The American Hospital Association (AHA) along with the Health Information Sharing and Analysis Center (Health-ISAC) released a cybersecurity alert concerning three vulnerabilities identified in the SimpleHelp Remote Monitoring and Management (RMM) software that are thought to be actively exploited. Healthcare providers were instructed to implement patches for the vulnerabilities immediately. Researchers at Horizon3 identified the […] The post Three Vulnerabilities in SimpleHelp Remote Access Software Identified appeared first on ComplianceJunction ..read more

Threat actors are actively exploiting a critical vulnerability found in Cleo file-transfer software. Vulnerability CVE-2024-50623 is thought to be a patched vulnerability. In the past, it permits file uploads and downloads without restriction. Dangerous file types were also impacted. If the vulnerability is exploited successfully, the result could be remote code execution. The vulnerability impacts […] The post Active Exploitation Alert on a Critical Vulnerability in Cleo File-Transfer Software appeared first on ComplianceJunction ..read more

Corvus released its 2024 Q3 Cyber Threat Report, which revealed that the number of ransomware attacks increased for Q3 of 2024 with 0.72% increase in the number of new victims added to data leak websites compared to the last quarter. In Q3 of 2024, Corvus found 1,257 new victims added to data leak sites, which […] The post Unsecured and Obsolete VPNs Targeted by Ransomware Groups appeared first on ComplianceJunction ..read more

The lack of HIPAA cybersecurity training at a NY-based home health company has contributed to the company being fined $350,000 by the NY State Attorney General as part of a wide-ranging settlement agreement that includes a thorough overhaul of the company’s security and cybersecurity training measures. In January 2021, an employee of Personal Touch Holding Corporation (PTHC) – a Long Island, NY-based home health company – opened a malware-infested Excel file attached to a phishing email. The malware allowed a remote actor to take control of the employee’s unsecured laptop and unprotected emai ..read more

The significance consumers place on the privacy and security of their health information has been reviewed in a recent nCipher Security survey. The survey i question was aimed at 1,300 U.S. consumers and looked into attitudes toward online privacy, the sharing of sensitive information, and data violations. The survey showed consumers are much more worried about their financial data being hacked than their health information. 42% of those questioned said their biggest cybersecurity concern was their financial information being illegally obtained, as opposed to 14% whose main worry was the thef ..read more

Ransomware and other destructive cyberattacks on healthcare delivery organizations (HDOs) can cripple IT systems, prevent access to protected health information, and often see appointments cancelled and patients redirected to other healthcare facilities. The disruption caused and lack of access to patient data can impact patient safety, and while there have been no reported cases in the United States of patients dying as a direct result of a ransomware attack, it is only a matter of time before attacks directly cause fatalities. Recently, a study was conducted to explore the impact ransomware ..read more

The Department of Health and Human Services’ cybersecurity department, the Health Sector Cybersecurity Coordination Center (HC3), has issued a warning to organizations in the health and public health sector alerting them to an elevated risk of BlackMatter ransomware attacks. BlackMatter is a new ransomware-as-a-service (RaaS) operation that appeared in July 2021, shortly after the DarkSide ransomware gang closed down its operation following the high-profile ransomware attack on Colonial Pipeline. BlackMatter is regarded by many cybersecurity experts as the successor to DarkSide. The threat ac ..read more

In most organizations, the recommended practices for password creation involve setting a unique password for all accounts, making sure the password is as random as possible – combining upper- and lower-case letters, numbers and special characters – is at least 8 characters long, and does not contain dictionary words. The theory is that, by incorporating a range of character formats and avoiding dictionary words, passwords will be strong enough to resist brute force attacks by cybercriminals attempting to hack login credentials. Cybercriminals use lists of dictionary words and passwords compro ..read more

The average cost of a data breach has increased 10% year-over-year, according to the IBM Security 2021 Cost of a Data Breach Report. Data breach costs have reached record levels and are higher than at any other point in the past 17 years that IBM Security has been analyzing data breach costs. The average cost of a data breach has increased from $3.86 million last year to $4.24 million in 2021, with healthcare data breaches the most expensive, costing an average of $9.23 million to resolve. The average healthcare data breach cost has increased by more than $2 million year-over-year. The data f ..read more

Four new zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 have been discovered by the U.S. National Security Agency (NSA). These versions of Microsoft Exchange Server must be patched as soon as possible to avoid the possibility of the vulnerabilities being targeted by cybercriminals. A directive has already been released by the Cybersecurity and Infrastructure Security Agency (CISA) for all federal bodies to patch all vulnerable on-premises Exchange Servers no later than 12.01 AM on Friday April 16, 2021 due to the high risk of the weaknesses being targeted ..read more