered in B. Braun OnlineSuite

There were three vulnerabilities found in B. Braun OnlineSuite, which is a clinical IT service for making and delivering drug libraries and handling infusion devices and various medical accessories. If an attacker exploits the vulnerability, it’s possible to increase privileges, upload and download arbitrary data files, and execute code wirelessly.

The most critical vulnerabilities with assigned CVSS v3 base scores of 8.4 to 8.6 out of 10 are the following two vulnerabilities:
1. Vulnerability CVE-2020-25174 is a remote code execution vulnerability that permits an attacker with local access to a vulnerable device to execute code like a high privileged user.
2. Vulnerability CVE-2020-25172 is a relative path traversal vulnerability that permits unauthenticated individuals to upload and downloads of files

The third vulnerability, CVE-2020-25170 is an Excel macro vulnerability found in the export feature and is attributable to the improper handling of multiple input fields, and has an assigned CVSS v3 base score of 6.9.

The abovementioned vulnerabilities are present in OnlineSuite AP 3.0 and prior versions. B.Braun has resolved the vulnerabilities in the OnlineSuite Field Service Information AIS06/20 update. Users are therefore urged to get the update without delay.

Potential Exposure of Financial Data and SSNs in Blackbaud Ransomware Attack Reported

On September 30, 2020, the SEC (U.S. Securities and Exchange Commission) received the Form 8-K filed by Blackbaud to give more information about the ransomware attack that the company encountered in May 2020. Blackbaud explained that the investigation by the forensic team revealed the possibility that more information was compromised in the attack. The attackers may have viewed the unencrypted fields that were intended for bank account details, usernames, passwords, and Social Security numbers of some clients.

For most of the Blackbaud clients affected by the attack, the data mentioned above were not compromised. The attackers could not read the sensitive information thanks to encryption. Blackbaud mentioned that it had sent notifications to all clients whose sensitive data were potentially exposed and gave them further assistance.

Blackbaud reported in the SEC filing that it had stopped the attackers from completely encrypting some files, but the attackers were able to extract a part of the data from Blackbaud’s cloud before encryption.

Blackbaud previously gave a statement that it gave the attackers their ransom demand so that the stolen data would not be exposed to the public or offered for sale. The attackers confirmed the deletion of the stolen data after receiving the ransom payment. The SEC filing did not state how much Blackbaud paid.

Blackbaud is sure that there was no data posted publicly or further compromised; even so, the risk is typical to paying hackers who stole data and encrypted records. It’s possible that they would not do as they say and kept a copy of the stolen information. Blackbaud is enforcing safety procedures and had engaged a cybersecurity agency to keep an eye on the dark web and the hacking forums for any posting of the stolen data.

On July 16, Blackbaud published notices about the data breach in compliance with the breach notification rules of the HIPAA. Throughout August and September, the number of breaches published on the HHS’ Office for Civil Rights breach portal steadily increased. Approximately 58 US healthcare companies have reported that the breach impacted them and there are more than 3 dozen breaches currently listed on the OCR breach portal.

The worst affected company thus far is Trinity Health. There were 3,320,726 individuals whose protected health information (PHI) was exposed. The PHI of 1,045,270 Inova Health System’s clients and 657,392 Northern Light Health’s clients were likewise affected by the breach. Many other healthcare organizations have stated that the breach affected many of their clients. To date, nearly 10 million individuals were affected.

Blackbaud, the security firms, and the authorities are continually investigating the breach.

Sen. Warner Wants Answers Regarding the Suspected Universal Health Services Cyber Attack

Universal Health Services has reported that its 250 hospitals within the United States are in business and trying to get an alleged person to be behind the attack that impacted its systems for 3 weeks. The attack began some time on September 27, 2020. On October 12, UHS has all its systems back online. A notice put up on its website stated the continuation of normal operations in the hospitals after the completion of the back-loading of information.

When systems were not available, physicians had to use pen and paper to be able to keep on offering treatment for patients and, in certain areas, patients had to be taken to substitute facilities to get treatment.

The health system revealed that a malware attack caused the security breach and the power down of its network; nevertheless, a number of insiders went to Reddit to speak up their concerns and said that this was a ransomware attack. Based on the information shared by those insiders, the attack looked like it involved Ryuk ransomware. The Ryuk ransomware gang are well-known to exfiltrate data files prior to deploying the ransomware; but, UHS said that there is no evidence found to show that the attackers accessed, copied or misused employee or patient data.

Sen. Mark Warner, D-VA sent a letter to the UHS Chairman and CEO Alan Miller to obtain responses to some questions regarding the attack and the security measures that were integrated to avoid and reduce the severity of a ransomware or malware attack. In his letter, Sen. Warner mentioned his major concerns regarding the security of the United Health Services’ digital medical data and breakdown of clinical healthcare functions whenever there is a cyber attack.

UHS, as one of the largest hospital operators in the United States, provides patient care to more than 3.5 million individuals each year throughout its 250 hospitals. Considering all the resources of a Fortune 500 organization that gets more than $11 billion in annual income, it is expected that the UHS’s cybersecurity posture is powerful enough to hinder major disruptions to health care treatments.

Sen. Warner asked if UHS had segmented its system to avert the horizontal movement of attackers so that a breach won’t spread to affect all facilities. Sen. Warner additionally inquired whether clinical medical equipment was separated from management systems and networks to make certain that those gadgets won’t be disrupted in the event of a cyberattack.

In light of the posts made by the UHS insiders, Sen. Warner questioned if there was any ransom payment made by UHS to decrypt files, whether any patient information became inaccessible because of the attack, and if the hackers downloaded any medical information from UHS managed facilities.

Sen. Warner is looking for answers to those and other issues concerning the UHS cybersecurity procedures in the next 2 weeks.

Data Breaches at Mayo Clinic, UMMA Community Clinic and AAA Ambulance Service

Former Mayo Clinic Employee Accessed Medical Records of 1,600 Patients Without Legit Work Reason

Mayo Clinic began sending notifications to over 1,600 patients that a former staff accessed some of their protected health information (PHI) with no authorization.

Mayo Clinic announced on August 5, 2020 that a licensed medical professional had viewed the data files of patients even though there was no valid reason. The staff was finishing his/her employment with Mayo Clinic when the provider discovered the privacy breach. The person is not working at Mayo Clinic any longer.

It is not known what is the reason for viewing the healthcare data and Mayo Clinic didn’t reveal the time when the privacy breach happened. Mayo Clinic mentioned that the records access was of restricted length of time and there is no proof found that suggests the employee printed or retained any information.

The potentially exposed data included names, birth dates, demographic data, medical record numbers, medical images, and clinical notes. There was no financial information or Social Security numbers viewed by the staff. Mayo Clinic has filed a report of the unauthorized data access to the FBI and the Rochester Police Department. Investigation of the security breach is now ongoing.

Mayo Clinic stated that the delayed sending of notifications was due to the lengthy investigation into the privacy breach. Affected persons already received notifications, however, the nature of data exposed indicates there’s no action necessary associated with the breach.

Insider Breach at UMMA Community Clinic

The Los Angeles University Muslim Medical Association (UMMA) Community Clinic learned that an ex-employee transmitted a secured file with patients’ PHI to a private email account. UMMA discovered the incident on July 1, 2020, after two days the file was emailed.

UMMA has acquired written affirmation from the ex-employee that the file was properly deleted and UMMA doesn’t know of any other data exposures or misuse.

UMMA has put in place more policies and procedures to avoid the same privacy breaches later on. It is presently obvious how many people have been impacted or the types of protected health information included in the secured document.

Attempted Ransomware Attack at AAA Ambulance Service

AAA Ambulance Service in Mississippi is informing patients regarding an attempted ransomware attack that happened sometime on July 1, 2020. Immediate action was undertaken to stop data encryption. An internal investigation was started to find out the magnitude of the data breach. With the help of third-party computer forensics specialists, AAA Ambulance Service established on August 26, 2020 the potential access or exfiltration of patient data by the attackers before the ransomware deployment.

The types of information likely exposed include patients’ names along with at least one of these data: driver’s license number, Social Security number, birth date, financial account number, diagnosis data, treatment details, patient account number, medication details, medical record number and/or medical insurance details.

There is no evidence found that suggests the misuse of patient data. However, as a safety precaution, impacted persons were offered free credit monitoring services. AAA Ambulance Service is employing more safety measures to avoid the same breaches later on.

CISA Releases Notification Because of Increased Emotet Malware Attacks

After a period of dormancy from February 2020 to July 2020, the Emotet botnet is now back and started spam runs sending the Emotet Trojan. From August 2020, attacks on local and state governments have gone up, compelling the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to give a cybersecurity warning for all industry fields.

The Emotet botnet started again its activity in July by using a huge phishing campaign sending messages along with malicious Word attachments and URLs. From then on, several spam runs were carried out which usually include over 500,000 emails. The Emotet Trojan is a harmful banking Trojan that is utilized as a downloader of other kinds of malware, remarkably the Qbot and TrickBot Trojans. The secondary payloads consequently send other malware payloads, such as Ryuk and Conti ransomware.

One infected device can quickly cause more infections throughout the network. Emotet infections of other devices happen in a worm-like manner, producing numerous copies of itself that are written to shared drives. Emotet likewise brute forces credentials and sends duplicates of itself through email. Emotet could hijack authentic email threads and put in malicious files. Considering that the emails seem like they were delivered by identified contacts in reply to earlier sent emails, there is a greater possibility of the email attachments being clicked to read.

The Trojan is constantly changing employing dynamic link libraries and frequently has new abilities included. The abilities of the Trojan make it hard to get rid of them from systems. The Trojan may be eliminated from infected systems, however, they could easily be reinfected with other infected units on the network.

The Multi-State Information Sharing & Analysis Center (MS-ISAC) and CISA were gathering information on Emotet attacks and loader downloads when botnet activity started again in July. The EINSTEIN Intrusion Detection System of CISA, which safeguards government, civilian executive branch networks, discovered about 16,000 warnings about Emotet activity beginning in July, which include potentially targeted Emoted attacks on state and local governments. Compromises were also documented in Italy, France, Canada, Japan, the Netherlands and New Zealand.

CISA looks at Emotet as among the most widespread continuing threats. The secondary malware payloads of TrickBot and Qbot are likewise considerable threats, like the ransomware payloads they transmit.

The phishing email messages employed to spread the Emotet loader are different and frequently change. COVID-19 related email messages were utilized this year together with numerous baits focused at companies. The email attachments are usually malicious Word files, though password protected zip files were used as well to avert anti-spam and anti-phishing tools. The email messages usually claim that attachments were produced on mobile gadgets and necessitate the user to allow content (and in that way enable macros) to access the files.

To avoid Emotet malware attacks, MS-ISAC and CISA suggest

  • implementing cybersecurity guidelines such as
  • implementing protocols to prohibit suspicious attachments and email attachments that can’t be checked by AV solutions for instance password-protected documents.
  • using Antivirus software program on all units and configuring updates on auto-pilot
  • suspicious IPs must be blacklisted
  • use DMARC authentication and multi-factor authentication
  • companies must stick to the principle of least privilege, by segmenting and isolating networks and turning off file and printer sharing services (when possible)

The complete list of suggested mitigations is given in the CISA advisory.

Ransomware Attack on a Clinical Trial Software Provider

Company eResearchTechnology based in Philadelphia that is selling software for clinical trials, such as the clinical trials involving Covid-19 vaccines had a ransomware attack on September 20, 2020. The attack affected a number of its clients, which include at least an organization doing Covid-19 vaccine trials. Because of the attack, some clinical trial researchers had to use pen and paper to monitor their patients. Although there was no risk to patient safety, the attack had an impact on the clinical trials and slowed down the progress.

The attack affected IQVIA, the research institution performing AstraZeneca’s Covid-19 vaccine trial. But there is no certainty yet up to what severity the attack impacted its Covid-19 vaccine trial if any. The ransomware attack also affected Bristol Myers Squibb, the company that is leading the efforts to create a rapid test for the coronavirus. The two companies mentioned that the impact was minimal because they had backup copies that could be utilized to recover data files. IQVIA released an announcement that it wasn’t aware of any confidential information associated with the clinical trials being exfiltrated before the ransomware encrypted the files.

After the attack, eResearchTechnology shut down its computer systems. Third-party cybersecurity specialists helped with the breach investigation and data restoration. The Federal Bureau of Investigation (FBI) also received notification about the attack and is investigating it. Selected systems were offline for about two weeks and were only brought back online on October 2, 2020, reported by the New York Times. The company is expecting to bring back the rest of its systems online in the next couple of days.

There is no information regarding which threat group executed the attack, the ransomware variant used, and if the company paid the ransom demand to get the keys for file decryption.

eResearchTechnology’s software program is widely employed in clinical trials. In 2019, about 75% of all clinical trials that ended in drug approvals utilized the software of eResearchTechnology.

The attack was publicized several days after Universal Health Services encountered an alleged ransomware attack that impacted all of its U.S. zones and had to shut down its systems offline and bring patients to substitute healthcare providers. Statistics from Emsisoft indicate that so far healthcare providers in the USA had at least 53 ransomware attacks in 2020. Those attacks affected over 500 hospitals and clinics.

PHI Exposed in Four Phishing Attacks

MU Health Care based in Missouri has encountered a phishing attack that resulted in the breach of a number of employee email accounts from May 4 to May 6, 2020. An investigation of the occurrence showed the compromised email accounts comprised patient data such as names, birth dates, account numbers, medical insurance details, driver’s license numbers and Social Security numbers.

MU Health Care has informed all impacted patients and has provided them free credit monitoring services. Thus far, there are no reports obtained that imply the misuse of any patient information.

The exposed email accounts held the protected health information (PHI) of 5,074 individuals.

Data Leaked After the University Hospital SunCrypt Ransomware Attack

University Hospital is a teaching hospital located in Newark, NJ that has suffered a ransomware attack. The attack in September 2020 involves the SunCrypt ransomware. Before deploying the ransomware, the attackers stole about 48,000 records, a few of which were posted on the attacker’s data leak website.

The number of patients affected by the attack is still uncertain at this point. However, the leaked information did consist of some patient records, such as names, Social Security numbers, dates of birth, driver’s license numbers, and some other information.

The attack seems to have began with a phishing email that led to the download of TrickBot Trojan and the. SunCrypt ransomware was downloaded as a secondary payload.

PHI of 4,806 Individuals Possibly Exposed in UCare Minnesota Phishing Attack

The not-for-profit health plan, UCare Minnesota, has encountered a phishing attack impacting the email accounts of a number of employees. A breach investigation was started upon discovery of suspicious network activity last April 2020. On May 4, 2020, UCare Minnesota established that an unauthorized person accessed selected email accounts. The email accounts were quickly secured and had an evaluation to know if the attackers accessed member data.

UCare Minnesota discovered on September 1, 2020 that the information in the email accounts included these personal records and PHI of 4,806 people: names, medical care provider names, diagnosis details, health insurance ID numbers, and dates of birth.

There is no evidence found that identify indicate the exfiltration or misuse of any data by the persons liable for the attack. UCare Minnesota has re-trained the workers regarding phishing attacks and has fortified email security.

Nebraska Medicine Experiences Cyberatack

Nebraska Medicine has reported that it has encountered a cyberattack that stopped accessibility to its computer networks. The cyberattack happened on September 25, 2020 and caused an outage that prompted substantial information technology system failures.

With no access to crucial IT systems, Nebraska Medicine was compelled to delay consultations for patients with elective operations or had other non-emergent medical concerns. Nebraska Medicine released an announcement on September 24 saying normal procedures would continue “in days”. The urgent room had messages and no ER patients were rerouted to elective techniques or had other non-important health concerns facilities.

It is not clear if patient records were viewed or stolen, however Nebraska Medicineconfirmed that no patient records had been deleted or destroyed and that all patient information could be reclaimed from backups.


Breach of VA Payment System Compromised Veterans’ SSNs

The U.S. Department of Veteran Affairs (VA) has encountered a data breach that affected the personal data of about 46,000 veterans.

Hackers obtained access to a web application that the VA Financial Services Center (FSC) used and tried to reroute payments made to community care providers for the veterans’ health care. The attackers used social engineering tactics and exploited authentication protocols to get access to the application and alter bank account details.

When FSC discovered the breach, the payment processing program was taken offline to stop sending any further payments. It is not clear how many payments had been sent prior to the discovery of the cyberattack. It is also not clear if the attack was discovered just in time to stop the fraudulent transfers. The FSC stated the breached payment processing program will continue to be offline until the comprehensive security review of the Office of Information Technology is done.

The primary reason for the cyberattack seems to be the re-routing of payments; nevertheless, the attackers stole the personally identifiable information and Social Security numbers of approximately 46,000 veterans and may use the information for fraudulent activities.

FSC already notified by mail all veterans who had their information potentially exposed in the attack and offered them free credit monitoring services. The veterans also received instructions on what they need to do to monitor and take action against fraudulent use of their data.

The VA’s financial services system is presently having a big update. There were a number of delays, therefore, the undertaking will probably not be complete until 2030. The FTC just released a request for information in search of cybersecurity audit services. The cybersecurity audit is meant to deal with compliance, technique, and sustainment. The audit contractor needs to present a gap analysis on the cybersecurity solutions, processes and controls that the government must use and give recommendations regarding methods to enhance visibility and incident response time that adhere to VA’s best practices.

Data Breaches at Utah Pathology Services and Valley Health Systems

Utah Pathology Services reported the unauthorized access to an employee’s email account and the attempt of the person to reroute funds from Utah Pathology. The service provider detected the breach promptly and secured the compromised email account. The attempted fraud did not succeed and did not compromise any patient information.

Third-party IT and forensic experts helped with the investigation to determine the magnitude of the breach. The investigation is not yet over, but the investigators have confirmed that the compromised email account contained the personal and protected health information (PHI) of about 112,000 patients.

It seemed that the attacker’s purpose was to redirect funds to an account controlled by the attacker and not to steal patient information. Nevertheless, it cannot be completely certain there was no data theft. Utah Pathology Services is now notifying the affected individuals about the data breach.

Aside from patient names, the compromised email account contained the following information: Gender, birth date, email address, mailing address, telephone number, medical insurance data, internal record numbers, and diagnostic details associated with  pathology services. The Social Security number of some people were also exposed.

To date, there is no evidence found that suggests the misuse of patient data, however, as a safety precaution, Utah Pathology Services offered the affected persons free membership to Cyberscout’s identity monitoring service for 12 months.

The privacy policies of Utah Pathology Services are under review. Additional required security measures will be put in place to avert other breaches later on.

Ransomware Attack on Valley Health Systems

Valley Health Systems suffered a ransomware attack on or around August 22, 2020. This healthcare provider caters to around 75,000 patients living in southeastern Ohio, southern West Virginia, and eastern Kentucky.
In this manual ransomware attack, the attacker exfiltrated data files prior to the encryption and threatened the healthcare provider to pay the ransom, otherwise the data will be published online. Some of the stolen data was published on a leak site.

Valley Health Systems did not stop providing patients with medical services while restoring its systems. A number of systems are still being restored and will be accessible online. Third-party cybersecurity professionals are helping investigate the incident and fast track recovery. shared a statement from VHS which mentioned the unfortunate reality that the threat actor disclosed some stolen information. VHS is doing everything to determine which data is at risk to protect patient data. According to, the attacker used Sodinikibi (REvil) ransomware.

VHS will take action after the complete forensic review. Affected patients will be notified accordingly. The provider already notified the FBI and is fully cooperating with the investigation of the incident.

The HHS’ Office for Civil Rights has not published the breach yet on its website. Hence, the number of affected individuals is still unclear.

Data Compromised Due to Insider Theft and Ransomware Attacks

Former Nursing Home Employee Accused of Defrauding Residents Out of $25,000

Anna Zur, 39 years old of Franklin Park, IL was a former employee in a nursing home accused of identity theft. She used the accounts of many nursing home residents for paying her bills.

Zur worked in the business office of a nursing care facility and took advantage of her data access rights and sent the personal and financial information of residents to her personal email account. She was charged with identity theft and using the residents’  accounts for buying products and services and paying her bills.

It took the Palos Heights Police Department a year to investigate cases of identity theft and fraud. After which, a warrant was issued for Zur’s arrest. On August 26, 2020, she was taken into custody. Her charges include felony counts of wire fraud and engaging in  financial crimes enterprise. There were 35 cases of identity theft linked to Zur and she was charged with defrauding people in the amount of $25,000.

Patient Data Theft Due to a Ransomware Attack on Ventura Orthopedics

A manual ransomware attack on the healthcare company Ventura Orthopedics in California resulted in the theft of patient information that was published on the internet. discovered the stolen data while investigating a new data leak site built by Conti-Ryuk ransomware operators. The stolen data was also discovered on a leak site run by the Maze ransomware operators.
The published information included the following patient information: names, birth dates, prescribed medicines, and laboratory test results. About 1,800 files were exposed online.

Ventura Orthopedics did not make any announcement about the ransomware attack as of this writing and the HHS’ Office for Civil Rights breach website has no published information yet. Hence, the number of affected persons is still uncertain at this time.

Magellan Health Ransomware Attack Impacted Comanche County Hospital Authority

Comanche County Hospital reported the compromise of the protected health information (PHI) of 1,112 persons due to a ransomware attack on Magellan Health, its pharmacy benefits vendor, last April 2020.

According to Magellan Health’s investigation, only some benefit plan members’ health data was compromised, which included names, addresses, medical insurance account details, payment, and treatment data. The Social Security numbers or financial data of plan members were not compromised.

Heritage Valley Health System Lawsuit Against Nuance Communications Dismissed

In 2019, Heritage Valley Health System based in Beaver, PA took legal action against Nuance Communications because of a NotPetya malware attack in 2017. A federal judge for the US District Court of the Western District of Pennsylvania recently dismissed the lawsuit.

The NotPetya attacks happened sometime after the 2017 WannaCry ransomware attacks and exploited the same flaws in Windows Server Message Block (SMB). The NotPetya ransomware encrypted the vulnerable computer’s master boot record making it useless. The attacks happened in June 2017, which was about three months after the release of a Microsoft patch for resolving the SMB vulnerability.

The NotPetya cyberattack on Nuance Communications resulted in the encryption of 26,000 workstations and 14,800 servers. The magnitude of the attack required the replacement of 9,000 workstations and 7,600 servers. The attack also affected Heritage Valley Health System and the investigation showed that the malware spread to its computer network through a virtual private network (VPN) link with Nuance. As soon as NotPetya was transmitted to Heritage Valley, encryption of its servers and workstations occurred making data inaccessible.

The legal case that Heritage Valley filed against Nuance alleged that the NotPetya cyber attack was the consequence of negligence, governance oversight, and bad security practices. In addition, the lawsuit alleged unjust enrichment and breach of implied contract. Because of the damaged computer systems, Heritage Valley had to put its patient care services on hold for about one week. The health system lost millions as a result of the cyberattack.

The ransomware attack could have been prevented if Nuance had applied the patch three months before the attack. The forensic investigators stated that Heritage Valley was affected because of Nuance. The dismissal of the lawsuit was because of Heritage Valley’s contract with its vendor Dictaphone Inc. signed in 2003. Nuance acquired Dictaphone in 2006.

Heritage Valley asserted that Nuance is responsible for any contractual responsibilities and tort liability stemming from the plaintiff’s utilization of products obtained from Dictaphone. Nuance must also be responsible for bad security practices and governance oversight since it had a wider obligation to avert the cyberattack.

From 2006, in addition to Dictaphone, Nuance had bought over 50 other firms and had over 150 subsidiaries. Making a meaningful integration of bought systems and proper segmentation of Nuance’s expanding worldwide network were difficult. Every acquisition and worldwide expansion increased Nuance’s exposure to cybersecurity risk. At the same time, Nuance lacks the management or resources to adequately protect its network against these risks.

In its motion to dismiss, Nuance contended that it cannot be held responsible for negligence since it wasn’t the party that signed the Master System Procurement Agreement. It was an agreement between Dictaphone and Heritage Valley and Heritage Valley bought the hardware and software program from Dictaphone in 2003. Maintenance of the hardware and software was undertaken via a private portal-to-portal system.

The judge recognized Heritage Valley’s explanation and didn’t challenge the points of the claims, however decided to exempt both Dictaphone and Nuance from product liability claims because external sources were engaged. Nuance cannot be responsible since the 2003 agreement was made between Heritage Valley and Dictaphone.

Medical Software Database Composed of 3.1 Million Patients Personal Information Disclosed Online

A database that comprises the personal information of about 3.1 million patients was exposed on the web and was later erased by the Meow bot.

Security researcher Volodymyr ‘Bob’ Diachenko identified the unsecured database on July 13, 2020. Password was not required to gain access to the database containing the patients’ names, phone numbers, email addresses, and location of treatment. Diachenko tried to find out who owns the database and knew that it was created by Adit, a medical software business. Adit offers to medical and dental practices its online booking and patient management software. Diachenko sent a message to Adit to notify it concerning the unsecured database but received no response. A few days later, Diachenko found out that the Meow bot erased the data.

In late July, the Meow bot appeared scanning the world-wide-web for unsecured databases. Security researchers including Diachenko explore the net to look for exposed data and then lets the data owners know about the unsecured information. But the Meow bot’s operation involves searching and destroying data. After locating the exposed database, the Meow bot overwrites it with non-specific numbers and adds the word “meow.”

Whoever is behind the Meow bot is unknown. The intention of the attacks is also unknown. Many threat actors find exposed databases on the web with the intention to steal or encrypt files, afterward, they extort ransom from the data owners. But the Meow bot finds and attacks exposed databases without any apparent financial reason.

There’s no certainty if the Meow bot steals information before being overwritten, but, some security researchers have stated that the goal is not data theft, but to keep cybercriminals from getting the data of individuals and/or inform data holders of their failure to secure the data or it will result in data destruction.

By erasing the database, cybercriminals won’t get the information. Nevertheless, a previous study done by Comparitech showed that malicious actors continue to scan for unsecured information and normally identify unsecured Amazon S3 buckets and Elasticsearch databases within several hours after exposure. Since the information was exposed for around 10 days before the Meow bot searched and destroyed it, several parties likely identified and acquired the information prior to deletion.

In this breach incident, there’s limited personal data exposed, but cybercriminals may still have accessed that data and used it for phishing campaigns.

657,392 Northern Light Health Foundation Donors Affected by Blackbaud Cyber Attack

The 10-hospital integrated healthcare system known as Northern Light Health Foundation, which is based in Brewer, ME, has stated that the recent ransomware attack on Blackbaud Inc. has affected its databases.

The affected databases contained the information of donors, prospective donors, and people who may have joined a fundraising event previously. Patient medical data were stored separately and were not impacted. The databases included information about 657,392 individuals.

Blackbaud based in South Carolina is one of the world’s largest providers of education, fundraising, administration, and financial management software. A firm as big as Blackbaud is clearly targeted by cybercriminals. Blackbaud mentioned it experiences hundreds of attacks per month but its cybersecurity staff efficiently defends the firm against those attacks, though in May 2020 an attack prevailed.

The ransomware attack may have been a lot worse. Blackbaud discovered the ransomware attack immediately and took action to prevent the attack. Blackbaud had stopped the ransomware from totally encrypting its records, and just a subset of the firm’s 25,000+ clients was affected. The attack failed to impact its cloud system and the bulk of its self-hosted environment was not affected.

As is right now typical in manual ransomware attacks, prior to encryption of files, the attackers exfiltrated data. Blackbaud stated in a breach notice that the attackers just copied a subset of data and did not steal highly sensitive information such as bank account information, Social Security numbers, and credit card information.

Because safeguarding customers’ information is Blackbaud’s main priority, the firm paid the cybercriminal’s ransom demand with the assurance of deleting the copied information. According to the findings of the investigation, it is thought that the cybercriminal held no information, and will not misuse, disseminate, or make it accessible to the public.

It is presently uncertain how many Blackbaud clients were impacted by the ransomware attack. Northern Light Health Foundation stated in its breach notice that it was impacted. A number of other healthcare companies in Maine stated the same. Other healthcare companies identified to have been impacted were the Cancer Research Institute based in New York City and the Prostate Cancer Foundation based in Santa Monica, CA.

The BBC states that no less than 10 universities in the UK, Canada, and the US were impacted, which includes Emerson College in Boston, Rhode Island School of Design, and Harvard University, together with charities, media companies, and a number of private-sector firms. Although the attack took place in May 2020, the affected clients did not receive notices until July 16, 2020. It is not clear why alerting the impacted clients was late, particularly considering plenty of those clients are based in the EU. The EU General Data Protection Regulation (GDPR) necessitates the sending of notices to data protection government bodies in 72 hours of a breach incident. Data controllers must likewise be informed quickly.

NIST Makes Available Final Guidance on Building Zero Trust Architecture to Enhance Cybersecurity Defenses

NIST has released the finalized copy of the zero trust architecture guidance document (SP 800-207) to enable private companies to utilize this cybersecurity principle to enhance their security position.

Zero trust is an idea that entails altering defenses from fixed, network-based perimeters to concentrate on users, materials, and resources. By using zero trust, resources and user accounts aren’t absolutely trusted according to their physical or network position or asset ownership. With the zero trust strategy, authentication and permission are discreet features that take place with subjects and devices prior to setting up a session with a business resource.

The usage of credentials for getting access to resources has been a useful security precaution to avoid unauthorized access; nonetheless, credential theft – by means of phishing campaigns for example – is currently common, thus cybersecurity defenses must change to better safeguard resources, workflows, services, and network accounts from cyberattacks.

Commonly, threat actors steal credentials and use them to obtain access to business networks unnoticed. Threat actors frequently get access to networks for a number of days, weeks, or months prior to the discovery of an attack. At this time, they can freely move laterally and exploit a whole system. The rise in remote employment, bring your own gadget initiatives and using web-based tools that aren’t based inside the traditional network border has caused the traditional perimeter-based strategy to network protection to become less efficient.

A zero trust architecture will help to resolve these problems and boost cybersecurity defenses. As per NIST, zero trust works on safeguarding resources (resources, services, workflows, system accounts, etc.), since the network position is not seen anymore as the primary aspect to the security position of the resource.

The guidance document offers an abstract description of zero trust architecture (ZTA), discusses the zero trust fundamentals and logical elements of zero trust architecture, and consists of general deployment models and utilize instances where the zero trust approach could enhance a company’s IT security standing.

NIST points out in the guidance how to merge the zero trust model with the NIST Risk Management Framework, NIST Privacy Framework, and other established federal guidance and describes how companies could more to zero trust architecture.

At first, companies ought to look to restrict resource access to people who need access in order to do their work responsibilities and to just give minimum privileges like read, write, delete. In several companies with perimeter-based security, people usually have access to a much bigger selection of resources as soon as they are verified and signed in to an internal system. The difficulty with this strategy is unauthorized lateral movement is very easy for internal or external actors by means of stolen data.

The zero trust security model assumes that an attacker is present in an environment, therefore there’s no implied trust. Business networks are viewed in a similar way as non-enterprise systems. With the zero trust strategy, organizations continuously evaluate and analyze risks to assets and company functions and then enact protections to offset those dangers.

Moving to zero trust isn’t about the extensive replacement of systems or procedures, instead, it is a journey that requires slowly bring in zero trust concepts, processes, technology options, and workflows, beginning with safeguarding the top value assets. The majority of companies will stay in a hybrid zero trust and perimeter-based setting for a while as they carry out their IT modernization strategy and completely move to zero trust architecture.

The guidance is the end result of the effort of a number of federal bureaus and was monitored by the Federal CIO Council. The guidance was created for business security architects and is additionally a helpful reference for cybersecurity professionals, network managers, and managers to obtain a greater knowledge of zero trust.

The document is downloadable at NIST.

Healthcare Data Breach Costs Increase by 10% As Per IBM Security

IBM Security just published its 2020 Cost of Data Breach Report and revealed a 1.5% cut down in expenses caused by global data breaches, from $3.92 million per breach in 2019 to $3.89 million.

There was a significant deviation in data breach costs in varied areas and industry sectors. Businesses in America encountered the largest data breach costs, having a common breach with costs at $8.64 million, higher by 5.5% from 2019.

COVID-19 Envisioned to Raise Data Breach Costs

This is IBM Security’s 15th year of doing the research. Ponemon Institute carried out the study and included facts from 524 breached institutions, and questioned 3,200 persons from 17 nations and places and 17 industries. Research for the study was performed between August 2019 and April 2020.

The study was generally performed prior to the COVID-19 outbreak, which is possible to have a consequence on data breach expenditures. To look into how COVID-19 will impact the data breach costs, the Ponemon Institute called again research contributors to question about their perspectives. 76% of research participants believed the rise in remote working would expand the time it takes to identify and control a data breach and 70% mentioned remote working could raise data breach costs. The average data breach cost increase as a result of COVID-19 was determined to be $137,000.

Healthcare Data Breaches are the Most Expensive
Healthcare data breaches were the priciest to deal with. The average expenditure of a healthcare data breach is $7.13 million around the globe and $8.6 million in the U.S.A. The total data breach cost may have dropped all over all places and industries, but healthcare data breach costs have heightened by 10.5% year-over-year.

The worldwide average cost per breached record is $146, which has gone up to $150 per breached record the moment PII was breached, then it has gone up to $175 per record the moment PII was breached due to a malicious attack.

The average days to identify and control a breach is 280 days, however, it requires 315 days to identify and resolve a malicious attack, with each one rising by 1 day beginning 2019. In the U.S.A. the average days to recognize a data breach is 186 days but 51 days to resolve the malicious attack. The healthcare sector took the most time of 236 days to recognize data breaches and control it in 93 days for 329 days in total.

The expenditures of a data breach are extended over a few years, with 61% of costs encountered in the year 1first year, 24% in the second year, and 15% in the third year and further. In seriously regulated industrial sectors like healthcare, the rates were 44% (in the first year), 32% (in the second year), and 21% (in the 3rd year).

For the third year, IBM Security computed the costs of huge data breaches – those affecting over 1 million records. The cost of a data breach affecting 1 million – 10 million records is an average of $50 million, the cost of breaches affecting 10 million – 20 million records is $176 million on average, and the cost of a breach affecting 50 million records is $392 million.

Most Prevalent Reasons for Malicious Data Breaches

19% of breaches were a result of malicious attacks and were mostly a result of wrong cloud settings and breached credentials.
16% of breaches were because of vulnerabilities in a third-party application
14% of cases were as a result of phishing
10% were because of compromises of physical security
7% were a result of malicious insiders
6% were attributable to system errors and other wrong settings
5% were caused by business email compromise attacks

Breaches associated with compromised credentials were the priciest. Breaches caused by vulnerabilities in a third-party application and cloud misconfigurations were the second most costly.

Of all the attacks, 53% were financially driven, 13% were due to nation-state hacking organizations, and 13% were a result of hacktivists. The attackers associated with 21% of the breaches were not known. Financially inspired attacks were the least pricey, having a global average cost of $4.23 million and the most pricey were attacks brought on by nation-state hackers, which cost $4.43 million on average. The average expense of a malicious attack was $4.27 million. Detrimental data breaches associating ransomware cost $4.4 million on average and detrimental malware, which includes wipers, costs $4.52 million on average.

50% of data breaches in the healthcare industry were a result of malicious attacks, 23% were caused by system glitches, and 27% were a result of human mistake.

Research Shows COVID-19 Research Organizations are At Risk to Cyberattacks

The biomedical community is spending a lot of time creating a vaccine to protect against SARS-CoV-2 and finding new cures for COVID-19. Cybercriminal groups and nation-state hackers and are focusing their campaigns against those organizations to get research information.

Lately, security agencies in Canada, the United States, and the United Kingdom published an advisory regarding the attack of Russian state-sponsored hackers on institutions engaged in COVID-19 study and vaccine creation. The security agencies discovered information that the APT29 Russian hacking group was actively scanning the external IP addresses of the organizations engaged in the COVID-19 study and vaccine development. Also, the information stated that hackers are connected with the Russian intelligence services.

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the FBI also released a joint advisory stating that the hackers associated to China were doing the same attacks on pharmaceutical firms and academic research centers to get intellectual property and sensitive information relevant to COVID-19. There were also information about hackers from Iran that carry out identical attacks.

Considering the latest attacks and targeting of research centers, BitSight carried out an investigation to assess the COVID-19 vaccine producers and biomedical firms with regards to their capability to protect their programs and information from hackers. BitSight researchers evaluated 17 firms that played a big role in COVID-19 research and development of vaccines. Those firms included small companies having less than 200 workers and big companies having over 200,000 workers.

BitSight discovered a number of security vulnerabilities that hackers could exploit to access data related to intellectual property, the vaccine and the COVID-19 study. The security vulnerabilities fall under four aspects: Open ports, web app security, unpatched vulnerabilities, and systems that were already compromised.

BitSight discovered 8 of the 17 firms had compromised systems last year and their computer systems were made part of a botnet. Seven firms had their computers included in a botnet in the last 6 months. BitSight looked for software operating on the systems not installed by the firms. Nine company systems had these Potentially Unwanted Programs (PUPs)and 8 firms had PUPS installed in the last 6 months. Five firms had computers used to send spam and the investigators discovered unsolicited messages at three firms. Compromised systems indicate the failure of the companies’ security controls and the likelihood that the companies may or were already hacked by people trying to get COVID-19 data access.

Most firms had open ports that showed insecure services online, which include 7 firms having exposed Microsoft RDP and 7 more with LDAP compromised. 5 firms had insecure MySQL, MS SQL or Postgres SQL databases and 5 more had a compromised Telnet service. The compromised Microsoft RDP was of distinct concern because hackers and ransomware groups are actively looking for compromised RDP devices.

Of the 17 firms, 14 had unpatched vulnerabilities that hackers could possibly exploit remotely. 10 firms had over 10 unpatched vulnerabilities, 6 of which had unpatched vulnerabilities with a greater than 9 CVSS score.

Web application security concerns were additionally prevalent, for example, insecure redirects from HTTPS to HTTP, a combination of secure and insecure information on websites and insecure authentication. A lot of the firms had at least one web application security problem. These security concerns put the companies in danger of cross-site scripting and man-in-the-middle attacks, which could probably allow hackers to capture sensitive information, get credentials, and compromise email systems.

Knowing about these threats, the bioscience community needs to improve its cyber vigilance. A hacker could gain access to systems with just a misconfigured software, unintentionally insecure port, or a vulnerable remote office system and get scientific data, intellectual property, and the personal information of individuals engaged in clinical trials. Companies should review basic cybersecurity hygiene procedures and find established and efficient methods to continually find and deal with risk exposure — throughout the expanded attack surface and third-party environment. This is to ensure the prioritization of remediation and life-saving science development.