Hackers breach healthcare orgs via ScreenConnect remote access

Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. Threat actors are leveraging local ScreenConnect instances used by Transaction Data Systems, a pharmacy supply chain and management systems solution provider present in all 50 states. Researchers at managed security platform Huntress spotted the attacks and report seeing them on endpoints from two distinct healthcare organizations and activity indicating network reconnaissance in preparation of attack escalation. "The threat actor proceeded to take several steps, including installing additional remote access tools such as ScreenConnect or AnyDesk instances, to ensure persistent access to the environments" - Huntress. The observed intrusions were observed between October 28 and November 8, 2023, and they are likely still happening. Huntress reports that the attacks feature similar tactics, techniques, and procedures. Xml, indicating that the same actor is behind all observed incidents. The.XML contains C# code that loads the Metasploit attack payload Meterpreter into the system memory, using non-PowerShell to evade detection. According to Huntress, additional processes were observed being launched using the Printer Spooler service. The compromised endpoints operate on a Windows Server 2019 system, belonging to two distinct organizations - one in the pharmaceutical sector and the other in healthcare, the common link between them being a ScreenConnect instance. The remote access tool was used to install additional payloads, to execute commands, transfer files, and to install AnyDesk. The hackers also tried to create new user account for persistent access. Researchers determined that the ScreenConnect instance was be tied to the 'rs. Com' domain associated with TDS. At this time, it is unclear if TDS suffered a breach, if the credentials to one of their accounts were compromised, or if the attackers exploit a different mechanism. Huntress made multiple attempts to notify TDS, now known as 'Outcomes', following a merger last summer, but the company did not reply back. BlackCat ransomware claims breach of healthcare giant Henry Schein. Lazarus hackers breached dev repeatedly to deploy SIGNBT malware. Free Download Manager releases script to check for Linux malware. Free Download Manager site redirected Linux users to malware for years. McLaren Health Care says data breach impacted 2.2 million people.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Hackers breach healthcare orgs via ScreenConnect remote access

Cybersecurity in the Healthcare Industry: Protecting Patient Data - In the rapidly advancing era of technology, the healthcare industry faces a critical challenge: protecting patient data from cyber threats. This article will emphasize the significance of cybersecurity in the healthcare industry and explore the ...
8 months ago Securityzap.com
Why healthcare data is often the target of ransomware attacks - Healthcare data in recent years has been a very lucrative target for cyberattacks, particularly ransomware, with attackers holding healthcare information, and potentially patient lives, for ransom. Cybercriminals are increasingly focusing on ...
4 months ago Techtarget.com
Hackers breach healthcare orgs via ScreenConnect remote access - Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. Threat actors are leveraging local ScreenConnect instances used by Transaction Data Systems, a ...
10 months ago Bleepingcomputer.com
ConnectWise urges ScreenConnect admins to patch critical RCE flaw - ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. This security bug is due to an authentication bypass weakness that attackers can exploit ...
7 months ago Bleepingcomputer.com
Best Cloud Security Providers for Healthcare Services - Cloud Security Providers for Healthcare offer specialized services to protect data and applications hosted in cloud environments. When picking a cloud security providers for healthcare, it's important to think about things like how well they follow ...
8 months ago Cybersecuritynews.com
The Imperative for Robust Security Design in the Health Industry - COMMENTARY. In an era dominated by digital innovation and technological advancements, healthcare companies find themselves at the intersection of immense opportunity and equally unprecedented risk. The digitalization of patient records, electronic ...
8 months ago Darkreading.com
Atlas Healthcare Confirms Data Breach Affecting Residents' Social Security Numbers - On October 14, 2023, Atlas Healthcare provided notice of a recent data breach after learning that an unauthorized actor was able to access the company's computer system. In this notice, Atlas explains that the incident resulted in an unauthorized ...
10 months ago Jdsupra.com
Changing How Healthcare Works: Big News in Communication - In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and ...
7 months ago Cysecurity.news
Welltok Data Breach: 8.5M US Patients' Information Exposed - In a recent cybersecurity incident, Welltok, a leading healthcare Software as a Service provider, reported unauthorized access to its MOVEit Transfer server, affecting the personal information of approximately 8.5 million patients in the United ...
10 months ago Securityboulevard.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
9 months ago Securityboulevard.com
Unveiling the true cost of healthcare cybersecurity incidents - As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity ...
9 months ago Helpnetsecurity.com
Transforming in the Age of Healthcare Digitalization - Healthcare and technology increasingly intersect in today's world, and cybersecurity has become a primary concern for many companies. The recent attack on Change Healthcare serves as a harsh reminder of the vulnerabilities facing the healthcare ...
3 months ago Cyberdefensemagazine.com
LockBit attacks continue via ConnectWise ScreenConnect flaws - Exploitation of two critical ConnectWise vulnerabilities continues to mount, with many attacks attributed to ransomware gangs such as LockBit. Last month, ConnectWise disclosed an authentication bypass vulnerability, tracked as CVE-2024-1708, that ...
7 months ago Techtarget.com
Norton Healthcare discloses data breach after May ransomware attack - Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and ...
10 months ago Bleepingcomputer.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
8 months ago Securityzap.com
Ransomware's appetite for US healthcare sees known attacks double in a year - Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of ...
6 months ago Malwarebytes.com
Data breach at French healthcare services firm puts millions at risk - French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country. Though the company's website remains offline at the time of writing, an announcement was posted on ...
8 months ago Bleepingcomputer.com
Cybersecurity Management Lessons from Healthcare Security Breaches - 2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. Unusual activity detected on May 8, 2024, caused Ascension ...
4 months ago Esecurityplanet.com
Threat Brief: ConnectWise ScreenConnect Vulnerabilities - Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. These vulnerabilities were first reported through their vulnerability disclosure channel in the ConnectWise Trust ...
7 months ago Unit42.paloaltonetworks.com
Best Network Security Providers for Healthcare - The exponential growth of Electronic Health records, telemedicine, and interconnected medical devices creates a complex healthcare ecosystem demanding robust network security. Network security providers specializing in healthcare offer a ...
4 months ago Cybersecuritynews.com
HHS to investigate UnitedHealth and ransomware attack on Change Healthcare - The U.S. Department of Health and Human Services is launching an investigation into the ransomware attack on Change Healthcare following weeks of disruption to healthcare and billing operations at hospitals, clinics and pharmacies across the country. ...
6 months ago Therecord.media
Pharmacy Delays Across US Blamed on Nation-State Hackers - Change Healthcare, a technology services provider for pharmacies, experienced a cyberattack from a suspected nation-state threat actor that has created widespread delays for patients who need prescription refills across the US. Change Healthcare is a ...
7 months ago Darkreading.com
Future Health: AI's Impact on Personalised Care in 2024 - As we dive into the era of incorporating Artificial Intelligence into healthcare, the medical sector is poised for a profound transformation. AI holds immense potential in healthcare, offering groundbreaking advancements in diagnostics, personalised ...
9 months ago Cysecurity.news
US govt probes if ransomware gang stole Change Healthcare data - The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late ...
6 months ago Bleepingcomputer.com
Health Care Network in Crisis: Cyberattack Shuts Down Operations Across US - In a statement released Thursday evening by Ascension Hospital, a nonprofit network based in St. Louis with 140 hospitals across 19 states, it was also reported that electronic health records, some phone systems, as well as several systems used to ...
5 months ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)