HIPAA Journal – Alerts from NSA and FBI
Highlights From The HIPAA Journal
From The July 6th Newsletter
The NSA issued guidance on IPsec VPNs on configuration issues.
- While VPNs protect against unauthorized access through the user of cryptography, they can still have issues if not properly configured.
- Consistent maintenance and patching are needed to properly keep the VPN secure as much as possible.
- To reduce risk, admins should apply filtering rules to restrict ports, protocols, and IP addresses of network traffic to VPN devices.
The FBI and CISA issue joint alert on The Onion Router (Tor).
- Tor was developed in the mid-1990s and is used to browse the internet anonymously.
- Tor has been adopted by many threat actors to hide their location and IP address and conduct cyberattacks/other malicious acts.
- Many of these attacks can be conducted anonymously so it is hard for network defenders to respond to these attacks.
Apache Guacamole, a remote access system, is showing several vulnerabilities in recent reports.
- The system has been a popular add during the COVID-19 pandemic for remote employees with more than 10 million Docker downloads.
- The RDP vulnerabilities with Apache could be exploited to allow hackers to hijack servers and have access to sensitive data and information between conversations of employees.
- Please ensure you have the latest version of the software as recommended by the HIPAA journal.
Microsoft shuts down phishing campaign that resided in over 62 countries.
- The scam was conducted to access Office 365 credentials to then grab PHI off of those accounts.
- The phishing emails reference a Q4 report and if the email was opened, the user was directed to a website with a malicious application.
- A civil case was filed to the U.S. District Court for the Eastern District of Virginia by Microsoft.
The Florida Orthopedic Institute, one of the largest orthopedic providers in the state, is one of the latest healthcare providers to face a class action lawsuit over a ransomware attack.
- While the fees to pay the ransom of a ransomware attack are high, do not forget about the legal action needing to be taken too.
- Attorney John Yanchunis of the law firm Morgan & Morgan filed a lawsuit against the Practice stating that the Practice did not implement appropriate safeguards to ensure the confidentiality of patient data.