Tampa General Hospital Discloses Data Breach Involving 1.2 Million Patients
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Last week, Tampa General Hospital (TGH) in a public announcement disclosed a cybersecurity incident that compromised personal health information (PHI) of nearly 1.2 million patients.
The Florida-based private nonprofit healthcare facility servicing the western Florida and greater Tampa Bay region, is the region’s only university-level academic medical center.
TGH in its notice said that on May 31, it detected unusual activity on its computer system. The organization partnered with third-party cybersecurity experts to launch an investigation immediately.
In the notice, the organization also explained that its ‘’monitoring systems and experienced technology professionals effectively prevented encryption, which would have significantly interrupted the hospital’s ability to provide care for patients.’’
The investigation revealed that an unauthorized third-party attacker infiltrated TGH’s network between May 12- 30, 2023, and exfiltrated certain files from its network system.
The files are said to contain sensitive personal information of around 1.2 million patients. The data which varied by individual is said to contain the names, phone numbers, addresses, Social Security Numbers, date of birth, medical record and patient account numbers, health insurance information, dates of service and limited treatment information used for business operations. The organization clarified that the hackers had not accessed its electronic medical record system.
Details about the threat actor and attack technique remains unknown. However, TGH has already implemented containment measures to prevent any further damage to its network system. The healthcare facility has deployed additional security systems, including system monitoring to ensure such incidents do not occur in future.
Moreover, TGH has also notified the Federal Bureau of Investigation (FBI) about the data breach. It has also announced that in addition to notifying the affected individuals, they would also be offered free credit monitoring and identity theft protection services.
The attack on TGH comes after a recent spate of attacks witnessed on healthcare facilities around the world. For instance, the July 2023 HCA Healthcare data breach incident that impacted nearly 11 million patients.
Threat Actors Use Open-Source Software Supply Chain TTP to Target Banking Sector
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
First ever known cybersecurity attack involving open-source software (OSS) was discovered by researchers at Checkmarx, a US-based application security solutions company. The OSS supply chain attacks identified in the first half of 2023, specifically targeted the banking sector.
Open-source software supply chain Tactics, Techniques, and Procedures (TTP) is an attack vector where the attacker infiltrates the target’s network system by exploiting the open-source software components.
The first incident is said to have occurred on the 5th & 7th of April, when the attacker uploaded a package to the NPM registry. This package came with a preinstall script that executed the infection upon installation.
Before initiating the attack, the script identified the target’s operating system (Windows, Linux, or MacOS) and decoded the relevant encrypted files in the NPM package. Next, it proceeded to download a second-stage malware using Microsoft Azure’s CDN subdomain that incorporated the name of the targeted bank. To avoid detection and bypass traditional deny list methods, Azure was utilized.
Havoc, an advanced post-exploitation command and control framework was used by the attacker in the second stage as it’s known to easily bypass security tools, like Windows Defender. ‘’Havoc’s ability [..] makes it a go-to option for threat actors, replacing legitimate toolkits such as Cobalt Strike, Sliver, and Brute Ratel.’’
Checkmarx also noted that the contributor behind the malicious packages was linked to a LinkedIn page of an individual impersonating as an employee of the targeted bank.
In another unrelated attack (February 2023) a different bank was targeted where the attackers uploaded a package to NPM registry which deployed a cleverly crafted code that latched ‘’onto a specific login form element, stealthily intercepting login data and then transmitting it to a remote location.’’ The primary target of this attack was discovered to be the target bank’s mobile login page.
The researchers stated that once they notified the concerned institutions of the open-source malwares, immediate actions ensued to remove the malicious packages. However, they expect such attacks against the banking sector’s software supply chain to continue.
They further argued that the current ‘’vulnerability scanning at the build level’’ is no longer effective and it is essential that organizations ‘’adopt a proactive, integrated security architecture, incorporating protective measures at every stage of the SDLC.’’
