Healthcare Industry Rocked by Major Hack

ALPHV, auto updates, Backup Strategies, BlackCat, Hackers, identify phishing, Ophtek, Ransomware, , , , , , ,
23
Apr 2024

Healthcare data is some of the most sensitive data in existence, but a major hack has just affected up to 15 billion records.

Change Healthcare, who provide revenue and payment services for healthcare providers and patients, has announced that its systems have been compromised by threat actors. With Change Healthcare processing around 15 billion transactions a year, this represents a major attack. And the impact has already been felt. Healthcare providers have been struggling to charge for their services, while patients have been struggling to get their prescriptions issued. It’s a nightmare scenario for all involved and underlines the effect malware can have.

How Did Change Healthcare Get Hacked?

The precise details of how Change Healthcare was hacked has not, as yet, been revealed. However, we do know it was carried out by a ransomware group which goes by the names of ALPHV or BlackCat. Naturally, their trademark attack style involves ransomware, and it’s most likely that this was utilized in the Change Healthcare attack. With ransomware typically encrypting data, this is highly damaging for any service handling healthcare data. By encrypting patient records, the hackers would be severing a crucial flow of information.

The attack came on the 21st February 2024, and Change Healthcare took down their systems on the same day. A week later, BlackCat announced they had been behind the attack. Details of a $22 million payment to the ransomware groups have also been revealed, although Change Healthcare are yet to confirm this was made by themselves. Prescription claim submissions and payment systems have recently been reinstated by Change Healthcare, but full access to their systems is unlikely to be restored until mid-March.

Who is BlackCat?

BlackCat has been active online since 2021 and, since then, has launched a series of audacious attacks. The group was linked to the Colonial Pipeline ransomware attack in 2021, and it also took responsibility for the MGM Casino attack in 2023. Headlines such as these didn’t go unnoticed, and in December 2023, the US Department of Justice set about disrupting BlackCat’s activities. Clearly, though, the resulting Change Healthcare attack has demonstrated how BlackCat was unharmed by this resistance.

Staying Safe from Ransomware

The threat of ransomware is well known, but the Change Healthcare attack is a big deal and acts as an important reminder to stay vigilant. With this in mind, we’re going to show you the best ways to stay safe from ransomware:

  • Regular software updates: ransomware often takes control of IT infrastructures due to software vulnerabilities. Accordingly, you need to make sure automatic updates are activated on your operating system. This ensures your software is updated as soon as an update is available, preventing you from running a network with open doors for threat actors.
  • Employee training: your employees are one of your most powerful forms of defense against ransomware threats. Therefore, regular training on cybersecurity threats such as identifying phishing emails, malicious websites, and understanding how to report cybersecurity incidents is vital. With this in place, you can rest assured your network is as secure as possible.
  • Regular, isolated backups: you need to regularly back up critical data and ensure that backups are stored in a secure, isolated location. Automated backup solutions can help ensure consistency and reliability in the event of your data being encrypted by ransomware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Healthcare Organizations Targeted by new Lazarus Attack 

Backup Strategies, Data Security, Lazarus, North Korea, Ophtek, Phishing, QuiteRAT, , , , , ,
24
Oct 2023

Healthcare organizations across the United States and Europe have recently found themselves targeted by Lazarus, the North Korean hacking group. 

Lazarus, who are believed to have ties to the North Korean government, are well known in the world of cybersecurity. In 2022, Lazarus were rumored to have stolen a total of $1.7 billion worth of cryptocurrency across the year. So, yes, Lazarus is a force to be reckoned with. As their latest attack targets organizations rich in sensitive data, it’s important to understand their methods and determine the lessons that can be learned. 

What Is Lazarus’ Latest Campaign? 

At the heart of this new attack by Lazarus is the ManageEngine ServiceDesk. This management suite is used to help organizations manage their entire IT infrastructure. From networks and servers through to mobile devices and applications, ManageEngine helps make life easier for IT teams. It’s a highly popular management suite, with numerous Fortune 100 businesses implementing it. For healthcare organizations, it’s a crucial service which allows them to stay productive and support their IT systems. 

However, as with all, applications, ManageEngine is not 100% secure. The CVE-2022-47966 vulnerability, which was discovered in January 2023, was first exploited by threat actors in February of the same year. This vulnerability allowed the deployment of QuiteRAT, a new and complex brand of malware. QuiteRAT let the threat actors steal data relating to the compromised device and, cleverly, allowed QuiteRAT to “sleep” in order to appear dormant and stay off the radars of security professionals. 

Another part of the attack also involves a new strain of malware dubbed CollectionRAT, which has the ability to perform typical remote access trojan tasks such as executing commands on a compromised system. As with previous campaigns, this latest strike utilizes many of the trademark Lazarus tactics and innovations. For example, by using open-source tools to create CollectionRAT, the threat actors are able to launch their attacks more quickly and without raising the alarm immediately. 

How Do You Protect Your Organization from Lazarus?

Naturally, the most obvious way to protect your IT infrastructure from Lazarus is to be prompt with installing software patches. Lazarus appears to have infiltrated these healthcare organizations due to a known vulnerability, so patching any holes within your IT systems is essential. Luckily, many updates, such as Windows, can be set to automatic and ensures that your applications are as secure as they can be. 

Hacking groups, however, don’t rely solely on vulnerabilities to launch their attacks. In fact, they will deploy almost every technique you can think of to launch an attack. The best practices to stay safe from these are: 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

British Snacks in Short Supply Due to Ransomware Attack

anti malware, Backup Strategies, Employee Training, Ophtek, PC Security, PC Training, Ransomware, , , , ,
22
Feb 2022

British shoppers have been warned to expect some of their favorite snacks to be in short supply following a ransomware attack on a major manufacturer.

KP Snacks has been producing snacks in Britain since the 1850s, but this production has recently run into a major obstacle: ransomware. Cyber criminals have successfully launched a ransomware attack on KP Snacks, and its effects are running deep. Due to the impact of the ransomware on their IT infrastructures, KP Snacks has had to advise stores that delays in production are expected. As a result, British shoppers are likely to be facing empty shelves when they head out to pick up their favorite snacks.

Snack food may not be crucial to society, but the impacts of this hack demonstrate why organizations need to remain vigilant.

The Story Behind the Snack Attack

Following an unexplained outage of their IT systems, KP Snacks investigated and discovered that they had fallen victim to a strain of ransomware. The exact details of the ransomware in question has not, as of yet, been disclosed. However, rumors are circulating that the attack was launched by the WizardSpider group, a gang of hackers who attacked the Irish health service in 2021. It’s alleged, according to leaked sources, that KP Snacks was given five days to pay a ransom fee, but clarification on this is lacking.

The response of KP Snacks has been to launch a defensive strike against the attack. Being a major organization, the snack makers had a cybersecurity response plan which was quickly put into action. Third-party security experts have also been drafted in to complete a forensic analysis of the firm’s IT infrastructure. Nonetheless, the disruption to productivity has hit KP Snacks hard. As well as their IT systems being compromised, their communications systems have been hit equally hard. In modern business, these two elements are essential for operating and, as a result, supply shortages are expected.

Protecting Yourself Against Ransomware

While a shortage of snacks may sound like a mild inconvenience, this is only the tip of the iceberg. Not only is there a financial risk for KP Snacks, but the company’s employees can also expect financial ramifications e.g. delayed payments due to compromised IT systems and even the threat of redundancy. Naturally, this is a situation that no organization wants to find itself in, so make sure you always follow this advice:

  • Always Backup: the main impact of ransomware is that it encrypts files before demanding a ransom fee to decrypt them. However, you can minimize the impact of this effect by ensuring you have a strong backup strategy in place. This will provide you with access to your data and provide you with business continuity.
  • User Training: ransomware can be activated in a number of different ways such as infected emails, malicious links and running outdated software. Thankfully, shutting these attack routes down is relatively easy with the correct training. Therefore, regular staff training is vital when it comes to securing your IT defenses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Taking Care of your External Hard Drive

Backup, Backup Strategies, Data Storage, External Hard Drive, Ophtek, , ,
14
Jul 2020

We process and evaluate a huge amount of data every day, so external hard drives are vital for our storage needs. But how do we get the best out of them?

Capable of holding up to 12TB (that’s 12,000GB) and easily connected via USB, external hard drives are an affordable solution to data storage. However, when a device is holding so much data it’s important that you know how to use it properly. An external hard drive which is used correctly and maintained will keep your data safe for years. But one which is mismanaged can soon lead to a data disaster. And no business needs that.

Luckily, we’ve put together a few pointers on the best ways to use an external hard drive.

Getting the Best Out of Your External Hard Drive

Making sure that your device remains operational and productive is simple as long as you follow these best practices:

  • Don’t Move Your Drive When Transferring Data: Beneath their solid exterior, external hard drives are delicate pieces of kit. This is particularly true for Hard Disk Drives which contain spinning and moving parts. Therefore, moving or jostling your external drive when it is transferring data has the potential to not only damage the device, but also create data errors. Make sure that your device is properly connected, on a flat surface and not in the way of your general PC activities e.g. using the mouse and keyboard. 
  • Format Your Drive as NTFS: There are many reasons for formatting your external hard drive, but it’s important that you format your drive as NTFS. Using this method, as opposed to FAT32, is perfect when your device is mostly used with Windows PCs. NTFS formatting provides faster results and has the added bonus of making your drive less susceptible to disk failure. 
  • Run CHKDSK: Better known as Check Disk, CHKDSK is a handy system tool which should regularly be used to check the status of your external drive. It has the capacity to identity any file system errors and repair them. This gives you the dual benefits of a stable folder structure on your device and less chance of it crashing. 
  • Better to Repair than Replace: It can be frustrating when an external hard drive fails, but it’s often simpler to replace a troublesome device rather than repairing it. The labor, and associated costs, to repair an external hard drive will usually be more expensive than a replacement. And, as our next point will show, this shouldn’t compromise your data too much. 

If you can follow the advice above then you should be guaranteed a hassle-free experience with your external drive. And you can rest assured that your data will be safe and available at all times.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Use the 3-2-1 Backup Method to Protect Your Data

Backup, Backup and Recovery, Backup Strategies, Data Backup, Data Storage, Ophtek, , , , ,
28
Jan 2020

Hardware can easily become compromised, stolen or damaged. And this can leave you without crucial data. But the 3-2-1 backup method is here to help.

Data disasters are most often caused by hardware failure, human error or cyber-attacks. Regardless of the cause, your organization needs a good backup strategy in place. You need to be able to retrieve your data in the event of an emergency. Without a backup strategy you will struggle to recover and this will have a major impact on your productivity. And that’s why the 3-2-1 backup method has proved to be so popular with businesses.

Data protection has never been more important that today, so we’re going to take a look at how the 3-2-1 backup method can protect your data.

What is the 3-2-1 Backup Method?

The principle behind the 3-2-1 backup method lies in its name:

Let’s take a closer look at each part of the method to help you understand the thinking behind it:

  • Keeping at Least 3 Copies of Your Data: To keep just one backup copy of your data is careless. Say, for example, your data is compromised by ransomware. An option would be to retrieve your backup data from an external hard drive. But what if you discover this device has been damaged in some way? You need an alternative solution. And this could be accessing a USB drive or connecting to a cloud storage solution. The minimum number of copies you should keep is three, but there’s no maximum. You can keep three, five or fifty. 
  • Keeping 2 of these Copies on Local Devices: Onsite backups are essential for keeping your productivity in place. Data disasters are unpredictable and can have an instant impact. Therefore, you need to make sure that you have your backup data close to hand. This approach will allow you to quickly implement any compromised data and establish normal working practices. Again, it’s important to have more than one local backup available to safeguard against any technical issues. 
  • Keeping at Least 1 Copy Offsite: If you want to reap the benefits of a complete backup strategy you need to keep one copy offsite. Advances in cloud computing mean that it’s easier than ever to store data offsite. And this can pay dividends in the case of a local disaster. If, for example, you are hit by a hurricane or a flood, all your local backups could be damaged. It doesn’t matter if you’ve got three or three hundred. But if you keep at least one copy in the cloud you are ensuring comprehensive data protection is in place. 

Final Thoughts 

A good backup strategy is vital in protecting your data in the event of a data disaster. And it pays to be comprehensive in the manner in which you protect your data. The 3-2-1 backup method is the perfect way in which to achieve this.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2