Tag Archive for: enables

Systems hack enables data theft, access for 8.9M MCNA Dental patients


The health information tied to 8.9 million patients enrolled in Florida Healthy Kids Corporation (FHKC) and the Florida Agency for Health Care Administration’s Medicaid insurance programs was stolen after a systems hack on MCNA, their dental benefits and services provider.

MCNA Dental works with state Medicaid agencies, Children’s Health Insurance Programs, private entities, and other insurance plans. The notice only refers to FHKC and Florida’s HCA.

With nearly 9 million impacted, the incident is now the largest healthcare data breach reported by a single entity so far this year, followed by Pharmerica (5.2 million patients), Regal Medical Group (3.3 million), Cerebral (3.18 million), and NationsBenefits (3.04 million).

Discovered on March 6, a threat actor gained access to the MCNA system to both access and exfiltrate copies of data stored in the network for several weeks between Feb. 26 and March 7. The investigation also found certain systems were “infected with malicious code.”

The stolen data varied by individual included full names, contact details, dates of birth, email addresses, Social Security numbers, driver’s license numbers or other government-issued ID numbers, health insurance plan data, conditions, diagnoses, treatments, and insurance claims. The data was tied to children and their guardians.

Upon discovery, MCNA contacted law enforcement and has been cooperating with their investigation. The benefits manager has since bolstered its systems security.

For FHKC, this is the second vendor-related breach affecting its patients in the last two years. Reported in early 2021, its vendor, Jelly Beans Communications Design, failed to patch multiple website vulnerabilities and enabled a threat actor to access and tamper with patient data for more than seven years. The incident was one of the largest healthcare data breaches in 2021.

Idaho Falls Community Hospital diverting patients after cyberattack

Mountain View Hospital, Idaho Falls Community Hospital, and its partner clinics are working to recover from an ongoing cyberattack in electronic health record downtime procedures, diverting ambulances and canceling some appointments to ensure patient safety.

Medford Radiology…

Source…

IoT Hack Enables Cybercriminals to Steal Cars


In a new fashion for stealing cars, automotive security experts have discovered that cybercriminals can hack into a vehicle’s control system through the headlight. The control system is managed by the controller area network (CAN) bus, an Internet of Things (IoT) protocol that allows devices and microcontrollers to communicate with each other within the car.

By manipulating the electronic control unit (ECU) in a Toyota RAV4’s headlight, attackers could access the CAN bus and gain control of the car. This approach, as described in a blog post by Canis Automotive Labs CTO Ken Tindell, is a unique way of car hacking that had not been seen before. Once connected through the headlight, the attackers could gain access to the CAN bus, responsible for functions like the parking brakes, headlights, and smart key, and then into the powertrain panel where the engine control is located.

Even though car hacking is not a new issue, this method of attack highlights the vulnerability of IoT protocols like the CAN bus and the need for improved security measures in automotive systems.

Diagram showing how ECUs in a RAV4 are wired together with CAN bus

Connecting ECUs in a RAV4 using CAN Bus Wiring (via Canis CTO blog)

Tindell cautions that this form of CAN injection will compel manufacturers to reconsider the security of their vehicle control networks. “As a car engineer, your focus is on addressing a variety of challenges such as minimizing wiring, enhancing reliability, and reducing costs. Cybersecurity may not always be at the forefront of your mind.”

A Case of Stolen Toyota RAV4 in London

Ian Tabor, an automotive security consultant, woke up to discover that his parked Toyota RAV4 had been tampered with in London. The car’s front bumper and left headlight had been disturbed, and the same areas were later found to be tampered with again.

Unfortunately, he didn’t…

Source…

Axis Bank enables secure digital transformation with Microsoft solutions



Read Article


The internet has evolved rapidly over the last decade, which has resulted in a significant change in the way organizations function today. Rajesh Thapar, the Chief Information Security Officer (CISO) at Axis Bank, attributes an organization’s success to its ability to enable digital transformation through innovation. AndAxis Bank has relied on Microsofttoachieve secure digital transformation.

Axis Bank is the third largest private sector bank in India, servicing large and mid-size companies, besides regular customers. With a market cap of USD 33.07 billion, the bank has over eight international centres beside India, making it essential to protect and safeguard sensitive financial data.

Ten years ago, a typical cyber agenda was only to protect the perimeter. Now, detection and response have become more crucial because breaches can happen any time and perimeters have disappeared. This has led to a dramatic change in the threat landscape.

“Earlier, security professionals largely knew the threats they were facing, which guided an organization’s security strategy. But with digital transformation journeys involving entities across the boundaries of enterprise, newer threats keep evolving. Now organizations deal with potential attack vectors all the time and one of the key objectives to protect is by minimising the risk ‘unknown unknowns,” says Thapar.

Banks align with the National Institute of Standards and Technology (NIST) cybersecurity framework. The first pillar of this framework is getting acquainted with your infrastructure and identifying risks and recognizing the regulatory mandates within which an organization must function.After identification, organizations must work to eliminate these risks with finite budgets, resources, and time. Strategizing and prioritizing become very important at this stage.

“At Axis Bank, we decided to implement different frameworks to counter threats. We used a mix of administrative, processes, and tools-based controls to safeguard our IT infrastructure,” says Thapar.

One of the oldest threat actors, which still exists, is malware. Second would be DDOS attacks, not just in the banking sector, but across every…

Source…