Why Healthcare Security Matters

Over 100 dental practices of Colosseum Dental Benelux closed in the Netherlands after cyberattack.
RTL Nieuws - in Dutch
https://www.rtlnieuws.nl/economie/b...100-tandartspraktijken-dicht-door-cyberaanval

With some comment by Dave Maasland, CEO Eset NL

 

They payed the ransom, several Dutch sites are saying, for example security.nl:
https://www.security.nl/posting/764...taalt criminelen losgeld na ransomware-aanval
and their own site:
https://www.colosseumdental.nl/mededeling-cyberincident/
.....

 

"Hackers have laid siege to U.S. health care and a tiny HHS office is buckling under the pressure

With a dearth of resources, the Office for Civil Rights is struggling with an overflowing caseload...

...the Department of Health and Human Services’ Office for Civil Rights, which is tasked with investigating breaches, helping health care organizations bolster their defenses, and fining them for lax security, is poorly positioned to help. That’s because it has a dual mission — both to enforce the federal health privacy law known as HIPAA and to help the organizations protect themselves — and Congress has given it few resources to do the job...

Due to its shoestring budget, the Office for Civil Rights has fewer investigators than many local police departments..."

https://www.politico.com/news/2022/...gency-is-buckling-under-the-pressure-00053941

 

"$10 million reward: Iranian nationals accused of planning cyberattack on Boston Children’s Hospital

The Federal Bureau of Investigation has indicted three Iranian nationals — and is offering a $10 million award for information that’ll lead to their arrest — in connection with an alleged planned cyberattack on Boston Children’s Hospital..."

https://www.masslive.com/police-fir...cyberattack-on-boston-childrens-hospital.html

 

Follow-up from post by Ron
FDA - Medtronic MiniMed 600 Series Insulin Pump System Potential Cybersecurity Risk - 20 Sep 2022
https://www.fda.gov/medical-devices/digital-health-center-excellence/cybersecurity

This: "the pump’s communication protocol could be compromised, which may cause the pump to deliver too much or too little insulin"

 

CommonSpirit cyberattack spurs IT outages at hospitals across US

A cyberattack deployed against CommonSpirit has led to IT outages at hospitals across the U.S.

...the cyber incident indeed struck CommonSpirit: the second-largest nonprofit hospital chain in the country. CommonSpirit operates more than 700 care sites and 142 hospitals in 21 states.

https://www.scmagazine.com/analysis...t-outages-at-chi-memorial-hospitals-across-us

 

"Ransomware attack delays patient care at hospitals across the U.S.

One of the largest hospital chains in the U.S. was hit with a suspected ransomware cyberattack this week, leading to delayed surgeries, hold ups in patient care and rescheduled doctor appointments across the country.

CommonSpirit Health, ranked as the fourth-largest health system in the country by Becker’s Hospital Review, said Tuesday that it had experienced “an IT security issue” that forced it to take certain systems offline..."

https://www.nbcnews.com/tech/security/ransomware-attack-delays-patient-care-hospitals-us-rcna50919

So maybe the death penalty or a life-term without parole for hackers targeting health systems and devices would be an appropriate penalty/deterrent.

 

"Fears over 'biggest medical cyber-attack in history': IT system that holds hospital records of 20million Americans is hit...

The medical records of up to 20million Americans may have been leaked in what could turn out to be the biggest medical cyberattack in US history.

CommonSpirit Health — the fourth largest health system in the country — was the target of a major IT ransomware attack this week..."

https://www.dailymail.co.uk/health/...ords-20million-Americans-hit-cyberattack.html

 

"Health insurer Medibank becomes the latest victim of cyberattack

Medibank, the health company providing private health insurance and health services to over 3.9 million people in Australia has been hit by a cyberattack.

The incident came to light after the company reported that it had detected some unusual activity on its network..."

https://www.neowin.net/news/health-insurer-medibank-becomes-the-latest-victim-of-cyberattack/

 

"Hackers who seized thousands of Aussies' private data during huge Medibank hack demand a RANSOM – as ministers warn the cyber attack is 'significant'...

Hackers who claim to be behind a cyber attack on one of Australia's largest private health insurers, Medibank Private, have threatened to release customers' private information..."

https://www.dailymail.co.uk/news/ar...Hackers-make-ransom-demand-customer-data.html

 

"Medibank: Disturbing details emerge about hacker stealing 200GB of data – including info about visits to the doctor

Experts say Medibank breach 'very serious' as hackers confirmed to be genuine

Hackers claim to have stolen 200GB of personal data from Aussie health insurer

Medibank said it had received a sample of customer records from the 'criminal'

It includes data such as doctors visits and codes relating to patients' diagnosis..."

https://www.dailymail.co.uk/news/ar...B-personal-data-including-doctors-visits.html

 

"Medibank is hit by ANOTHER damning blow as it's revealed the private health insurer had ZERO cyber insurance...

Medibank faces costs of up to $30million after it was revealed it had no insurance to protect itself from a cyber attack that
affected almost four million customers.

The private health insurer's market value plummeted by around $1.7billion on Wednesday as Russian hackers threatened to expose the health records and other sensitive data of millions of Australians..."

https://www.dailymail.co.uk/news/ar...tock-price-plummets-zero-cyber-insurance.html

 

Health informatics startup Truveta unveils search engine to probe data from 70M patients by Charlotte Schubert

 

Dutch Hospital (UMCG Hospital in Groningen) under DDoS Attack
Many articles on Dutch websites about this today.

In English:
"Pro-Russian hackers bring down website of Dutch hospital"
https://www.dutchnews.nl/news/2023/01/pro-russian-hackers-bring-down-website-of-dutch-hospital/

Just only two articles in Dutch:
https://www.security.nl/posting/783...ntrum Groningen onbereikbaar door ddos-aanval
https://nos.nl/artikel/2461833-pro-...hebben-het-gemunt-op-nederlandse-ziekenhuizen