At a glance.
- Update on the HSE attack.
- Accellion breach continues to take a toll.
- French visa site compromised.
- Howard University cancels classes after detecting a ransomware attack.
HSE attack: Repercussions linger while Garda goes on the offensive.
Almost four months after the massive Conti ransomware attack on Ireland’s Health Service Executive (HSE) that forced the healthcare system to postpone procedures and temporarily revert to pen-and-paper, Irish hospitals are still struggling to return to normal. BBC News reports that although 95% of HSE’s servers have been restored, staff are still unable to access their email accounts, and radiology departments, heavily dependent on computers for operation, are still experiencing delays. Dr Peter Kavanagh of Connolly Hospital in Dublin explains, “There was the effect of Covid on radiology service provision, in addition to the cyber attack which made many of the issues worse.”
Meanwhile, the Garda National Cyber Crime Bureau has just released details about a crime prevention operation that has resulted in the successful takeover of Conti’s infrastructure, the Irish Times reports. By seizing Conti’s domains and servers, the Garda operation prevents targeted machines from connecting to the attackers’ systems and a warning message will alert potential victims they’re at risk of attack. By educating international bodies about Conti’s infrastructure, the Garda could even aid in the “decontamination” of systems compromised by past attacks.
Accellion breach claims yet another casualty.
Beaumont Health, a hospital system located in the US state of Michigan, released a statement Friday explaining that law firm Goodwin Procter LL, which serves Beaumont, was impacted in this year’s far-reaching breach of Accellion's File Transfer Appliance product. As a result, the personal and protected health data of fifteen hundred patients were potentially exposed. Beaumont told SearchSecurity that although Goodwin discovered the attack in February, “It took until June to complete the forensic analysis and provide Beaumont with a list of patient names and the type of data that was impacted.”
France visa site breached.
France’s Ministry of Foreign Affairs and Ministry of the Interior have announced that the France-Visas website (jointly managed by both ministries) suffered a cyberattack. The government site processes the applications of individuals seeking travel visas in order to visit or emigrate to the country. Accordingly, the exposed data include email addresses, full names, dates of birth, nationalities, and passport numbers, but the ministries indicate that the compromised data would not be enough for thieves to impersonate the victims to gain access to government services. Nonetheless, experts warn against underestimating the data’s value to cybercriminals. David Sygula of CybelAngel told The Daily Swig: “Such data is highly valuable like any PII for malicious purposes...The data in question can be used for impersonation to carry out several types of fraud, such as opening a bank account or other malicious activities related to immigration (think human trafficking).” The ministries immediately secured the site, and the Commission nationale de l'informatique et des libertés, France’s data protection regulator, has been notified. A judicial investigation into the incident could reveal further details.
Ransomware incident leads Howard University to cancel classes.
Howard University in Washington, DC, has cancelled classes for today after detecting what appears to be a ransomware attack Friday. The university advised, "We are currently working with leading external forensic experts and law enforcement to fully investigate the incident and the impact. To date, there has been no evidence of personal information being accessed or exfiltrated; however, our investigation remains ongoing, and we continue to work toward clarifying the facts surrounding what happened and what information has been accessed."
Tim Erlin, VP of Strategy at Tripwire, sent comments on the incident:
“Taking systems offline doesn’t always mean that those specific systems have been affected by ransomware. It may be a bit of a blunt instrument, but turning systems off can prevent ransomware from spreading further.
"It’s easy to view the increase in ransomware headlines as a material change in the cybersecurity landscape, but it’s important to remember that ransomware has to announce itself to be successful. Other types of attacks that may use the same methods to infiltrate an organization don’t ask for a ransom, and can stay hidden while they accomplish their objectives.
"Universities are tough environments to secure. Their populations vary greatly over the course of a year. They accept all kinds of devices into their networks, both from staff and students. And they change out their users at a high rate as students graduate and matriculate. Not many other IT organizations have to deal with all of these factors.”