Category: HIPAA News

The Emotet Trojan is being passed on in a recent campaign using bogus Microsoft Word upgrade notices as bait to make end users install the malware. Emotet is the most commonly spread malware now being used. When a user’s device is attacked with malware, it is incorporated into a botnet that is utilized to infect other systems. Emotet is a malware downloader as well and is employed to install data stealers, for example, QBot and TrickBot malware, which are utilized to send ransomware variants for instance ProLock, Conti and Ryuk.

The messages seem to be Microsoft Office announcements that say to the user that they have to upgrade Microsoft Word to add more new capabilities. The messages include a Microsoft Word file attachment and the end-user is told to Enable Editing and Content. This will introduce a malicious macro that will prompt downloading of Emotet onto the user’s system.

End users ought to be cautious and steer clear of clicking on hyperlinks or opening file attachments in unsolicited messages. Emotet hijacks the enduser’s email account to deliver more phishing messages, even to people contained in an individual’s contact list.

Microsoft Teams Phishing Scam Targets Office 365 Users

Researchers from Abnormal Security discovered a new Office 365 phishing campaign which spoofs Microsoft Teams to deceive users into viewing a malicious site displaying a phishing form that collects Office 365 login credentials.

A lot of companies have used Microsoft Teams to make it possible for remote personnel to have contact with the company. In medical care the program is being employed to offer telehealth services to lower the volume of patients traveling to healthcare facilities to manage the propagation of COVID-19.

Microsoft documented for the quarter closing June 30, 2020 that over 150 million learners and educators are right now utilizing Microsoft Teams. More than 1,800 varied establishments have above 10,000 Teams users, and 69 agencies have around 100,000 Teams users. The medical care sector likewise has an expanding Microsoft Teams user, having 46 million Teams events currently being performed for telehealth needs. The growing usage is caused by the pandemic, which offers an opportunity for cyber attackers.

As per statistics from Abnormal Security, the most current campaign involved the phony Microsoft Teams emails mailed to approximately 50,000 Office 365 users thus far. The messages seem like they were mailed from a user having the screen name “There’s new activity in Teams,” hence the messages look like programmed notices from Teams.

The messages notify users to login to Teams as the group is trying to have a conversation. The email messages have a link to click to access Teams that shows text message – “Reply in Teams.” The communications consist of an authentic looking footer having the Microsoft symbol and choices to set up Microsoft Teams on iOS and Android.

The hyperlinks in the e-mail route the user to a Microsoft login page that is a duplicate of the official access prompt, apart from the domain where the page is located. That domain uses “microsftteams” to make it seem like legitimate.

The campaign is just one of the several other campaigns directed at Office 365 credentials. There are numerous campaigns directed at video conferencing systems as they grow in usage during the COVID crisis.

Silent Librarian, also called Cobalt Dickens and TA407, based in Iran has initiated again spear phishing attacks on colleges in the US and across the world. Since 2013, the hacking group has been doing attacks to get access to login credentials and swipe intellectual property and research files. Stolen credentials and data are afterwards marketed using the hacking group’s sites.

The U.S. Department of Justice charged 9 Iranians connected with the attacks in 2018, although the charges did not affect the campaigns which have kept going. Those people have yet to answer for their crimes.

The spear phishing campaigns generally restarted in September to correspond with the start of the new academic year. The hackers have made numerous phishing sites that they use in the campaigns. Even if several of these sites are shutdown, plenty of numbers are utilized to make sure the campaigns can go on. This year, the hacking group is employing webweb pages hosted in Iran, which may impede efforts to take down the sites as a result of too little cooperation among Iran, the United States and Europe.

Spear phishing emails are extremely targeted and are delivered to quite few persons at specific company. The emails usually spoof university libraries and persuade individuals to click hyperlinks and get access to the university’s web pages.

The domains utilized in the campaign closely mimic the official websites made by the universities. As an example, attacks on Western University Canada utilize login.proxy1.lib.uwo.ca.sftt.cf rather than login.proxy1.lib.uwo.ca and Stony Brook University users are brought to the domain blackboard.stonybrook.ernn.me in place of blackboard.stonybrook.edu.

The threat group makes use of URL shortening services to create links to the phishing sites to disguise the true destination site. Malwarebytes, which found the newest campaign, stated that Silent Librarian is utilizing Cloudflare this year for many of their phishing hostnames to disguise the actual origin of the webweb pages, which are largely hosted in Iran.

The landing web pages on the phishing pages are digital carbon copies of those employed by the educational institutions being targeted, and so if a user gets on one of those websites and isn’t able to distinguish the wrong URL, there is a big probability that the group would be able to capture the login credentials entered.

This year’s campaign can be a lot more efficient. Lots of students and personnel are remote because of COVID-19, which may probably be exploited to steal a lot much more credentials and information.

The hacking group is confirmed to have done attacks on no less than 40 establishments and in excess of 140 educational organizations since 2013 and was determined to have ripped off greater than 30 TB of data files between 2013 and 2017. Malwarebytes mentioned that around a dozen universities were targeted in the most recent campaign, however, says merely a tiny sample of the email messages were intercepted and the phishing campaign could become much more extensive.

Community Health Systems based in Franklin, TN and its subsidiary CHSPCS LLC agreed to resolve a multiple-state action with 28 state attorneys general by paying $5 million.

An investigation headed by Attorney General Herbert H. Slatery III of Tennessee began subsequent to a protected health information (PHI) breach involving 6.1 million persons in 2014. During that time, Community Health Systems had leased, or run 206 affiliated hospitals. As per a 2014 8-K filing with the U.S. Securities and Exchange Commission, a Chinese advanced persistent threat group attacked the health system and installed malware on its computer networks to steal data files. The attackers stole PHI including names, addresses, phone numbers, dates of birth, gender, ethnicity, Social Security numbers, and emergency contact details.

The HHS’ Office for Civil Rights investigated the same breach and declared late September that it has arrived at a resolution with CHSPCS regarding the breach. A $2.3 million penalty was spent to resolve potential HIPAA violations found in the breach investigation. Aside from the financial fine, CHSPCS accepted to take up a tough corrective action plan to deal with privacy and security issues identified by OCR’s investigators.

Breach victims took legal action against CHS because of the theft of their PHI and CHS resolved the class action lawsuit last 2019 for $3.1 million. The most recent settlement suggests CHS and its affiliates have paid out $10.4 million for breach settlements.

The investigators found that CHS and its affiliates did not set good and suitable security measures to secure that the confidentiality, availability and integrity of PHI on its systems. The provisions of this settlement will help guarantee that patient records are safeguarded from invalid use or disclosure.

The states taking part in the action were Arkansas, Alaska, Florida, Connecticut, Indiana, Illinois, Iowa, Kentucky, Louisiana, Michigan, Massachusetts, Mississippi, Missouri, Nevada, New Jersey, Nebraska, North Carolina, Oregon, Ohio, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, West Virginia and Washington.

Along with paying out the financial charges, CHS and its affiliates have agreed to undertake a corrective action plan and carry out more security options to reinforce the security of its systems. The procedures comprise of establishing a written incident response strategy, requiring security awareness and privacy training to all staff given access to PHI, reducing unneeded or unacceptable access to systems storing PHI, enforcing policies and measures for its business associates, and doing regular audits of all business associates.

CHS need to furthermore carry out an once-a-year risk assessment, employ and maintain a risk-based penetration testing process, utilize and maintain intrusion detection solutions, data loss protection programs, and email filtering and anti-phishing tools. All system activity should be logged, and those records have to be routinely checked for suspicious activity.

A spokesperson for CHS said that the health system is delighted to have settled this six-year-old problem. The company had implemented tougher risk controls and worked directly with the FBI and continually with its advice after learning about the attack.

The Rave 2020 Summit will be held on October 19-21, 2020. There will be interesting keynote speeches, networking opportunities, product training, best practice sessions, and more.

Rave Mobile Safety has decided to hold a virtual Rave 2020 Summit this fall to keep participants, exhibitors, and staff safe. For the very first time, the Summit is virtual, nevertheless. it will still offer all the components of a live conference, although in an online setting.

For VIP ticket holders, the Rave 2020 Summit begins on Monday October 19, 2020. There will be product training sessions intended for Rave Alert Admins and addresses best practices and recommendations, Rave Alert basic training and Rave Panic Button management.

There will be keynote presentations, sessions on best practices, roundtable and panel discussions, and more instructional sessions on the second and third days of the summit. All attendees can join on October 20, 2020 (second day), while only Rave customers can join on October 21, 2020 (third day).

All through the event, attendees will get the chance to have one-on-one talks with a Rave product expert in the Guru Lounge and can ask questions and get advice on crucial safety issues.

The Schedule of the Summit for Healthcare Professionals on the second day, October 20, 2020 will include:

11:30 am – 12 pm: Clint Emerson Keynote presentation: Clint Emerson is a best-selling author, a retired Navy SEAL and a crisis management expert. He will give you the necessary skills to get prepared for a bad situation in the world.

12-12:10 pm: Networking Break: Find out who’s joining the Rave Summit, get in touch and talk with other people in the business and healthcare industry.

12:10-12:40 pm: Session on Communication Challenges: Find out what’s wrong with communication. If a person doesn’t receive the message, there are essentially 20 crucial failure modes. The topics to be discussed in this session include the Sender-Medium-Receiver Model of communication, the fundamental reasons for communication failures, and the three types of information that are required for successful communication.

12:40-1:10 pm: Roundtable Session: Discussion on the Lessons Learned & Best Practices During the COVID-19 Pandemic for people in businesses and healthcare.

1:30-2 pm (Choose One of the Two Sessions):

1. Oh No! Not Another Emergency Notification System

In January 2018, Wake Forest University encountered its first homicide because of a shooting at a party organized by non-Wake Forest affiliates. There was fast action by the University Police Communication Center to give an alert utilizing their emergency notification system, however things didn’t go as intended. Find out from Wake Forest University Police Department’s communication center supervisor as she explains what went wrong, the changes the university has implemented, and how her team got on board the setup of Rave Alert.

2. Panel Discussion: Effective Constituent Communication

2020 has reconfirmed the value of prompt and efficient communications between constituent, stakeholder and employee. Besides having the first pandemic in more than 100 years, the U.S. is struggling with several other crucial events such as extreme weather and civil unrest. Learn from panelists as they talk about their various experiences and techniques to ensure the safety of their communities and keeping them informed.

2-2:45 pm: Panel discussion: The Next Phase of COVID-19 Response and Beyond

Panelists in this session will talk about the concerns associated with emergency response and crucial communication and collaboration in this time COVID-19, the improvements organizations have done by now, and how to make use of the lessons learned since March 2020 to get ready for the next stage or crisis.

How to Participate in the Summit

Get your general admission tickets for free and you can join the best practice sessions, keynote speaker presentations on October 20, 2020 and panel discussions.

Existing Rave users can get a general admissions ticket for free and can join the best practice sessions and keynote speaker presentations from October 20 to October 21, 2020.

Those who get VIP tickets can access the product training sessions on October 19, 2020, the best practice sessions and keynote speaker presentations on the other two days, and the Guru Lounge sessions. VIP Tickets cost $99 per person.

Register for the Rave 2020 Summit now until October 16, 2020, and 12pm ET.

People have taken legal action because of the impact of the recent data breaches that happened at Blackbaud and BJC Healthcare resulting in the disclosure and theft of their private data and protected health information (PHI).

A Number of Lawsuits Filed in Relation to the Blackbaud Ransomware Attack

The Blackbaud data breach is one of the major breaches of healthcare data reported. How many healthcare entities impacted is uncertain at this time since each affected entity is filing breach reports independently. As the end date for reporting comes, the scope of the breach is growing to be clearer. At the moment, no less than 5 million people are verified to have been affected and about 60 healthcare providers have verified being impacted by the data breach.

With usual ransomware attacks, the attackers exfiltrate information prior to deploying the ransomware. Blackbaud paid the ransom to acquire the keys for data decryption and to make certain that all stolen records were forever deleted. Blackbaud has obtained guarantees of the deleted stolen data, nevertheless due to the breach, persons whose information was stolen still had to take action to safeguard their identities and many have borne out-of-pocket costs resulting from the breach.

At this time, approximately 10 lawsuits were filed versus Blackbaud and want class action status. The lawsuits allege invasion of privacy, breach of contract, and violations of several state rules.

Blackbaud might have acquired assurances that stolen data were erased, nonetheless the hackers might still have made a copy of the data. In accordance with one lawsuit submitted in California federal court, Blackbaud could not reasonably state that the attackers destroyed the subset copy merely because it settled the ransom and the data thieves said the copy was erased. Blackbaud replied to the allegations in the legal cases that they are with no merit.

BJC Healthcare Confronted With Class Action Lawsuit Due to Phishing Attack

A lawsuit was been filed in the St. Louis Circuit Court becasue of a phishing attack on BJC Healthcare in March 2020. The breach potentially exposed the personal data and PHI of 287,876 people and impacted 19 hospitals connected with BJC Healthcare.

The attackers accessed the email accounts of tree employees who responded to the phishing emails and divulged their credentials. BJC Healthcare states that the breach was identified on the same day. However, it could not ascertain if the attackers accessed or stole any information in the email accounts.

Attorney Jack Garvey filed a lawsuit on behalf of BJC patient Brian Lee Bauer alleging that BJC negligent in protecting patient privacy. The legal action claims the health system was unable to employ and adhere to basic security processes so that hackers were able to access the PHI of its patients. The lawsuit claims BJC was unable to encrypt – or didn’t adequately encrypt – patient information and that it was unable to satisfy its data security responsibilities as per the HIPAA and the HITECH Act.

According to the lawsuit, breach victims are confronted with a greater risk of identity theft and fraud and could be in danger of suffering a few or additional direct setbacks. Because of the breach, patients have sustained substantial out-of-pocket expenses associated with the prevention, identification, restoration, and mitigation from identity theft and fraudulence. The breach also placed a considerable emotional and physical impact on the affected persons.

On September 14, 2020, the U.S. Department of Veteran Affairs made an announcement that it experienced a data breach that affected 46,000 veterans. A number of Senate Democrats now want answers from the VA regarding the breach and the cybersecurity procedures the VA has set up to avoid data breaches.

Hackers acquired access to a program that the VA’s Financial Services Center uses to transmit payments to community healthcare providers for the medical care of veterans. They rerouted six payments that were meant for community care providers to bank accounts under their control. The data of veterans stored in the system was also compromised and likely stolen.

Upon discovery of the breach, the VA’s Office of Information and Technology took the program offline and it won’t be available until a review is completed. VA offered the affected veterans free credit monitoring services and is presently taking care of the payments for the community care providers.

The VA Office of Information and Technology officials explained to the Senate and the House veterans’ affairs committees that the breach affected roughly 17,000 community care providers. The VA further explained that even though 17,000 community care providers are using the program, there were only 13 affected.

In a letter addressed to VA Secretary Robert Wilkie, Sens Patty Murray, John Tester, Sherrod Brown, Mazie K. Hirono, Richard Blumenthal, Joe Manchin III, Margaret Wood Hassan, Kyrsten Sinema, and Jeanne Shaheen depicted “serious concerns” regarding the VA’s ability to secure the data of veterans’ and community care providers and requested the VA to guarantee the capability of the department in protecting personal and financial information.

As per the currently available information, the Senators said that the hackers seem to know the flaws in the process used by the VA to authenticate community health care providers and send payments for their services. This cybersecurity incident raises several concerns not only for this occurrence, but also with the way VA is securing the PII and other vital information in its huge data systems and networks.

The Senators also pointed out that the hackers did not exploit a new vulnerability for VA. Third party reviews performed by the VA OIG and the Government Accountability Office (GAO) identified this long-standing weakness of VA in the past 10 years.

The Senators’ resource included two GAO reports from June and July 2019, which specifically gave VA several recommendations on cybersecurity, data protection and risk management. The VA is being required to give a report on the VA ’s efforts in implementing those recommendations.

The VA is being required to present a breakdown of all affected community care providers per state and to give details on what they are doing to guarantee the security of the personal and financial data of community care providers and veterans. The Senators would like to know who learned about the breach. Was it the VA or the VA Office of Inspector General? They also want details about the systems, which the VA Financial Services Center uses.

The Senators likewise brought up concern that the VA is in a reactive position awaiting for cybersecurity vulnerabilities to occur and would like to know what proactive checks were done to determine vulnerabilities, the regularity of those checks, and what measures the VA will consider to make sure increased monitoring of business regulations and IT and cybersecurity steps to make sure to identify vulnerabilities and addressed them before any exploitation.

Senators expressed their view about the unacceptability of this recent data breach. It shows that VA has not done enough to make sure of the proper monitoring, accountability, and protection of the financial, medical, and other personal information it records and processes to deliver essential services for the veterans of America. It is crucial for the VA to take extreme and definitive actions to deal with this present incident and develop a tactic to prevent the same problems in the future.

7,777 Starling Physicians Patients Affected by Email Breach

Starling Physicians in Rocky Hill, CT began sending notifications to 7,777 patients concerning an unauthorized individual who potentially got access to some of their protected health information (PHI) saved in email accounts.

Starling Physicians discovered a breach of its email environment on or about July 7, 2020. A thorough analysis was performed to figure out the magnitude of the breach and if there was access of any patient information. Although there is no evidence uncovered that PHI was viewed, unauthorized information access can’t be eliminated.

An analysis of the email messages and attachments showed that they contained names together with a number of these data elements: patient account numbers, medical record numbers, birth dates, diagnostic data, healthcare company data, prescription details, and treatment details. The address, Medicaid/Medicare ID number and/or Social Security number of some affected people were likewise compromised.

Starling Physicians is fortifying its cybersecurity measures to avoid identical data security incidents later on.

PHI of 2,979 Advocate Aurora Health Patients Exposed

Advocate Aurora Health found out that paper documents and some hard copy records were exposed at the Aurora Medical Center – Bay Area in Wisconsin when the facility is being prepared for sale and unauthorized persons may have accessed records.

An analysis of the files showed that they comprised the personal information and PHI of 2,979 patients. The center was not utilized as a hospital since August 2018. However, the building was used for limited public functions after that date, and the information may have been breached during those occasions.

The exposed records included patients’ first and/or last names, birth date; telephone number; address; emergency contact details, Social Security number, gender, weight and height, medical record number, dates of service, test or laboratory results, diagnoses, prescription drugs, employer details, and/or medical insurance details.

Advocate Aurora Health already secured the files and notified the affected persons. The affected individuals also received offers for free Experian’s IdentityWorksSM service for 12 months.

Unencrypted Storage Devices Theft at Moffitt Cancer Center

Lee Moffitt Cancer Center and Research Institute based in Tampa is sending notification to 4,056 patients about the theft of two unencrypted storage devices and paperwork that contain PHI.

A briefcase containing the USB devices and paper documents was taken from a doctor’s vehicle on July 2, 2020. An evaluation of the portable devices and documents affirmed that they contained the following limited PHI: patient names, dates of birth, details regarding the services acquired at Moffitt and medical record numbers .

The employees went through additional training on protecting patient data. The policies on the use of USB devices is under evaluation. Moffitt additionally enhanced its auto-encryption processes to make certain that all patient data is safe. Moffitt Cancer Center is not aware of any attempt of patient information misuse.

Missing Hard Drive Stored the PHI of INTEGRIS Baptist Medical Center Patients

INTEGRIS is notifying a number of patients that a portable hard drive containing some of their protected health information was lost during an on-campus office relocation. It was just on October 17, 2020
that INTEGRIS found out that the portable hard drive was gone. A comprehensive search was carried out nevertheless the hard drive couldn’t be found.

A backup copy of the hard drive’s information was located and assessed. It was determined to have information of selected patients who got healthcare services at INTEGRIS Baptist Medical Center Portland Avenue in Oklahoma City, previously called as Deaconess Hospital. The patient data on the hard drive only included patients’ names, some clinical data and Social Security numbers.

INTEGRIS offered the impacted persons free membership of Experian’s IdentityWorksSM Credit 3B service for one-year.

A ransomware attack on Assured Imaging in Tucson, AZ enabled attackers to encrypt its medical record system. Assured Imaging is a Rezolut Medical Imaging subsidiary and provider of Health Screening and Diagnostic Services.

Assured Imaging uncovered the ransomware attack on May 19, 2020 and worked immediately to halt more unauthorized access and regain the encrypted files. With the assistance of an independent computer forensics company, Assured Imaging conducted an investigation of the ransomware attack to ascertain the range of the breach. The investigation uncovered an unauthorized person obtained access to its record systems from May 15, 2020 to May 17, 2020 and exfiltrated limited information before ransomware deployment.

The forensic investigation revealed that data was stolen though it was impossible to ascertain specifically which data the hackers exfiltrated. Assured Imaging carried out a evaluation to determine all types of data that may have been viewed. The compromised system was determined to have full names, dates of birth, addresses, patient IDs, facility visited, treating doctor’s names, medical records, treatment completed, evaluation of the service conducted, and advice on future examination.

Assured Imaging receivend no report of misuse of patient information nevertheless the service provider instructs all affected persons to keep an eye on their financial accounts and credit reports for any hint or fake activity.

Assured Imaging filed an incident notice to police authorities and the Department of Health and Human Services’ Office for Civil Rights. As posted onAs posted on the OCR breach website, the attack impacted about 244,813 people.

6,000 Roper St. Francis Healthcare Patients Impacted by Email Breach

Roper St. Francis Healthcare based in Charleston, SC encountered a data breach that involved one email account. The provider discovered the breach on July 8, 2020, but the inquiry into the breach showed that the email account compromise happened between June 13, 2020 and June 17, 2020.

The forensic investigators established that the email account comprised patients’ names, health record or patient account numbers, birth dates, and limited medical and/or treatment data, which include diagnoses, names of providers, and/or procedure details. The medical insurance data and/or Social Security numbers of selected persons were likewise kept in the email account. The breach affected roughly 6,000 individuals.

Roper St. Francis Healthcare offered free credit monitoring and identity theft protection services to the persons who had their Social Security number exposed. Staff education on email security has been strengthened and email security procedures have been enhanced.

This isn’t Roper St. Francis’s first phishing attack incident reported this 2020. In February, the medicl company reported the exposure of the email accounts of 13 workers because of a phishing attack from November 15 2018 to December 1, 2018. The protected health information (PHI) of 35,253 patients was exposed in the incident.

Impermissible Disclosure of PHI of 10,000 Hamilton Health Center Patients

Hamilton Health Center, Inc. based in Harrisburg, PA has reported the impermissible discolosure of the PHI of 10,393 people because of a phishing attack recently.

Hamilton Health Center discovered on June 19, 2020 the sending of a spreadsheet that contains patient data to an unauthorized person in response to a phishing email. The spreadsheet comprised patients’ full names, birth dates, member IDs, and one or more of these data components: Diagnosis, treatment, physical ailment prescription drugs, dates of lab tests and/or tests, and/or the provider’s name.

Though the preceding information were impermissibly exposed, there is no report received that suggest the misuse of any information. Hamilton Health Center encouraged the affected persons to keep track of their explanation of benefits statements for any indication of data misuse.

TigerConnect announced its acquisition of Adjuvant’s Call Scheduler solution and has integrated it into the TigerConnect’s clinical communication and collaboration (CC&C) platform called TigerSchedule™.

The Call Scheduler solution added advanced on-call physician scheduling functions to the TigerConnect platform, so that users can automate on-call and job assignments, boost efficiency, and reinforce collaboration among healthcare teams. Working closely between clinicians is important in healthcare especially during the COVID-19 pandemic. Improving efficiency and cutting costs are also important considering the revenue restrictions during the pandemic.

TigerSchedule™ is an automated doctor scheduling solution that is available as a part of the TigerConnect Platform or as an independent solution. The Adjuvant-created solution currently has a huge user base in the US since it is being used by many healthcare providers such as care centers Community Hospital of the Monterey Peninsula and Huntsville Memorial Hospital and medical clinics Cardiac Specialists and Baptist Neurology.

The TigerSchedule™ solution provides a number of important benefits to healthcare organizations:

• TigerSchedule™ incorporated new scheduling management functions to the TigerConnect platform.
• The solution makes sure to implement fairness in scheduling, avoid over-assignment to healthcare companies, and give adequate time between shifts to avoid burnout.
• There are automated notifications intelligently sent to the on-call schedule in case of patient cancellations, sickness, and vacations.
• Providers can request their desired location, shift times and preferences for SMS notifications.
• It streamlines the swapping of shifts and reduces the managers’ workload.
• Faster team collaboration and improved resource optimization is possible with just one of view of all personnel
• Rules-based automation and incorporation with EHRs provides better scheduling and flow of work.

Fast and efficient communication with the correct care team member is important when giving quality patient care.  Caregivers face an overwhelming challenge as the pressures of COVID-19 add to the present chaos of paper schedules and unforeseen changes in work shifts. It can be a matter of life and death. 

TigerConnect with TigerSchedule™ enables healthcare systems to simplify patient care delivery, enhance results, and uplift patient experience at the same time improving the bottom line. It specifically helps healthcare organizations to lower costs and achieve patient and care team fulfillment.

With the new partnership, Call Scheduler President Justin Wampach will become part of the TigerConnect team as Vice President of the Scheduling Division. The entire Call Scheduler workforce will also join TigerConnect. President Justin Wampach said that the offerings of Call Scheduler and TigerConnect complemented each other well and together would be quite beneficial to their customers.

There is an ongoing voice phishing (vishing) campaign that targets remote employees from numerous industries. The attackers impersonate a respected entity and employ social engineering strategies to get targets to expose the credentials of their company Virtual Private Network (VPN).

The DHS Cybersecurity and infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint alert regarding the campaign that is ongoing ever since mid-July.

The COVID-19 crisis compelled a lot of employers to let their employees to work from home and link to the company network through VPNs. In case cybercriminals obtain those credentials, they could access the company network.

The threat group initially buys and registers domains to host phishing websites that spoof the internal VPN login page of a company and get SSL certificates for the domains so that they look genuine. A number of naming schemes for making domains look legitimate include [company]-support, employee-[company] and support-[company].

The threat actors then collects information regarding the company workforce by scraping profiles on social media and compiling dossiers on particular employees. They collect personal information such as an employee’s name, personal telephone number, address, work position, and length of time working at the firm. They use the information to earn the confidence of the targeted staff.

After that, employees are contacted using a voice-over-IP (VOIP) number. At first, the VOIP number was unknown, but afterward the attackers begin spoofing the number so that it looks like the call was made by a company office or a different company staff. Employees are then told they are going to get a link that should be clicked to sign in to a new VPN system. They are likewise informed to take action on 2-factor authentication and/or one-time password messages they receive in their mobile phone.

The attackers get the login details as it is inputed into their fake website and employ it to sign in to the company’s real VPN page. They then record and utilize the one-time password and/or 2FA code as soon as the staff responds to the SMS.

The attackers likewise employ SIM-swap to circumvent the 2FA/OTP step by using the data obtained about the worker to enable the mobile phone service provider to port their mobile phone number to the SIM of the attacker. This makes certain the attackers directly get any 2FA code sent. The threat actors utilize the credentials to get access to the corporate network to steal information that can be used in other vhishing attacks. The FBI/CISA mentioned that the goal of the attack is to generate income from the VPN access.

The FBI/CISA advise companies to limit the manage devices provided with VPN connections by performing checks on the hardware or installed certificates, to minimize the hours to use VPNs for accessing the company network, to employ domain monitoring tools to keep track of web apps used for anomalous activities and unauthorized access.

An official authentication process must likewise be set up for employee-to-employee conversations through the public phone network that necessitates a second factor to authenticate the telephone call before disclosing any sensitive data.

Companies must also keep tabs on authorized user access to determine anomalous activities. Employees must be informed about this scam and directed to submit a report to the security team in case of receiving suspicious calls.