phone : 281-443-2996

104 Lockhaven Dr. | Houston, TX 77073-5500

Windows 7, Cybersecurity & Data Breaches

HIPAA & Cybersecurity Update

  • On January 14, 2020, Microsoft will stop supporting Windows 7, which will impact many medical devices still in use that run on this OS:
    • Customer could face constant attacks of hackers
    • Cyber firm Forescout reports that 59% of medical devices run on Windows and 71% of those run on unsupported operating systems like Windows 7.
  • 10 largest breaches in 2019:
    • Quest Diagnostics = 11.9 million patients
    • Laboratory Corp. = 7.7 million patients
    • Clinical Pathology Laboratories = 2.2 million patients
    • Inmediata Health Group = 1.5 million patients
    • Oregon Department of Human Services = 645,000 patients in one attack and 350,000 patients in separate incident
    • Women’s Care Florida = 528,188 people
    • Navicent Health = 278,016 patients
    • Zoll Medical = 277,319 patients
    • Blue Cross Blue Shield of Michigan = 270,000 patients
  • UpGuard Research reports that iPR Software misconfigured a Amazon S3 database – inadvertently exposing customer info for big-name brands like Xerox, CenturyLink, GE, Dunkin’ Donuts, Forever 21 and more:
    • details of 477,000 clients’ media contacts, business entity account information, 35,000 hashed user passwords, assorted documents and administrative system credentials.
  • Emsisoft Security reported that it found a bug in the decryptor of one of the most prolific ransomware variants, Ryuk
    • causes some data loss and or corruption when victims attempt to decrypt and restore file access – even if the victim paid the ransom
  • Hackensack Meridian Health of New Jersey was reportedly hit by ransomware, and staff was forced to use paper records, causing delays in care
    • Exposed an unknown number of patients’ PHI
  • KeyWe Smart Lock reported that a discovered security vulnerability allows hackers to unlock homeowners’ door locks
  • Researchers from University of Birmingham, England announced that it discovered a vulnerability that allows hackers to target Intel processors utilizes CPU voltage modifications to expose data stored using Intel’s Secure Guard Extensions (SGX)
    • Called “Plundervolt” and tracked as CVE-2019-11157
    • Intel has issued firmware updates to address the flaw
    • modifying the voltage when the processor operates at a certain frequency would result in errors.
  • Microsoft released patch to fix a total of 36 vulnerabilities, including a Windows zero-day that has been exploited in attacks alongside a Chrome zero-day.
  • Wyoming Medical Center of Casper, Wyoming notified an unknown number of patients that their PHI was exposed during ransomware attack.
  • Blackberry Cylance is reporting that a new form of ransomware designed to attack the healthcare industry, called Zeppelin, and being sold on the Dark Web.
    • Appears to have been designed in Russia
  • Cancer Center of Hawaii notified an unknown number of patients that their PHI was exposed after ransomware attack.
  • Katherine Shaw Bethea Hospital of Dixon, Illinois notified 1,400 patients that their PHI was exposed after email phishing attack.
  • Sunrise Community Health of Evans, Colorado notified an unknown number of patients that their PHI was exposed after email phishing attack.
  • The City of Newnan, Georgia notified an unknown number of citizens that their info may have been exposed during recent hacking incident.
  • The City of Pascagoula, Mississippi notified an unknown number of citizens that their info may have been exposed after a ransomware attack.
  • Korunda Medical Clinic of Naples, Florida was ordered to pay $85,000 fine for violating HIPAA rules regarding sharing PHI with patient in a timely manner.
  • Shakespeare Theatre of New Jersey notified an unknown number of customers that their info was exposed due to a ransomware attack.
  • The Town of East Greenwich in Rhode Island notified an unknown number of citizens that their info may have been exposed during ransomware attack.
  • The State of South Carolina notified an unknown number of citizens that their info was exposed when a subcontractor, Spartan Technology, inadvertently made the info available on a publicly accessible website.
  • Zuckerberg San Francisco General Hospital of California notified an unknown number of patients that their PHI may have been exposed after paper records were put into regular garbage, instead of shredding.
  • Cheyenne Regional Medical Center of Wyoming notified an unknown number of patients that their PHI was exposed after email phishing attack.
  • Elizabeth Family Health of Elizabeth, Colorado notified 28,375 patients that their PHI was exposed after server backup tapes were stolen.
  • Healthcare Administrative Partners of Media, PA notified 17,693 patients that their PHI was exposed after email phishing attack.
  • Southeastern Minnesota Oral & Maxillofacial Surgery notified 80,000 patients that their PHI was exposed after ransomware attack.
  • Kalispell Regional Healthcare of Montana notified 130,00 patients that their PHI was exposed after email phishing attack.
  • The City of Pensacola in Florida notified an unknown number of citizens that their info was exposed after cyberattack.
  • Michael J. Hall of Miami, Florida was ordered to pay $10,000 fine for allegedly posting details of former patient on Yelp.
  • Banner Health, headquartered in Phoenix, AZ, agreed to pay $6 million to settle lawsuit filed after 2.9 million patients had their PHI exposed after hospital’s cafeteria cash registers were hacked.
  • Sunapee Middle High School of Sunapee, New Hampshire notified an unknown number of students that their info may have been exposed after ransomware attack.
  • NYC Health+Hospitals of New York reported that it is investigating whether an employee illegally accessed PHI and how much was exposed.
Share this post