Healthcare Cybersecurity

Email Spam Surged in 2016: 65% of Emails are Spam

Posted by HIPAA Journal

Email spam is seen by many as a productivity draining nuisance. It clogs inboxes and takes up precious time; although the volume of malicious spam has grown significantly in the past 12 months. Email spam remains a major security threat.

In 2010, following takedowns of botnets and arrests of key spammers, spam email volume fell. Spam email volume has since been relatively low. However, a recent analysis of email traffic by Cisco Systems has shown that spam email volume rose significantly last year.

Cisco tracked spam using opt-in customer telemetry and its data show that spam email now accounts for 65% of all emails sent. The sharp rise in email spam has been attributed to the growth of spam botnets such as Necurs. The Necurs botnet is one of the primary vectors used to deliver Locky ransomware and the Dridex banking Trojan.

The number of IP connection blocks added to the botnet increased significantly last year. Between August and October, Cisco reports a doubling of IP addresses used by the botnet, rising from around 200,000 to 400,000 IP addresses during that period.

In 2010, Cisco’s data show that around 5,000 spam emails were being sent every second. While there has been the occasional blip between then and now, spam email volume between 2010 and 2015 has remained at a level of around 1,500 spam emails per second. Last year did not see a return to 2010 levels, but spam email volume did rise to around 3,000 emails per second – Twice the volume seen in 2015.

Spam is unfortunately not just a nuisance. It is a serious security threat. The increase in email spam is not all cheap deals for watches and Viagra. There has been a sharp rise in malicious spam containing links to websites containing exploit kits and other threats, phishing email volume has increased, and there are malicious attachments aplenty.

Spam email has once again become a hugely popular attack vector for cybercriminals and it is being extensively used to spread malware, ransomware, and relieve employees of their credentials.

According to Cisco Systems, between 8% and 10% of spam emails are malicious. However, more significantly, the percentage of malicious emails has tripled over the course of last year and there is nothing to suggest that the trend will not continue in 2017.

The types of malicious attachments being sent are highly varied. Cybercriminals are experimenting with different files types to find out which are the most effective. There have been notable spikes in a wide range of malicious files in the past 12 months: HTA attachments, JavaScript files, zip files, Office documents and spreadsheets containing malicious macros, and WSF files.

Cisco systems reports two distinct tactics used by spammers: hailstorm and snowshoe campaigns. Hailstorm campaigns take advantage of the small window of opportunity between the campaign commencing and antispam solutions detecting the spammers’ malicious IP addresses. While the window may only last for seconds or minutes, during that time vast quantities of spam emails are sent. On the other hand, snowshoe campaigns involve very small quantities of spam being sent from IP addresses in an attempt to fly under the radar of antispam solutions.

With spammers’ tactics constantly evolving and malicious spam email volume increasing, healthcare organizations need to exercise caution. Antispam solutions should be deployed to reduce the risk of malicious messages being delivered to end users and CISOs should keep abreast of the latest threats. Warnings should then be issued to staff to prevent them being fooled by phishing scams and malicious messages containing ransomware/malware downloaders.

The Cisco Annual Cybersecurity Threat Report, which covers a broad range of attack vectors used by cybercriminals in 2016, can be viewed here.

The post Email Spam Surged in 2016: 65% of Emails are Spam appeared first on HIPAA Journal.

Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017

Posted by HIPAA Journal

The start of the year sees many worrying predictions made about healthcare cybersecurity and potential data breaches; however, Forrester Research has painted a particularly bleak picture for 2017. The firm expects data breaches on the scale of the 2015 Anthem Inc., cyberattack will be commonplace in 2017.

2016 saw more healthcare data breaches reported to OCR than in any other year. While the severity of those breaches was nowhere near as bad as in 2015, the same cannot be said of all industries. A report published last month by Risk Based Security shows that while the total number of data breaches – across all industries – was similar in 2016 to 2015, the severity of those data breaches was much worse. Large data breaches can be expected in 2017.

Forrester suggests that as healthcare organizations grow in size – through mergers, acquisitions and partnerships – the volume of patient data that each organization stores will increase. Large repositories of healthcare data will be seen as a major prize for cybercriminals and attacks on those large healthcare organizations can be expected.

Unfortunately, when healthcare organizations acquire other companies or merge with other healthcare firms, security becomes fragmented. Fragmented security makes it much more likely that vulnerabilities will be introduced that can be exploited by hackers.

The methods used to attack healthcare organizations are becoming more sophisticated and many traditional technologies are now becoming ineffective at preventing cyberattacks. Forrester also points out that many healthcare organizations are only improving their cybersecurity defenses to ensure compliance with the requirements of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA only requires cybersecurity defenses to be improved to ensure a minimum standard is met, not to ensure that patient data cannot be accessed by hackers.

Ensuring patient health information is safeguarded requires considerable investment in new technologies, yet the healthcare industry lags behind other industry sectors when it comes to cybersecurity defenses. Previous studies by Forrester have shown that healthcare organizations typically devote smaller percentages of their IT budgets to security.

Across all industries, the average percentage of IT budgets directed to security is 26%. For the healthcare industry it is 23%. However, the telecommunications sector devotes 35% of IT budgets to security. Forrester suggests that due to the highly sensitive nature of healthcare data and its value to cybercriminals, healthcare IT security budgets should be increased to a similar level.

In addition to a rise in massive healthcare data breaches, Forrester predicts that the number of IoT devices that are compromised will increase to more than 500,000 in 2017, leading to massive DDoS attacks even larger than those seen in the tail end of 2016.

A Fortune 1000 company failure is probable in 2017 as a direct result of a cybersecurity incident, while Forrester says President Trump will likely face a major cyber crisis in his first 100 days in office. The final prediction is a lack of cybersecurity talent will see CISOs forced to outsource as much as 25% of their security budgets to external providers of security services and automation.

The post Forrester: Anthem-Sized Healthcare Data Breaches Will Be Commonplace in 2017 appeared first on HIPAA Journal.

IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed

Posted by HIPAA Journal

Organizations around the world are taking advantage of IoT applications and mobiles to improve efficiency, yet too little is being done to ensure the applications are secure.

Organizations can benefit greatly from IoT and mobile technology, yet it is all too easy for major security risks to be introduced. Hackers are well aware of vulnerabilities in mobile and IoT applications and leverage those vulnerabilities to gain access to networks and sensitive data.

IoT infrastructure is vulnerable to attack, although the greatest risks are introduced by embedded software in gateways and the cloud. Many IT security practitioners are well aware of the security risks that can potentially be introduced, yet according to a recent survey conducted by the Ponemon Institute, little is being done to mitigate risk.

593 IT and IT security professionals were surveyed for the Arxan/IBM Security-sponsored survey, which set out to discover how companies are mitigating risk from mobile apps and IoT applications. The results of the survey are alarming. 8 out of 10 respondents said that while IoT applications are in use, their organization does not test them for security vulnerabilities. 71% or respondents said they use mobile applications that have not been subjected to vulnerability testing.

IT security professionals are aware of the risks and are concerned that vulnerabilities will be exploited. 58% of respondents said they were concerned that vulnerabilities in IoT apps would be exploited by hackers, while 53% expressed concern that mobile applications would be hacked. 75% of respondents said IoT apps increase security risk very significantly or significantly.

Malware is also a major worry. A lack of protection against mobile malware was seen as a problem by 84% of respondents, while 66% were concerned about the malware threat to IoT applications.

Part of the problem is a lack of understanding about how IoT and mobile applications should be tested. 55% of respondents said they lacked QA and testing methods for IoT applications.

In many cases, IT security professionals are unsure about how many apps are actually in use. 63% of respondents were not confident that they were aware of the mobile apps that were being used by employees, and 75% were unsure that they were aware of all the IoT apps that were being used.

The data security risks are very real. 60% of individuals surveyed claimed their organization had experienced a data breach or security issue as a result of a mobile app.

Even though there are known risks, 44% of respondents said their organization was not taking any steps to prevent an attack. Protecting these apps is simply not a priority at many organizations. Only 32% of respondents said their organization wanted to urgently secure mobile apps, while 42% said they wanted to urgently security IoT apps. Budgetary restrictions were seen as the main problem by 30% of respondents.

Larry Ponemon, chairman and co-founder of the Ponemon Institute, said “Without proper budget or oversight, these threats aren’t being taken seriously and it should come as no surprise for mobile and IoT applications to be the culprit of major data breaches to come.”

Organizational Complexity is Hindering Cybersecurity Efforts

The results of a separate study published earlier this month by the Ponemon revealed that the biggest barrier preventing adequate cybersecurity defenses from being implemented is organizational complexity.

The global Citrix-sponsored study was conducted on 4,200 IT security practitioners from Australia, Brazil, Canada, China, Germany, France, India, Japan, Korea, Mexico, New Zealand, the Netherlands, United Arab Emirates, the United Kingdom and the United States.

The survey revealed that 79% of respondents were worried about data breaches involving high-value, sensitive information. 71% of respondents said they their organization is at risk because they are unable to effectively control employee devices and apps. 74% of respondents said their organization requires a new IT security framework if they are to successfully manage risk and improve their security posture.

The biggest barrier that is preventing businesses from improving their security posture was organizational complexities. 83% of respondents said organizational complexities were hampering cybersecurity efforts. Corporate security policies are being ignored because they are hindering employees’ and preventing them from working in their preferred manner. All too often security policies have a considerable negative impact on productivity.

As employees try to get more work done, they look to go-arounds such as shadow IT and data are being stored on personal devices to speed up access. 87% of respondents said information is being placed at risk as a result of an increase in data assets.

Larry Ponemon said “The research reveals respondents’ awareness of the need to challenge the status quo of their IT security strategies and consider a new IT security architecture to safeguard their organizations from cyber risks.”

The post IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed appeared first on HIPAA Journal.

OIG: 16% Increase in Security Gaps in Medicare Contractors’ Information Security Programs

Posted by HIPAA Journal

An annual review of Medicare administrative contractors’ (MACs) information security programs has shown them to be ‘adequate in scope and sufficiency’, although a number of security gaps were found to exist.

The Social Security Act requires each MAC to have its information security program evaluated on an annual basis by an independent assessor. Each MAC must have the eight major requirements of the Federal Information Security Management Act of 2002 (FISMA) evaluated, in addition to the information security controls of a subset of systems.

The Department of Health and Human Services’ Office of Inspector General (OIG) is required to submit a report of the annual MAC evaluations to congress. The Centers for Medicare & Medicaid Services (CMS) contracted with PricewaterhouseCoopers (PwC) for this year’s evaluations.

The OIG report to congress shows a total of 149 security gaps were discovered to exist in the financial year 2015; a marked increase from the previous year. In 2014, the same 9 MACs were evaluated and 16% fewer security gaps were discovered.

A security gap is defined as an incomplete implementation of FISMA or CMS core security requirements. The security gaps identified are ranked as high, medium, or low-risk, depending on their severity.

PwC identified 22 high-risk gaps, 46 medium-risk gaps, and 81 low-risk gaps. According to the OIG report, 9 percent of the high and medium-risk gaps were identified in the previous year’s evaluations and had not yet been addressed. Four out of the six repeat gaps were determined to be high risk in both 2014 and 2015.

While the number of gaps increased by 16%, OIG points out that the scope of the evaluations was greater this year, with additional controls assessed in the 2015 financial year. The average number of gaps per MAC was 17. The highest number of gaps identified at any one MAC was 25 and the lowest was 14.

The biggest FISMA problem areas were ‘policies and procedures to reduce risk’ and ‘periodic testing of information security’, which had 45 and 41 security gaps identified respectively across the 9 MACs. 15 security gaps were identified with ‘system security plans’. Gaps were identified across all the FISMA control areas that were tested.

OIG reports that each MAC had 4-7 gaps related to policies and procedures to reduce risk. The evaluations showed that the most common security gaps were policies and procedures related to mobile device encryption, platform patch management, and external information systems that did not meet CMS requirements.

Each MAC had four to six gaps related to periodic testing of information security controls, including the failure to consistently enforce change management procedures and deficient system security configurations. There were one to three gaps in system security plans, including the failure to consistently enforce access control procedures, the failure to review policies and procedures within 365 days of the previous review date, and having a system security plan that did not reflect the current operating environment.

Each MAC is responsible for developing its own corrective action plan to address the high and medium risk security gaps identified by PwC. Each MAC must ensure that each of the identified gaps is remediated in a timely manner.

OIG has recommended that CMS continue with its oversight of MACs and should ensure that each MAC remediate all the identified high and medium-risk gaps in a timely manner.

The post OIG: 16% Increase in Security Gaps in Medicare Contractors’ Information Security Programs appeared first on HIPAA Journal.

Tax Season Triggers Wave of W-2 Business Email Compromise Attacks

Posted by HIPAA Journal

Campbell County Health is the latest victim of a W-2 business email compromise attack, which has resulted in the tax information of 1,457 hospital employees being disclosed to a scammer.

The Gillette, WY-based healthcare system discovered Wednesday that an employee had responded to an email request for the W-2 form data of hospital employees. As is common in these scams, the attacker impersonated a hospital executive and requested W-2 information for all employees who had taxable earnings in 2016.

A 66-year old hospital worker responded to the email and sent the information as requested. However, rather than being sent to the hospital executive, the data was sent to the scammer.

Andy Fitzgerald, CEO of Campbell County Health issued a statement confirming “no protected health information for our employees or our patients were released in this incident.” The breach was limited to W-2 data. All affected employees have now been contacted and have been offered identity theft protection services through a leading credit monitoring and identity theft protection company.

Law enforcement has been notified of the attack and hospital officials and a cyber security response team are investigating are trying to identify the attacker. Fitzgerald said the incident is being treated very seriously and “we will continue to review and enhance our security practices to further secure our systems.”

While Campbell County Health is one of the first healthcare organizations to report a W-2 attack this year, it is far from alone. Over the course of the past few weeks there have been numerous business email compromise attacks reported.

This week, eight school districts in Missouri were targeted by scammers. The Missouri Department of Elementary and Secondary Education confirmed that an employee of one of those districts – The Odessa School District –fell for the scam and emailed employee W-2 form data to the attacker. Also this week, the Tipton County Schools District in western Tennessee experienced a similar attack that resulted in the tax information of its employees being emailed to a scammer.

Tax season always sees a massive rise in business email compromise attacks and other tax-related scams. Last year, more than 41 U.S companies reported that employee’s personal information had been compromised as a result of these scams in the first quarter of 2016. The massive increase in attacks in 2016 prompted the IRS to issue a warning to organizations of the high risk of an attack. In the first quarter of 2016, tax-related malware and phishing incidents increased by 400%. The FBI reports an 1,300% increase in BEC attacks since January 2015.

The scams typically involve the impersonation of the CEO or CFO of a company, or another individual with authority. An email is sent to a member of the accounts, billing, or HR departments requesting details W-2 information of employees. The attacks are often successful because employees are unwilling to question requests from the CFO, CEO or other C-suite members.

These attacks tend to be highly targeted. Employees are often researched via professional networking and social media websites and are sent carefully crafted emails from spoofed email accounts. In some cases, corporate email accounts are compromised and the email requests are sent from genuine company accounts.

To counter the threat, all individuals in a company with access to employee data should be notified of the threat and warning of the increased risk of attack during tax season. A system should also be set up to ensure that any request for employee information is authenticated by some other means than email.

The post Tax Season Triggers Wave of W-2 Business Email Compromise Attacks appeared first on HIPAA Journal.

Healthcare Organizations Warned About Fileless Ransomware Attacks

Posted by HIPAA Journal

Over the past two years, ransomware has grown to become one of the biggest cybersecurity threats. While most infections are random, the healthcare industry has been targeted in 2016 and the outlook for 2017 remains bleak.

Many healthcare organizations attacked with ransomware have been able to make a full recovery by deleting systems and reconstituting data from backups. However, there have been numerous cases over the past 12 months when data restoration from backups has failed. In such cases, healthcare organizations are faced with two options: Accept data loss or pay the attackers for the keys to unlock the encryption. In February, Hollywood Presbyterian Medical Center chose the latter, and paid the attackers $17,000 for the keys to unlock the encryption.

2016 saw major new ransomware variants unleashed, with Locky and Samas (Samsam) two of the biggest threats. Both ransomware variants have been used to attack healthcare providers in 2016, with the former reportedly used to in the HPMC attack and the latter reportedly used in a major attack on Medstar Health in March, 2016.

In October last year, MalwareHunterTeam reported that there are more than 200 distinct ransomware families, each containing a myriad of ransomware variants. In 2016, ransomware revenue surpassed the $1 billion milestone.

Ransomware variants are becoming much more sophisticated and use a wide variety of techniques for obfuscation to escape detection. Virulence is also increasing.

One of the latest developments is fileless ransomware. As CrowdStrike explains, with fileless ransomware “malicious code is either embedded in a native scripting language or written straight into memory using legitimate administrative tools such as PowerShell, without being written to disk.” Since no files are downloaded on to the victim’s computer, traditional signature-based detection systems fail to identify the threat.

Infographic Source: Crowdstrike

The fight against ransomware requires multilayered defenses and a host of technologies to prevent infection. Healthcare employees should be warned of the threat and ransomware should be covered in security awareness training. Basic security awareness can be effective at preventing some ransomware infections – Simple measures such as verifying email sources prior to clicking links and never opening attachments from unknown sources should be practices by all employees.

However, even with advanced ransomware defenses, organizations should be prepared to deal with an attack when one occurs. In addition to advanced detection technologies, policies and procedures should be developed specifically to cover ransomware infections to ensure the fastest possible response time. Rapid detection is essential if damage is to be limited.

There have been numerous cases where data have been encrypted, yet the attackers have been unable to supply valid keys to unlock the encryption. Even paying a ransom is no guarantee that it will be possible to unlock files. Recovery will hinge on whether files can be restored from backups.

To limit data loss, daily backups are essential. Backup data should be stored securely in the cloud and on air-gapped backup drives. As was demonstrated this week, cloud copies of files can also easily be encrypted. A nursing school in California – The Gurnick Academy – experienced a ransomware infection when an instructor inadvertently introduced ransomware via a USB drive. However, since Google Drive sync was running on his computer, the encrypted files were replicated in his Google Drive account.

When it comes to backups, organizations should practice the 3-2-1 rule. Three copies of data should exist. Those backups should be stored on two separate media, and one of those backup copies should be stored in a secure, off-site location.

The post Healthcare Organizations Warned About Fileless Ransomware Attacks appeared first on HIPAA Journal.

New Report Reveals 2016 Data Breach Trends

Posted by HIPAA Journal

2016 was a particularly bad year for healthcare data breaches. The healthcare industry was targeted by ransomware gangs, careless employees left healthcare records exposed, and hackers broke through defenses on numerous occasions. 2016 was nowhere near as bad as 2015 in terms of the number of healthcare records stolen or exposed, but more healthcare data breaches were reported in 2016 than in previous years. But how did 2016 compare to other industries?

A new data breach report from Risk Based Security has revealed the 2016 data breach trends across all industries and confirms just how bad a year 2016 was for cybersecurity incidents. The total number of data breaches reported in 2016 – 4,149 data breaches – was on a par with 2015. However, the severity of data breaches in 2016 was far worse.

Until 2016, the worst year in terms of the number of records exposed or stolen was 2013, when the milestone of 1 billion exposed or stolen records was exceeded for the first time. However, in 2016 there were 3.2 billion more records exposed or stolen than that landmark year. More than 4.2 billion records were exposed or stolen between January and December 2016.

The worst security breaches of 2016 were caused by hackers. 9 out of the top 10 worst data breaches of 2016 were due to hacks, with one web breach ranking in the top ten. 2016 saw six data breaches make the top ten list of the worst data breaches ever reported as well as the worst ever data breach – The 1 billion-record breach at Yahoo. The top ten breaches of the year resulted in the theft or exposure of more than 3 billion records. Seven out of the top ten data breaches of 2016 had a severity score of 10/10, with an average score of 9.96/10.

94 data breaches involving more than 1 million exposed records were reported over the course of the year – a 63% increase year on year. 37 data breaches of more than 10 million records were reported – an increase of 105% over 2015.

Risk Based Security’s figures show the United States was the worst hit. 47.5% of data breaches affected U.S. companies and those breaches accounted for 68.2% of the total number of exposed or stolen records. California was the worst hit state, registering 234 breaches and 80.48% of exposed records. Florida in second place with 113 breaches, followed by Texas with 105 and New York with 104.

While healthcare industry data breaches increased in 2016, they still only made up a small percentage of the total – 9.2% and just 0.3% of the total number of records exposed. The business sector was the worst hit, registering 51% of data breaches over the course of the year. Those breaches accounted for 80.9% of exposed or stolen records.

The 2016 data breach report indicates 7.6% of breaches were reported by medical institutions and 2.1% by hospitals. 11% of medical data breaches involved third parties.

Hacking was the main cause of breaches in 2016, accounting for 53.3% of the total. Those breaches were also the most severe, accounting for 91.9% of exposed or stolen records. One of the most common techniques used by hackers in 2016 was SQL injection, although in many cases there was no need to hack at all. More than 256 million records were exposed or stolen as a result of misconfigured databases and websites.

Insider breaches were a major cause of healthcare data breaches in 2016, although across all industries, insider incidents only accounted for 18.3% of the total. While malware attacks were frequent, they only accounted for 4.5% of the total number of breaches and 0.4% of exposed records.

The Data Breach QuickView Report can be downloaded on this link.

The post New Report Reveals 2016 Data Breach Trends appeared first on HIPAA Journal.

NIST Publishes Draft of Updated Cybersecurity Framework

Posted by HIPAA Journal

It has been almost three years since the National Institute of Standards and Technology (NIST) published its Cybersecurity Framework. This week, NIST published a new draft – the first since the Framework was published in 2014 – which includes a number of tweaks, clarifications, and additions. However, as NIST points out, the new draft contains relatively minor updates. The Framework has not received a complete overhaul.

According to Matt Barrett, NIST’s program manager for the Cybersecurity Framework, “We wrote this update to refine and enhance the original document and to make it easier to use.” The new version incorporates feedback received following the December request for comments on how the framework is being used for risk management, the sharing of best practices, long term management of the Framework, and the relative value of different elements of the Framework.

The Cybersecurity Framework was originally intended to be used for critical infrastructure to safeguard information assets, although its adoption has been much wider. The Framework is now being used by a wide range of organizations of all types and sizes to reduce cybersecurity risk. The update reflects the wide range of organizations that are now using Framework.

The updated version sees vocabulary added to help organizations use the framework for cyber supply chain risk management and cyber supply chain risk management has been added to the Framework core. In the draft, NIST has also expanded the section on communicating cybersecurity requirements with stakeholders to aid understanding of cyber supply chain risk management.

NIST explains, “A primary objective of cyber SCRM is to identify, assess and mitigate products and services that may contain potentially malicious functionality, are counterfeit or are vulnerable due to poor manufacturing and development practices within the cyber supply chain.”

The access control and identity management definitions have also been updated, clarifying authentication, authorization, and identity proofing. The relationship between implementation tiers and profiles has been explained in detail, and a new section has been added on cybersecurity measurement.

Measuring an organization’s security status over time will enable organizations to convey meaningful risk information. Barret explained that “Measurements will be critical to ensure that cybersecurity receives proper consideration in a larger enterprise risk management discussion.”

NIST is seeking comments on “version 1.1” of the Framework by April 10. NIST plans to hold a public workshop on the new version in the fall of this year.

The post NIST Publishes Draft of Updated Cybersecurity Framework appeared first on HIPAA Journal.

Hacking Group Attempts to Extort Funds from Cancer Services Provider

Posted by HIPAA Journal

TheDarkOverlord has struck again, this time the victim was a small Indiana cancer charity. The attack occurred on January 11 and was accompanied with a 50 Bitcoin ($43,000) ransom demand. Little Red Door Cancer Services of East Central Indiana was threatened with the publication of confidential data if the ransom was not paid.

The charitable organization provides a range of services to help victims of cancer live normal lives during treatment, recovery, and at end of life. Little Red Door provides an invaluable service to cancer patients in East Central Indiana, with its limited funds carefully spent to provide the maximum benefit to cancer patients and their families.

The payment of a $43,000 ransom would have had a significant impact on the good work the organization does, and would have taken funding away from the people who need it most. Little Red Door followed the advice of the FBI and refused to pay.

Little Red Door spokesperson, Aimee Fant, issued a statement saying the organization “will not pay a ransom when all funds raised must instead go to serving families, all stage cancer clients, late stage care/hospice support and preventative screenings.”

The ransom demand was first sent to company executives, its vice president and president by text message. Messages were sent to their personal cell phones. The ransom demand and threats were also followed with email demands. The ransom demand was later reduced to around $12,000, although payment will still not be made. The stolen data included documents pertaining to grants, donors, employees, and the organization’s operations.

In addition to threatening to publish the data, TheDarkOverlord allegedly also issued a threat to contact the families of cancer patients, as well as the organization’s partners and donors.

Previous attacks by TheDarkOverlord have involved data theft. This time around, data were stolen and the company’s database and physical backups were wiped. Fortunately, patient diagnoses and other client information were on paper files.

Little Red Door has a cloud storage backup containing most of its data. Systems and databases will be rebuilt and data reconstructed. The cancer agency expects its IT systems to be back up and running by the end of this week. After recovery, Little Red Door will fully transition to a cloud-based system.

Little Red Door has received assistance from a number of organizations. A spokesperson for the organization said it “extends its immense gratitude to all who have helped in its efforts to gain control of the ransom attack and sincerely apologizes for any inconvenience and distress experienced on account of this act of cyberterrorism.”

The post Hacking Group Attempts to Extort Funds from Cancer Services Provider appeared first on HIPAA Journal.