Thursday, September 22, 2022

A Hospital In Texas Facing Ransomware

 

Ransomware attacks against hospitals keep increasing. The victim is from Texas - USA this time.


A ransomware attack against a medical center caused some communication issues and also disruptions.


It is scary that the hospitals are facing ransomware attacks.


https://www.scmagazine.com/analysis/ransomware/texas-hospital-facing-communication-issues-system-rebuild-amid-ransomware-attack


"A ransomware attack deployed against OakBend Medical Center on Sept. 1 caused communication issues and IT disruptions..."


"The hospital turned over the ransomware investigation to 'a team consisting of the FBI, CYD, and the Ft. Bend County Government Cyberteam.'"


"The update released on Sept. 9 shows that OakBend is still working to bring its clinical systems back online “in a controlled, systemic environment” and is facing continued telephone and email issues..."


"A report from DataBreaches.net shows the Daixin ransomware group is claiming responsibility for the attack."


"The incident at OakBend joins an estimated 55 other ransomware attacks deployed against U.S. healthcare entities this year, according to RedSense Intelligence Operations estimates. Several lawmakers recently requested an urgent meeting to determine how the health sector is fighting off the threat of ransomware and what help is needed to support defense."


"Currently, a French hospital and the U.K. National Health Service are facing similar outages..."

Sunday, September 11, 2022

InterContinental Hotels Cyber Attack

Did you stay in the following hotels recently (or since 2016)?

Regent, InterContinental Hotels and Resorts, Crowne Plaza, Holiday Inn, Holiday Inn Express, Candlewood Suites, Atwell Suites, and Even Hotels?


If yes, then read this post a little bit carefully.


The IT systems of InterContinental Hotels Group which operates 17 hotel brands globally, is compromised.


Not a good news just after the holiday season but you cannot escape from the realities.


And this has been the 3rd time that this hotels group was compromised. (Cyber defense actions are needed.)


And maybe you will think twice before booking a hotel room online after having read the news below.


https://www.theregister.com/2022/09/06/ihg_hotels_data_breach/


"The IT systems of InterContinental Hotels Group, the massive hospitality organization that operates 17 hotel brands around the world, have been compromised, causing ongoing disruption to the corporation's online booking systems and other services.


IHG, which is headquartered in Denham, England, and has offices in Atlanta, Singapore, and Shanghai, said in a statement to the London Stock Exchange Tuesday that 'parts [of its] technology systems have been subject to unauthorised activity.'"


https://www.londonstockexchange.com/news-article/IHG/unauthorised-access-to-technology-systems/15617013?s=31


"Attempts by The Register to book a room online via the IHG website were unsuccessful, as we repeatedly ran into a message saying the requested page was unresponsive. Clicking on links to other pages on the site were met with the same message, though some pages popped up after a few minutes of delay.


The company put a message to guests at the top of the home page informing them that 'at this time, you may have challenges booking a new reservation, accessing information about your upcoming reservations and accessing your IHG One Rewards account.'"


"IHG is a massive operation, running 6,028 hotels and 882,897 rooms in more than 100 countries. It has about 325,000 employees and included in its brands are Regent, InterContinental Hotels and Resorts, Crowne Plaza, Holiday Inn and Holiday Inn Express, Candlewood Suites, Atwell Suites, and Even Hotels."


"This isn't the first time IHG has been hit by a cyberattack. A network security breach in 2016 impacted the company for about three months, with IHG officials admitting in April 2017 that 1,200 hotels were affected by the intrusion. In that snafu, attackers deployed malware that accessed payment card data that was then used make fraudulent payments with cloned cards."


"Marriott Hotels in July said it had been hit by a third cyberattack in four years, with miscreants making off with 20GB of data, including credit card information and internal company documents."

Tuesday, September 6, 2022

London's Biggest Bus Operator Hit By Cyber Attack

 

It is a public transportation company from London this time. London's biggest bus operator suffered a cyber attack.


https://bit.ly/3KYH6pu


"Travellers in London are braced for more delays after the city’s largest bus operator revealed it has been hit by a 'cybersecurity incident,' according to reports.


Newcastle-based transportation group Go-Ahead shared a statement with the London Stock Exchange indicating 'unauthorized activity' had been discovered on its network yesterday."


"'Go-Ahead will continue to assess the potential impact of the incident but confirms that there is no impact on UK or International rail services which are operating normally.'


However, the same may not be true of its bus services. Sky News reported that bus and driver rosters may have been impacted by the attack, which could disrupt operations."


"It is London’s largest bus company, operating over 2400 buses in the capital and employing more than 7000 staff."

Thursday, September 1, 2022

French Hospital Hit By Ransomware

And this time a hospital, the country is France.

A French hospital is hit by a $10 million RANSOMWARE attack. They could not give health services and had to send their patients to other establishments. The surgeries are postponed.

Yes, cybersecurity can have a direct effect on your life. You want to know how? Then continue reading.

https://www.bleepingcomputer.com/news/security/french-hospital-hit-by-10m-ransomware-attack-sends-patients-elsewhere/

"The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries."

"'This attack on the computer network makes the hospital's business software, the storage systems (in particular medical imaging), and the information system relating to patient admissions inaccessible for the time being,' explains CHSF's announcement."

"Those in need of emergency care will be evaluated by CHSF's doctors, and if their condition requires medical imaging for treatment, they will be transferred to another medical center."

"According to Le Monde, which has info from the country's law enforcement agencies, the ransomware actors that hit CHSF demanded the payment of a ransom of $10,000,000 in exchange for a decryption key."

"French cybersecurity journalist Valéry Riess-Marchive identified signs of a LockBit 3.0 infection, mentioning that the handling by the national gendarmerie is a clue pointing to that direction, as that service deals with Rangar Locker and LockBit attacks."

"If LockBit 3.0 is responsible for the attack on CHSF, it will violate the RaaS program's rules, which prohibit affiliates from encrypting systems of healthcare providers."

RaaS: Ransomware as a Service