In today’s cybersecurity news…
Anna Jaques Hospital confirms details of Christmas Day ransomware breach
Following up on a story we covered in January, the not-for-profit community hospital located in Massachusetts has confirmed on its website that the ransomware attack on its systems that occurred on December 25, 2023, has exposed sensitive health data for over 310,000 patients. A ransomware group named Money Message started releasing patient data in January, after not getting satisfaction from hospital officials. The complexity of the theft meant it has taken until November of this year to complete the forensic investigation. The result is an impact to over 316,000 patients, with PII such as health insurance, Social Security numbers, driver’s license number and financial information being leaked. The hospital’s announcement adds that it has “no indication that there has been any fraud as a result of this incident.”
Microsoft expands Recall preview to Intel and AMD Copilot+ PCs
After two delays that occurred over the summer, Microsoft has now expanded its preview of its new AI-powered Recall feature to AMD and Intel-powered Copilot+ PCs enrolled in the Windows 11 Insider program. This builds upon the first rollout to Snapdragon Copilot+ PCs last month. Recall is “a Windows feature that captures screenshots of active windows every few seconds, analyzes them, and allows Windows 11 users for specific snapshots using natural language.” It itself was recalled promptly to address numerous security concerns, and Microsoft made it an opt-in and removable feature that requires users to confirm their presence using Windows Hello.
Blue Yonder announces restoration progress after November 21 attack
The supply chain software giant, owned by Panasonic, says that several of its customers’ systems are back up and running. This is as the Termite gang, which is allegedly behind the incident, announced it had 680 GB of data including emails, insurance documents, company data and more to play with. Blue Yonder, whose clients include Starbucks, “provides systems for fulfillment, delivery and returns for more than 3,000 major companies across 76 countries.” Ransomware researchers have tied the code used by the Termite gang to the Babuk ransomware family.
Atrium Health announces data breach
This breach is a little different from those we regularly hear about. In a notification to the U.S. Department of Health and Human Services, Atrium Health, which provides healthcare services at more than 1,400 care locations and 40 hospitals across several states, announced that the issue involves online tracking technologies that were present on an Atrium Health patient portal between 2015 and 2019. These were “commonly used internet technologies intended to help operate certain features of its Patient Portal and enhance the online experience for users.” The breach itself, which is said to have affected about 585,000 people, “may have transmitted certain personal information to third-party vendors, such as Google and Facebook.” The company continued, “it’s difficult to precisely determine what data was transmitted to third parties, but it’s assuming that all users of the MyAtriumHealth or MyCarolinas patient portal between January 2015 and July 2019 are affected.”
Thanks to today’s episode sponsor, ThreatLocker
ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team.
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
The intrigue behind Salt Typhoon telco penetration continues
In an interview with The Register, T-Mobile CSO Jeff Simon stated that the massive cyber-espionage campaign, during which China-affiliated hackers broke into numerous U.S. telecom companies’ networks, used a novel technique, “not something that I’ve seen in my 15-plus-year career in cyber security. It’s not something that is well published or read about. There’s no CVE for it.” Specifically, Simon was referring to the way the cyber-spies “hopped between organizations’ networks and tried, ultimately unsuccessfully, to break into T-Mobile.” Added to the intrigue is a statement from Jeff Greene, CISA’s executive assistant director for cyber security, who said, “we cannot say with certainty that the adversary has been evicted, because we still don’t know the scope of what they’re doing.”
TikTok loses appeal, is set to be banned in the U.S.
As reported by the BBC, “TikTok’s bid to overturn a law which would see it banned or sold in the U.S. from early 2025 has been rejected.” The company had pinned its hopes on describing to a federal appeals court how the ban would be unconstitutional, representing “a staggering impact on the free speech of its 170 million U.S. users.” The court, however upheld the law, which it said, “was the culmination of extensive, bipartisan action by the Congress and by successive presidents.” TikTok says it will now take its fight to the U.S. Supreme Court.
(BBC News)
Romania annuls presidential election, cites Russian influence
The first round of the country’s presidential election has been annulled by its constitutional court “following the declassification of intelligence showing Russian interference influenced the result.” This move is unprecedented in Romania and will require that the electoral process for the election of the President of Romania be repeated in its entirety. Intelligence documents declassified and released on Wednesday by the outgoing president assess that the victory, attained by far-right candidate Călin Georgescu in the first round was “down to a widespread state-sponsored interference on his behalf, including a sophisticated guerilla campaign on social media, particularly TikTok.”