Top Stories
Evil Corp Targets US Health Sector
Evil Corp is a Russian-based cybercrime group that has been active in various forms since 2007. This year, Evil Corp has been quite busy and been in the headlines for using LockBit ransomware, attacking Japanese technology company Olympus, and attacking school districts.
Last week, the Health Sector Cybersecurity Coordination Center (HC3) issued a threat profile about Evil Corp warning that the prolific group could threaten healthcare cybersecurity. The State Department and FBI have a standing offer of $5 million for information leading to the arrest and conviction of their leader, Maksim Yakubets, which is the largest reward for a cybercriminal ever offered.
Breaches
134K Common Ground plan members added to vendor's ransomware fallout | SC Media
Common Ground Healthcare Cooperative recently informed 133,714 plan members that their data was likely accessed during a hacking incident and subsequent ransomware attack of its mailing vendor, OneTouchPoint.
OTP previously issued a notice on behalf of 30 health plans as impacting 1.07 million individuals. The patients from CGHC and the separate notice from Aetna ACE in Connecticut for 326,278 members brings the total OTP breach tally to over 1.53 million affected individuals.
Printing Vendor's Breach Tally Soars to Nearly 2.7 Million
An updated data breach report shows a printing and mailing vendor's original estimate of the number of individuals affected by an apparent ransomware attack was inaccurate by more than 100%, and the new total nearly reaches 2.7 million.
Humana, Cotiviti Reach Settlement Over Insider Data Breach
Humana and Cotiviti reached a proposed settlement in a class-action lawsuit over an insider data breach that occurred in 2020. Settlement members are entitled to file claims for up to $250 for ordinary damages, and up to $5,000 for extraordinary damages.
Medical billing service in Florida one of the latest victims of ransomware attacks
Add NCG Medical to business associates who a ransomware attack has compromised. The medical billing service in Florida was added to the Hive ransomware group’s leak site on August 31, with Hive claiming that they encrypted NCG’s files on August 19.
CorrectHealth Suffers Email Account Data Breach, 54K Impacted
Georgia-based CorrectHealth (CH), which provides healthcare to individuals inside correctional facilities, reported a data breach to the Maine Attorney General’s Office that impacted 54,000 individuals.
Security
Ex-Employee Alleges Health Entity Neglected Security
Avamere failed to take steps to secure personally identifiable information and protected health information, such as encrypting data; monitoring systems; applying security updates and software patches; practicing the principle of least privilege; avoiding the use of domainwide, admin-level service accounts; and properly training employees, including on the handling of inbound email, the lawsuit alleges.
Misc
How Google Cloud, Microsoft and AWS are trying to fix cyber insurance with data
The cloud hyperscalers say that with data on the security of customer configurations, cyber insurers can gain more confidence in writing policies. Customers, meanwhile, can benefit from cheaper pricing and broader coverage.
Hackers have laid siege to U.S. health care and a tiny HHS office is buckling under the pressure - POLITICO
With a dearth of resources, the Office for Civil Rights is struggling with an overflowing caseload.