CYBER SECURITY NEWS – WEEK OF NOVEMBER 21, 2022
Misconfigured server exposed PHI of 600,000 inmates
- A server misconfiguration at a firm that provides medical claims processing for correctional facilities exposed sensitive information of nearly 600,000 inmates who received medical care during the last decade while incarcerated.
- Kentucky-based CorrectCare Integrated Health Inc. on Oct. 31 reported to the U.S. Department of Health and Human Services at least three “unauthorized access/disclosure” breaches affecting a total of nearly 500,000 individuals involving its server misconfiguration incident.
- The HHS Office for Civil Rights’ HIPAA Breach Reporting Tool website also shows several breaches reported in recent weeks by CorrectCare’s clients, collectively affecting about another 100,000 individuals.
- Patient information contained in the exposed file directories included full name, date of birth, Social Security number, and limited health information, such as a diagnosis code and procedure codes.
40 states settle Google location-tracking charges for $392m
- Search giant Google has agreed to a $391.5 million settlement with 40 states to resolve an investigation into how the company tracked users’ locations, state attorneys general announced Monday.
- The states’ investigation was sparked by a 2018 Associated Press story, which found that Google continued to track people’s location data even after they opted out of such tracking by disabling a feature the company called “location history.”
- The attorneys general called the settlement a historic win for consumers, and the largest multistate settlement in U.S history dealing with privacy.
CDSL detects malware in a few internal machines
- India’s largest depository in terms of numbers of accounts, Central Depository Services (India) (CDSL), faced cyber security issues on Friday, which impacted settlement activities.
- The depository detected malware in a few of its internal machines, following which the company isolated the machines and disconnected itself from other constituents of the capital market.
- “As per initial findings, there is no reason to believe that any confidential information or the investor data has been compromised,” said CDSL in a statement. The incident has been reported to the authorities.
Hundreds infected with ‘Wasp’ stealer in ongoing supply chain attack
- Security researchers are raising alarm on an ongoing supply chain attack that uses malicious Python packages to distribute an information stealer.
- The purpose of the injected code is to infect the victim’s machine with a script that runs in the background. The script, which fetches the victim’s geolocation, contains a modified version of an information stealer called Wasp.
- The attackers have managed to infect hundreds of victims to date, while actively releasing new packages to continue the campaign, Checkmarx notes.
Hive ransomware gang hits 1,300 businesses, makes $100 million
- The Hive ransomware gang has victimized more than 1,300 businesses, receiving over $100 million in ransom payments over the past year and a half, US government agencies say.
- Active since June 2021 and offered as ransomware-as-a-service (RaaS), Hive has been used in attacks against businesses and critical infrastructure entities, including communications, government, healthcare, IT, and critical manufacturing organizations.
- After gaining access to a victim’s network, the Hive ransomware attempts to identify and terminate processes related to antimalware, backups, and file copying, to stop volume shadow copy services and remove existing copies, and to delete Windows event logs.
Canadian supermarket chain Sobeys hit by ransomware attack
- Canadian supermarket and pharmacy chain Sobeys is recovering from a cyberattack that might have involved the Black Basta ransomware.
- On November 7, Empire disclosed that it fell victim to a cyberattack that impacted some in-store systems at its supermarkets, as well as its pharmacies. By Friday, the company was able to fully restore impacted systems at its pharmacies.
- “While some in-store services are functioning intermittently or with a delay, we are pleased to note that our pharmacy network is now able to operate fully,” a notification on Sobeys’ website reads.