Top Stories
CommonSpirit Hospital Chain Grappling With Ransomware Attack
One of the largest hospital operators in the U.S. is wrestling with downed systems and disruptions to patient care at hospitals in several states following a ransomware attack last week.
CommonSpirit's Ransomware Incident Taking Toll on Patients
Loss of IT systems is more than an inconvenience: Their absence has delayed surgeries and in one Iowa hospital led to a toddler receiving an accidental megadose of painkillers.
Hospital Chain's Patient Portals, Other IT Still Offline
Patient portals, electronic prescriptions and some other IT systems are still unavailable at an undisclosed number of locations in the CommonSpirit Health network, the largest Catholic health system and the second-largest nonprofit hospital chain in the United States. It consists of 1,500 healthcare medical clinics and hospitals across 21 states.
Breaches
United Health Centers of the San Joaquin Valley Reaches Proposed Data Breach Settlement
Some information was compromised as a result of the event, including Social Security numbers, diagnosis codes, provider and facility names, patient reference numbers, medication information, driver’s license and passport information, and care plan and allergy information.
Cancer Testing, Diagnostics Lab Suffers Phishing Attack, 244K Impacted
On July 8, CSI discovered that an employee email account had been compromised.
Security
Biden Administration Ramps Up Cybersecurity Requirements
The Department of Health and Human Services is looking into cybersecurity standards for hospitals.
VMware vCenter Server bug disclosed last year still not patched
VMware informed customers today that vCenter Server 8.0 (the latest version) is still waiting for a patch to address a high-severity privilege escalation vulnerability disclosed in November 2021.
CISA releases open-source 'RedEye' C2 log visualization tool
The U.S. Cybersecurity and Infrastructure Security (CISA) agency has announced RedEye, an open-source analytic tool for operators to visualize and report command and control (C2) activity.
Europe
RansomExx Leaks 52GB of Barcelona Health Centers' Data
A ransomware gang says it published information including medical test results and identity cards stolen from a Barcelona hospital system that serves more than 1 million patients each year.
Dutch court fines Florida-based company 75K euros for webcam monitoring
The Netherlands resident who worked for Chetu's Rijswijk branch said the company’s screen-sharing and webcam workday requirements were “an invasion” of privacy and violated data privacy regulations. “Instruction to leave the camera on is contrary to the employee’s right to respect for his private life,” the court said.
Misc
KnowBe4 Agrees to Vista Equity's $4.6B Take-Private Deal
The agreement comes after the Austin, Texas-based global investment giant upped its offer by $380 million, or nearly 4%, to $24.90 per share. Vista Equity first disclosed Sept. 19 a nonbinding proposal to purchase the 90.65% of outstanding KnowBe4 shares it doesn't currently own for $24 each, and the two sides agreed to move forward with the acquisition just 23 days later.
Former Doctor Pleads Guilty to HIPAA Charges in Fraud Case
The indictment, along with an updated narrative of events by prosecutors, portrays a nearly two-year effort by Alario and pharmaceutical salesmen Keith Ritson to funnel patients into prescriptions for compound pills fulfilled by Louisiana pharmacy Central Rexall Drugs.