A War on Healthcare: Top Cybersecurity News from the Week of Feb 13th
What’s in the paper for last week’s top cybersecurity news? Healthcare has been the most heavily targeted industry this week, as ransomware and other malicious attacks have impacted millions of patient and employee records around the globe. From the latest NHS data leak to ransomware gangs hitting US hospitals, here are the notable cybersecurity news from the week:
Killnet’s war on healthcare
Since the beginning of this year, the Killnet hacktivist group have been rampantly targeting the healthcare industry with DDoS (Distributed Denial of Service) attacks.
The group has successfully targeted 17 high-profile US health organisations since January. According to the investigation reports, Killnet has a clear trend of targeting at least one company from each state.
Carter Groome, the founder and CEO of First Health Advisory, has publicly commented on this, saying “This is a war. Every week, every year, we’re on the frontlines. And we think this can’t get any worse; then it does.”
Killnet is a pro-Russian group, and their social media channel is fueled by anti-US propaganda. It is rather clear that their motivation exceeds beyond financial gain, and they want to significantly disrupt the US CNI sectors.
Another NHS data leak in Liverpool
A major NHS hospital in Liverpool suffered a data leak earlier today that compromised 14,000 employee data. However, it was not due to a cyberattack but rather a human error. One employee accidentally shared a private spreadsheet file with hundreds of NHS managers across the country.
The file contained payroll details of 14,000 employees in a hidden tab, including their salary amount, DOB, NI numbers, and addresses.
The Liverpool hospital has since then published a public apology, also stating that they have commissioned an independent and external review to analyse the incident for future improvements.
Human error remains a significant cause of data leaks, accounting for over 13% of the data breaches last year.
Clop ransomware impacts millions of patients
The pro-Russian ransomware gang Clop has targeted GoAnywhere MFT, a popular file-sharing service for the US healthcare industry. The attack has compromised nearly a million patient records in the US.
“A zero-day remote code injection exploit was identified in GoAnywhere MFT. The attack vector of this exploit requires access to the administrative console of the application, which in most cases is accessible only from within a private company network, through VPN, or by allow-listed IP addresses”, said Fortra, the developer of the affected software.
The breach was first reported by the Community Health Systems (CHS), which has since then filed an official report with the government regulators.
The Clop ransomware gang claims to have exploited a GoAnywhere zero-day to breach 130 orgs. This includes healthcare giant Community Health Systems, which says the data of 1 million patients was exposed https://t.co/X2JLqgVkDv
— Carly Page (@CarlyPage_) February 15, 2023
Microsoft releases patch for three critical Windows vulnerability
On Tuesday, Microsoft released the latest security updates to address 75 vulnerabilities across its product portfolio. Three of these flaws are being actively exploited in the wild.
More than half of the vulnerabilities reported by Microsoft are remote code execution (RCE) flaws, where 9 are critical and 66 are important in terms of severity. The tech giants have released patches for the three zero-day vulnerabilities currently being exploited, which are as follows:
- CVE-2023-21715 (CVSS score: 7.3) – Microsoft Office Security Feature Bypass Vulnerability
- CVE-2023-21823 (CVSS score: 7.8) – Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2023-23376 (CVSS score: 7.8) – Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability
For more cybersecurity news, insights and analysis, follow Code Red on Twitter and LinkedIn.