HIPAA Journal Alerts on Cyberattacks

Highlights From The HIPAA Journal
From The August 3rd Newsletter

The Department of Homeland Security Cybersecurity and CISA issue alert on cyberattacks from a Chinese cyber-gang

• The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a high priority alert warning enterprises of the risk of cyberattacks involving Taidoor malware, a remote access Trojan (RAT) used by the Chinese government in cyber espionage campaigns.
• CISA explains in the alert that the threat actors are using the malware in conjunction with proxy servers to hide their location and gain persistent access to victims’ networks and for further network exploitation.
• CISA recommends updating anti-virus as well as keeping operating systems at Windows 10 and to continually update patching.

FBI issues warning on windows 7 operating system machines

• Due to vulnerabilities in the unsupported Windows 7 operating system, the FBI warns enterprises to update their machines to the Windows 10 pro operating system.
• The FBI has seen a rise in cyberattacks on windows machines using a windows 7 operating system which had its free patching end on January 14^th, 2020.

President Trump signs executive order for expansion of telehealth services

• The President signed an executive order to expand telehealth services to 57 million Americans.
• This is to support telehealth services once the public health emergency is officially declared over.
• Statistics show that virtual visits by phone/video increased from 14,000 visits to 17 million in the last week of April.

Recent cyber/ransomware attacks related to the Healthcare industry

• In late May, looters broke into eight Cub pharmacies in the Minneapolis area and stole PHI from locked safes. The number of affected individuals has not been announced yet.
• Allergy and Asthma Clinic of Fort Worth found that an individual gained unauthorized access to its computer system and potentially obtained patients’ billing information. Over 69,000 individuals were affected by this attack.
• FHN (IL), a healthcare system, had an authorized user gain access to email accounts of their employees due to a phishing attack. The number of affected individuals has not been announced yet.
• Elkins Rehabilitation & Care Center in West Virginia found that unauthorized users gained access to their employees’ email accounts. Over 3,100 patients were impacted by this attack.