At a glance.
- Compromise at a US orthopaedic center.
- Pegasus update.
US orthopaedic center hit with email hack.
In yet another medical cyberattack, GovInfoSecurity reports that Southern Orthopaedic Associates, a musculoskeletal healthcare clinic in the state of Kentucky, suffered a breach that exposed the data of nearly 107,000 individuals. An intruder gained access to an employee email account, then impersonated that employee to infiltrate several other accounts. The compromised messages contained patient names, Social Security numbers, and other private medical data, and impacted the clinic’s associate Orthopaedic Institute of Western Kentucky (OIWK), though it’s unclear exactly which messages the attacker accessed. An OIWK spokesperson stated, "By our investigation, there is no evidence data or files were taken by the unauthorized actor. As soon as the suspicious activity was discovered, OIWK took immediate action and isolated the impacted email accounts."
The latest on the Pegasus spyware scandal.
Ars Technica offers a detailed account of how NSO’s controversial Pegasus spyware landed in the hands of Ugandan President Yoweri Museveni’s security team, a transaction that resulted in the attempted hacking of the phones of eleven American diplomats and employees of the US embassy in Uganda and landed NSO on the US’s blacklist. It's unclear who installed the surveillance tool, whether it was Uganda's government or some unidentified third-party. Though the Pegasus Project earlier this year exposed that the surveillance software had been used to hack the devices of activists, journalists, and other individuals across the globe, NSO insisted that US phones could not be infiltrated. The eleven victims were using Ugandan phone numbers, but their Apple logins used their State Department emails. Though it’s unclear exactly who hacked the phones, NSO says it has ceased business with “customers relevant to this case,” and one source claims the company is no longer working with any African clients.
The US blacklisted NSO shortly thereafter, and although officials deny the incident was the catalyst, the move is a potential deathblow for a company dependent on equipment from Dell, Intel, Cisco, and Windows. Between the blacklist and Apple’s lawsuit against the company, a former Israeli tech group senior executive stated, “There is a sense that this is a full-on war against the entire industry.” Indeed, as GovInfoSecurity explains, the recent discovery of the spyware on the phones of two Polish legal figures and the wife of assassinated journalist Jamal Khashoggi has only made matters worse. “I think we've discovered pretty quickly that this [surveillance] world is really out of control,” Washington Post journalist Dana Priest, a major contributor to the broader investigation of NSO, stated in an interview.