healthcare cyber attacks

Every day it seems we read about more healthcare cyber attacks.  As the news keeps breaking with more details on the wide variety of cases, we have plenty of work to do just to keep up.  Today, there are so many cases to talk about we couldn’t even decide what to call the episode.


HIPAA For MSPs by David Sims Healthcare Cyber Attacks
00:00:00 00:00:00

Healthcare Cyber Attacks

  • Yahoo Admits 1 Billion Accounts Compromised in Newly Discovered Data Breach
  • 57 Health data breaches in Nov according to
    • NJ family medicine practice notifying 4,277 patients after ransomware attack

      As part of the extensive investigation, on November 18, 2016, it was determined that this virus was introduced by an unknown third party that had access to a server on Dr. Selke’ information system.

  • 5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update
  • TA16-336A: Avalanche (crimeware-as-a-service infrastructure)
    • “Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further information about Avalanche.
    • A system infected with Avalanche-associated malware may be subject to malicious activity including the theft of user credentials and other sensitive data, such as banking and credit card information. Some of the malware had the capability to encrypt user files and demand a ransom be paid by the victim to regain access to those files. In addition, the malware may have allowed criminals unauthorized remote access to the infected computer. Infected systems could have been used to conduct distributed denial-of-service (DDoS) attacks.
  • Included recommendations the same for every one of these cases
    • Use and maintain anti-virus software
    • Avoid clicking links in email
    • Change your passwords
    • Keep your operating system and application software up-to-date
    • Use anti-malware tools

TDO – The Dark Overlord is still active

Of all the healthcare cyber attacks of 2016 the ones that have been the most interesting to follow are The Dark Overlord.  Prior to the first announcements from TDO in July, healthcare cyber attacks were focused on ransomware that locked things down.  Once these stories hit the news, the landscape changed.  This is blackmail and extortion wrapped around healthcare cyber attacks for the first time ever.

A recap of some of the latest activity included a new investigative report mentioning TDO by Atlanta’s WSBTV.


  • Oct 11 TDO tweets:
    • Another one bites the dust – this time Aesthetic Dentistry located in the state of New York. Press release here:
  • Oct 13 TDO tweets:
  • Dec 12 TDO tweets:
    • Existence is a series of footnotes to a vast, obscure, unfinished masterpiece.
  • Dec 13 WSBTV Investigative report on 531K patients involved
    • Largest in GA this year
    • Report mentions TDO and shows twitter
      • Mentions the free sample of the data for the first time
    • Interview of a guy that doesn’t get it
    • Medical recs cost $5 while credit cards are pennies
    • 300 medical breaches this year – don’t mention that is over 500 only
    • Easy to mask activity according to the feds
    • Across all walks of life statement – HA – includes FBI agents

Predictions for 2017

  • Covering in episode soon
  • Don’t sound good at all

Time to pay attention for EVERYONE

  • Expensive stuff to address but way more to deal with on the back end

    In the healthcare industry alone, the Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute estimates that data breaches could be costing the industry $6.2 billion per year.

    Juniper Research predicts that data breaches will cost $2.1 trillion globally by 2019, which is almost four times more than in 2015.