Top Stories
Leveraging HITRUST to Demonstrate Adherence with OCR Recognized Security Practices Guidance - HITRUST Alliance
HITRUST announces support for organizations seeking to demonstrate the use of Recognized Security Practices (RSPs) as defined in the 2021 HITECH ACT and in alignment with recent guidance from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) through the HITRUST CSF, Assurance Program, and Risk-based, Two-year (r2) Validated Assessment.
Breaches
Ransomware gang threatens to release stolen Medibank data
A ransomware gang that some believe is a relaunch of REvil and others track as BlogXX has claimed responsibility for last month's ransomware attack against Australian health insurance provider Medibank Private Limited.
Medibank Says No to Paying Hacker's Extortion Demand
Medibank released a statement explaining that it believes a payout could "encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm's way by making Australia a bigger target."
Hacker releases Australian health insurer's customer data | AP News
Client data from Medibank, Australia’s largest health insurer, was released by an extortionist on Wednesday, including details of HIV diagnoses and drug abuse treatments, after the company refused to pay a ransom for the personal records of almost 10 million current and former customers.
Medibank: Hackers release abortion data after stealing Australian medical records - BBC News
It follows Medibank's refusal to pay a ransom for the data, supported by the Australian government.
Aveanna Healthcare Data Breach Could Cost Firm More Than $1M
A Georgia-based home healthcare and hospice provider will pay nearly $500,000 to the state of Massachusetts to end state litigation tied to a data breach affecting nearly 170,000 patients.
Security
Are Your Passwords in the Green?
It would take 11 trillion years to crack an 18-character password that combines numbers and upper- and lower-case letters by brute force computing, according to cybersecurity company Hive Systems LLC.
Most EHRs Back Online at CommonSpirit Health Following Ransomware Attack
CommonSpirit Health informed patients that the majority of impacted hospitals and clinics across the health system once again have access to their EHR systems following an October ransomware attack that had varying impacts across a variety of facilities.
Reported Ransomware Incidents, Costs Soared in 2021, Treasury Says - WSJ
U.S. banks flagged ransomware-related transactions adding up to more than $1 billion in 2021, the Treasury Department said, although risk experts said that barely scratches the surface of cybercrime’s true economic scale.
Europe
HSE cyberattack: More than 100,000 people whose personal data stolen to be contacted – The Irish Times
The HSE plans to notify more than 100,000 people who had their personal data stolen during the incident. The attack and recovery have so far cost the HSE more than 100 million euros, or about $100.1 million.
Misc
U.S. cyber regulations could be "credit positive" for companies in 2023: Moody's
U.S. efforts to crack down on ransomware and mandate companies report cyber incidents could end up being a "credit positive" next year, according to Moody's 2023 cyber outlook shared first with Axios.
Red Cross Wants Digital Symbols to Deter Hackers From Healthcare Institutions - WSJ
The emblem wouldn’t provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers, but it would signal to hackers that a cyberattack on those protected networks during an armed conflict would violate international humanitarian law, experts say, Tilman Rodenhäuser, a legal adviser to the International Committee of the Red Cross, said at a panel discussion hosted by the organization on Thursday.