HSCC Publishes Privacy and Security Coordination Guide

The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, a public-private industry council of more than 400 healthcare providers, pharmaceutical and medtech companies, payers, health IT entities, and government agencies, has released a new guide for healthcare organizations to help coordinate privacy and security functions to improve efficiencies, effectiveness, and overall compliance.

The HSCC said it has found significant evidence that neither regulation nor enterprise and risk management programs are approaching privacy and security with coherent and coordinated policy and practice. Privacy roles are concerned with supporting compliance with laws, regulations, standards, and practices, monitoring internal policies and procedures, identifying gaps, and establishing new policies concerning the handling of electronic and physical healthcare data. Security roles are concerned with identifying vulnerabilities and risks and implementing technical, physical, and administrative safeguards to ensure the confidentiality, integrity, and availability of electronic healthcare data. Within the healthcare sector, privacy and security often function within separate and distinct silos, even though privacy and security have a great deal in common.

The guidance is intended to help organizations identify factors that contribute to disharmony between their privacy and security efforts. Conflicting priorities can lead to a disconnect between privacy and security, which increases organizational risk. The guidance is aimed at privacy and security officers and their teams, and others who are looking to develop best practices for their privacy and security programs and provides practical recommendations for collaborative practices to get privacy and security teams working together more proactively and cohesively.

The post HSCC Publishes Privacy and Security Coordination Guide appeared first on HIPAA Journal.

International Law Enforcement Operation Takes Down LockBit RaaS Infrastructure

The prolific LockBit ransomware-as-a-service (RaaS) group has been severely disrupted by a global law enforcement operation that has seen much of the group’s infrastructure seized, including servers, its affiliate portal, Tor sites, Stealbit data exfiltration tool, public-facing data leak site, and more than 200 cryptocurrency wallets. Two individuals who conducted attacks using LockBit ransomware have been arrested in Poland and Ukraine, and they will be extradited to the United States to face trial. The French and U.S. judicial authorities have also issued three international arrest warrants and five indictments. More than 1,000 decryption keys were obtained and a free decryptor for LockBit 3.0 has been created and made available on the No More Ransom portal. The seizure of the cryptocurrency wallets means it might be possible for victims to recover some of the ransoms they paid.

LockBit was branded the world’s most harmful cybercrime group by the UK’s National Crime Agency (NCA). The RaaS group has been active for the past four years and has targeted thousands of organizations around the world, and in Q3, 2023 alone the group added 275 new victims to its data leak site. The group has conducted many attacks on critical infrastructure entities, including healthcare organizations, and the attacks have caused billions of dollars of losses. According to the Department of Justice, the group conducted attacks on more than 2,000 victims, issued ransom demands of hundreds of millions of dollars, and had been paid at least $120 million.

Law enforcement agencies in 10 countries participated in “Operation Cronos,” which was headed by the NCA and coordinated by Europol and Eurojust. The operation commenced in April 2022 and has resulted in 34 servers being taken down in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States, and the United Kingdom, and more than 14,000 rogue accounts have been identified and referred for removal by law enforcement. The accounts were used by LockBit members for hosting tools and software used in attacks and for storing data stolen from victims.

The affiliate panel now displays a message for all affiliates from the NCA, FBI, Europol, and the Operation Cronos Law Enforcement Task Force. “Law enforcement has taken control of LockBit’s platform and obtained all the information on its servers. This information relates to the LockBit group and you, their affiliate. We have source code details of the victims you have attacked, the amount of money stolen, chats, and much, much more. You can thank LockBitSupp and their flawed infrastructure for this situation… we may be in touch with you very soon.”

LockBitSupp is the threat actor that controls the LockBit RaaS operation, with the LockBitSupp persona believed to be run by one or two individuals. The Russian-speaking threat actor claimed that the law enforcement operation exploited a critical PHP vulnerability, CVE-2023-3824, that was first disclosed in August 2023. The vulnerability leads to a stack buffer overflow, potential memory corruption, and remote code execution.

The takedown of the group’s infrastructure is significant and the extent of the data breach will be of concern to affiliates of the group, especially those that reside in locations where they can be reached by law enforcement. It is unlikely, however, that the core members of the group will be brought to justice as they are believed to reside in Russia. They may choose to rebuild and return with a new operation, as ransomware groups typically do following law enforcement disruption.

“A vast amount of data gathered throughout the investigation is now in the possession of law enforcement,” explained Europol. “This data will be used to support ongoing international operational activities focused on targeting the leaders of this group, as well as developers, affiliates, infrastructure and criminal assets linked to these criminal activities.”

The U.S. Department of State is also offering a reward of up to $15 million via the Transnational Organized Crime Rewards Program for anyone with information about LockBit associates, including a reward of up to $10 million for information leading to the identification or location of any individual who holds a leadership role in the LockBit operation, and a reward offer of up to $5 million for information that leads to the arrest and/or conviction of any individual conspiring to participate in or attempting to participate in LockBit ransomware activities.

The post International Law Enforcement Operation Takes Down LockBit RaaS Infrastructure appeared first on HIPAA Journal.