phone : 281-443-2996

104 Lockhaven Dr. | Houston, TX 77073-5500

HIPAA & Cybersecurity Update

HIPAA & Cybersecurity Update

  • Walmart was sued for allegedly violating California’s new data breach law, in regards to lack of proper security with a large amount of customers have their info exposed.
  • Walmart notified an unknown number of pharmacy customers that their PHI was exposed after several of its California stores were looted by rioters.
  • Garmin, headquartered in Olathe, KS, announced it was hit by ransomware, which may expose info of customers of its smartwatches and wearables.
  • ForgeRock 2020 Consumer Identity Breach Report:
    • healthcare accounts for 51% of data breaches in 2020
      • cost the healthcare industry nearly $18 billion
      • each breached record costing about $429
    • second most breached vertical proved to be banking/insurance/financial at 12%.
  • Malwarebytes Security published report on malware:
    • AveMaria is remote access Trojan available for purchase on Dark Web for $23/month
    • NetWiredRC malware is used by Iranian sponsored hackers
    • LokiBot uses stenography to hide malicious code inside images
    • AZORult is being used in COVID-19 themed attacks
    • Danabot has been used in malicious PowerPoint presentations
  • US HealthCenter, headquartered in St. Thiensville, Wisconsin, notified an unknown number of patients that their PHI may have been exposed after email phishing attack.
  • Carbon Black Security reports that the Dark Web now has sites selling tax information of people in the U.S., charging anywhere from $50 to $10,000 for content lists.
  • Positive Technologies reports that 34% of all cyberattacks are ransomware driven during last 90 days.
  • VPNMentor reported that a group of free VPN apps exposed the private data of millions of users, after more than a terabyte of info was left open on the Internet.
  • Tencent is reporting that hackers have created “BadPower” malware, that can infect the firmware of fast chargers (used by owners of laptops, smartphones, etc.) and cause them to overheat, melt components and even set devices on fire.
  • Skybox Security report claims a 73% increase in new types of file-encryption malware/ransomware.
  • Diebold Nixdorf is warning users of its ATM machines that criminals are stealing money by connecting a black box to a USB port hidden behind the front of the machine.
  • Federal judge approved a $117.5 million deal to resolve a lawsuit filed against Yahoo Corp. over a data breach that exposed info on 194 million users
    • The law firm who was class counsel received $23 million for their efforts
  • S. officials ordered the Chinese government to close a consulate office in Houston, TX claiming that it had people inside stealing intellectual property from unnamed companies and organizations in the U.S.
  • Li Xiaoyu and Dong Jiazhi of China were both accused by US Department of Justice of working with Chinese government to hacking into organizations worldwide to steal COVID-19 vaccine information.
  • Joshua Polloso Epifaniou was extradited from the country of Cyprus to the U.S. to face charges of implementing ransomware attacks on organizations in Arizona and Georgia
  • Montana Veterans Affairs Health Care System, headquartered in Fort Harrison, MT notified 1,501 patients that their PHI was exposed after malware attack.
  • Lorien Health Services, headquartered in Ellicott City, MD, notified 47,754 patients that their PHI was exposed after ransomware attack.
  • Smartwatch and wearables maker Garmin, headquartered in Olathe, Kansas, has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems.
  • First American Financial Corp., headquartered in Santa Ana, CA, is being charged by the New York State Department of Financial Services regarding a breach that exposed 885 million records.
  • Metropolitan Community Health Services/Agape Health Services of Washington, NC, has agreed to pay $25,000 to feds to settle HIPAA fines regarding breach of 1,263 patients’ PHI
  • CSO (chief security officer) magazine published article about threat of hackers using RDP (MS Windows remote desktop protocol) to hack into systems
    • Hijack attempts involve attacker “resuming” disconnected RDP session
    • Hacker can get into device or system without having to steal the user’s credentials
  • Skybox Security published report on discovered security vulnerabilities:
    • First half of 2020 say a 34% increase in security vulnerability reports
    • Expected to reach 20,000 published vulnerabilities by end of 2020
    • (this includes vulnerabilities found in printers and MFPs)
  • CaptainU, an online high school recruitment data, headquartered in Denver, CO, announced that its database has inadvertently exposed the info on nearly 1 million students across the U.S.
  • University of Utah Health in Salt Lake City reported third reported email hack of the system this year affected the information of 10,000 patients’ PHI
  • Gulf Coast Cath Lab of Port Arthur, TX, notified an unknown number of patients that their PHI was exposed after email phishing attack.
  • Wall Street Journal published report:
    • 80% now view ransomware as a high risk
    • Less than 2/3’s of companies have a cybersecurity program
    • 72% have identified critical data assets
    • 45% of smaller companies do not test for email phishing attacks
    • 90% of attacks start with email phishing or social media attack
    • Ransomware causes an average of 121 days of downtime
    • Average ransomware payment in 2020 is $250,000
    • Cost of cyber attack averages $8500 per hour
  • The Cooke County Sheriff’s Office in Texas notified an unknown number of citizens and employees that their info may have been exposed after data breach
  • GreatHorn published results of survey that shows 36% of respondents say they are seeing email threats coming into their inboxes every day.
  • Barracuda and UC Berkeley published study which found that just over a third of hacked corporate email accounts sustained attacks for more than a week, during which time attackers would monitor how the organization did business so that they could launch subsequent phishing attacks.
  • CouchSurfing, an online service that lets users find free lodgings, is investigating a security breach after hackers began selling the details of 17 million users on Telegram channels and hacking forums.
  • Ruhr University Bochum of Germany research shows that 15 out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents.
  • The National Cyber Security Centre of England research shows that more than 70% of sports institutions worldwide have been the victim of some kind of attempted cyberattack or hacking incident over the past 12 months.
  • Cisco published results of security survey:
    • 77% use over 25 disparate security tools
    • 79% say it is challenging to orchestrate security alerts
    • 69% say 2 or 3 people are involved in a security incident
Share this post