Apparent BlackCat Ransomware Attack Shows Risks to Healthcare Sector, Vendors
Ransomware attacks against major electronic medical record companies are clear, demonstrating the vulnerability of the healthcare sector to devastating cyberattacks.
A cyber incident hit NextGen Healthcare last week. This appears to have been done at the hands of the ransomware group the Department of Health and Human Services warned of earlier this month.
The company said nothing about patient or employee data, but said the hackers did not appear to have obtained client data. One BlackCat posted a sample of alleged NextGen information on an extortion site. This is typically used to extort victims to pay or risk further exposure, but has since taken down NextGen’s listings.
But the NextGen incident will eventually unfold, highlighting a trend of attacks against major vendors and healthcare systems.
What happened (according to sources)
Founded in 1974 and based in Atlanta, NextGen Healthcare has 2,800 employees and reported revenue of approximately $600 million in 2022. The company says it provides software and technology services in “ambulatory” environments, a term that ranges from doctors’ offices to outpatient clinics. Worldwide, he has assisted over 2,500 medical institutions.
Here is what NextGen told the press in response to an inquiry about the list of BlackCat extortion sites:
- “NextGen Healthcare is aware of this allegation and has been working with leading cybersecurity experts to investigate and remediate. We quickly contained the threat, secured our network and returned to normal operations.” Our forensic review is ongoing and to date we have found no evidence of client data being accessed or exfiltrated.The privacy and security of customer information is of utmost importance to us.”
The statement is silent on whether patient or employee data was affected. Databreaches.net It pointed out. A company spokesperson did not respond to questions about these elements of Sunday’s incident. And alleged spokesperson for BlackCat (also known as ALPHV) refused to provide further evidence Get client data.
It’s not uncommon for companies to find out later that a breach was more widespread than originally thought. It’s also not uncommon for cybercriminals to lie about the type of data they steal or boast that they stole something they never stole.
BlackCat is a “relatively new but very potent ransomware threat to the healthcare sector.” This isn’t the first time U.S. officials have issued warnings about the group, according to an HHS threat briefing dated Jan. 12.
- HHS calls this the “triple extortion” group, featuring data exfiltration threats from ransomware attacks and distributed denial-of-service attacks aimed at taking websites offline.
- It is associated with notorious old Russian ransomware gangs such as Darkside/Black Matter and REvil.
- The group does not “attack state-run medical institutions, ambulances and hospitals,” but says that “this rule does not apply to pharmaceutical companies or private clinics.” HHS notes that ransomware gangs frequently break these promises.
- According to HHS, BlackCat has a preference for US targets, which is not uncommon for ransomware gangs, many of which are believed to be based in Eastern Europe.
Ransomware poses a serious risk to healthcare organizations and can lead to patient deaths. North Korean and Iranian hackers have shown particular interest in pursuing attacks in this area.
Companies that are vendors of other companies are a great way for ransomware gangs and other cybercriminals to expand their reach. Notable incidents include:
- In 2021, REvil compromised software systems developed by Kaseya, impacting between 800 and 1,500 companies, estimated by Kaseya.
- Suspicious Russian hackers accessed SolarWinds software as a means of gaining access to US government agencies, government agencies around the world, and major technology companies.
- In the healthcare sector in particular, last summer’s ransomware incident in the UK impacted service providers and caused problems for the country’s National Health Service.
Whatever the outcome of the NextGen incident, this is one episode of the start of a tumultuous 2023 for ransomware. This year saw the usual series of attacks and data breaches, but also an unusual reversal.
- British restaurants such as KFC, Pizza Hut and Taco Bell have been forced to close after a ransomware attack on parent company Yum!, the company said Wednesday.
- The Los Angeles Unified School District admitted earlier this month that ransomware hackers stole an employee’s Social Security number.
- On New Year’s Eve, the LockBit Gang apologized for its affiliates’ hacking of a Canadian children’s hospital, Provided decryption tools to hospitals Unlock the system.
- A study by blockchain analytics firm Chainalysis released over the weekend suggested that ransomware payments will decline in 2022. This is due to more victims refusing to demand ransom from the crooks holding the network hostage. However, ransomware criminals continue to use cryptocurrencies, contributing to illicit cryptocurrency activity that reached record highs last year, the company concluded in a separate report earlier this year.
Cybercriminals steal more than $500,000 from Republican Senate campaign committees
They stole the money after sending bogus bills to Congressional Moran, the senator’s campaign committee. Jerry Moran (R-Kan.), raw storyReported by Dave Levinthal of . The commission recovered about a quarter of his stolen funds, $690,000, according to Federal Election Commission filings.
“Cybercriminals targeted an accounting firm employed by Moran For Kansas and the money was transferred to fraudulent bank accounts,” said a Moran for Kansas spokesperson. Tom Blunt I emailed Raw Story. “As soon as the discrepancy was discovered, it was reported to law enforcement. We are currently pursuing all available avenues to recover the money and an investigation with the FBI is ongoing. We have also consulted with the FEC on how to report fraudulent spending transparently.”
Cybercriminals also target other political campaigns. “It is the president who joined Moran among politicians at the federal level and has experienced theft from campaign accounts in recent years. Joe BidenThat 2020 Democratic presidential election committee lost at least $71,000,” Levinthal wrote. “Member of the Republican National Committee. Diana Hershberger (Republican-Tennessee), former Democratic presidential candidate and congressman Tulsi Gabbard and rapper-turned-2020 presidential candidate Ye, former Kanye West, among others who reported money stolen from political accounts. ”
T-Mobile Hacked — Again
According to T-Mobile, hackers stole the names, addresses, emails, phone numbers, dates of birth, account numbers and other information of 37 million customers. TechCrunchReported by Lorenzo Franceschi-Bicchierai of It’s the eighth time since 2018 that a phone company with 110 million customers has been hacked.
“While the investigation is still ongoing, at this time the malicious activity appears to be fully contained and there is currently no evidence that a malicious individual has penetrated or compromised our systems or networks.” And the company filed with the Securities and Exchange Commission.
A company spokesperson did not respond to TechCrunch’s request for comment.
Hackers find confidential US no-fly list on public servers
swiss hacker Maia Arson Climb I found a list on a server operated by a US regional airline that included people who were not allowed to enter or fly to the US. daily dotMikael Thalen and David Covucci of .
“The server contained data from the 2019 version of the federal no-fly list, including first names and dates of birth,” CommuteAir spokesman Erik Kane told the Daily Dot. We have access to the CommuteAir employee and flight information, and we have filed a notice with the Cybersecurity and Infrastructure Security Agency, which is continuing a full investigation.”
The Transportation Security Administration told the Daily Dot that it is “aware of a potential cybersecurity incident involving CommuteAir and is working with federal partners to investigate it.”
US law enforcement has long been aware of the hacker Klimeu. In 2021, a grand jury indicted Klimeu, accusing hackers of infiltrating “dozens of companies and government agencies.” Crimew was also a member of the hacker group that broke into security camera company Verkada.
Hackers broke into LAUSD computers much earlier than previously known, district study finds (Los Angeles Times)
Riot Games Hacked, Delayed Game Patch After Security Breach (Bleeping Computer)
ODIN Intelligence hack exposes massive police raid files (TechCrunch)
Most GAO cyber advisories since 2010 remain unresolved (NextGov)
- jack cable When Lauren Xavierek Joined the Cybersecurity and Infrastructure Security Agency as Senior Technical Advisor and Senior Policy Advisor.
- CIA Deputy Director for Analysis Linda Weisgold I will be speaking at an event hosted by the Intelligence and National Security Alliance on Tuesday at 9am.
thank you for reading. see you tomorrow.
