Information Technology Security

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most downloads at 1,351. "The package names pycryptoenv and pycryptoconf are similar to pycrypto, which is a Python package used for encryption algorithms in Python," JPCERT/CC researcher Shusei Tomonaga said. "Therefore, the attacker probably prepared the malware-containing malicious packages to target users' typos in installing Python packages." The disclosure comes days after Phylum uncovered several rogue packages on the npm registry that have been used to single out software developers as part of a campaign codenamed Contagious Interview. An interesting commonality between the two sets of attack...

By Sergiu Gatlan,  Bleeping Computer The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum , a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform . Change Healthcare is the largest payment exchange platform used by more than 70,000 pharmacies across the United States. UHG is the world's largest healthcare company by revenue, employing 440,000 people worldwide and working with over 1.6 million physicians and care professionals in 8,000 hospitals and other care facilities. In a statement published on their dark web leak site today, BlackCat said that they allegedly stole 6TB of data from Change Healthcare's network belonging to "thousands of healthcare providers, insurance providers, pharmacies, etc." "Being inside a production network one can imagine the amount of critical and sensitive data that can be found. The data relates to all Change Health clients tha...

By Bill Toulas,  Bleeping Computer The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month. Lurie is a leading pediatric acute care institution in the U.S. that provides care to over 200,000 children annually. The cyberattack forced the healthcare provider to take its IT systems offline and postpone medical care in some cases. Email, phone, access to MyChart, and on-premises internet were all impacted. Ultrasound and CT scan results were rendered unavailable, patient service prioritization systems were taken down, and doctors were forced to switch to pen and paper for prescriptions. Today, the Rhysida ransomware gang has listed Lurie Children's on its extortion portal on the dark web, claiming to have stolen 600 GB of data from the hospital. Rhysida ransomware now offers to sell the stolen data for 60 BTC ($3,700,000) to a single buyer. The deadline was set to seven days, after which the data will either be sol...

By Lawrence Abrams,  Bleeping Computer The Company had $262.2 billion in revenue for fiscal year 2023 and employs approximately 46,000 people. In a Form 8-K filing with the SEC, Cencora disclosed they suffered a cyberattack that led to data theft. "On February 21, 2024, Cencora, Inc. (the "Company"), learned that data from its information systems had been exfiltrated, some of which may contain personal information," reads the SEC filing. Cencora says they contained the incident and are now working with law enforcement, external cybersecurity experts, and external counsel to investigate it. Upon initial detection of the unauthorized activity, the company immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts, and external counsel. Cencora says they have not determined if the incident will materially impact their finances or operations. Cencora confirmed that their cyberattack is unrelated to the...

By Sergiu Gatlan,  Bleeping Computer Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. "ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector," the joint advisory cautions. Today's warning follows an April 2022 FBI flash alert and another advisory issued in December 2023 detailing the BlackCat cybercrime gang's activity since it surfaced in November 2021 as a suspected rebrand of the DarkSide and BlackMatter ransomware groups. The FBI linked BlackCat to over 60 breaches during its first four months of activity (between November 2021 and March 2022) and said the gang has raked in at least $300 million in ransoms from over 1,000 victims until September 2023. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the three federal agencies warned in today...

By Zack Whittaker,  Tech Crunch An ongoing cyberattack at U.S. health tech giant Change Healthcare that sparked outages and disruption to hospitals and pharmacies across the U.S. for the past week was caused by ransomware. A healthcare executive with knowledge of the incident, who was on the call briefed by the company’s executives, said the healthcare tech giant attributed the cyberattack to the BlackCat ransomware group . Reuters first reported the news linking the cyberattack to BlackCat, citing two people familiar with the incident. A spokesperson for Change Healthcare did not immediately respond to a request for comment. BlackCat, also often referred to as ALPHV , has not yet publicly claimed responsibility for the cyberattack. Ransomware and extortion gangs typically publish portions of a victim’s stolen data to extort a ransom demand. Ransomware attacks typically scramble a victim’s files and demand a ransom to receive the decryption key. Newer cyberattacks often invol...

By Bill Toulas,  Bleeping Computer Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by “nation-state” hackers on the Change Healthcare platform. United Health Group (UHG) is a health insurance company with a presence across all 50 US states. The organization is the world's largest healthcare company by revenue ($324.2 billion in 2022), employing 440,000 people worldwide. Its subsidiary, Optum Solutions, operates the Change Healthcare platform, which is the largest payment exchange platform between doctors, pharmacies, healthcare providers, and patients in the US healthcare system. Optum suffers massive cyberattack Change Healthcare first started warning customers Wednesday that some of its services had become unavailable, later stating a cybersecurity incident caused it. An 8-K filing submitted by UnitedHealth Group with the SEC yesterday confirmed that a cyberattack by suspected ...

Emergency impacting more than 100 facilities appears to be caused by incident at software provider By Connor Jones,  The Register The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider. It said an unnamed service provider reported an issue prior to the flood of hospitals alerting the agency to the attacks. The service provider operates the Hipocrate Information System (HIS) – a multipurpose healthcare management platform used by hospitals across the country. All hospitals caught up in the ransomware scourge are thought to have been breached via the HIS. Per legal reporting obligations in Romania, service providers must inform the DNSC and national CSIRT of incidents that significantly impact the continuity of essential services. "We are exactly in the scenario of the Backmydata/Phobos ransomware incident that affected dozens of hospitals in Romania," the DNSC said t...

By France Bleu Nord, Radio France The pirates demand a ransom. This is the first time that the Armentières hospital has been the victim of such an attack. The Armentières hospital center was the victim of a cyberattack during the night from Saturday to Sunday at 2 a.m., France Bleu Nord learned on Sunday February 11 from the hospital management. The pirates demand a ransom from the hospital. The emergency department is closed for the next 24 hours, patients are being redirected to other hospitals. “The printers turned on started printing a message, indicating that our data was encrypted and that we should contact them”tells franceinfo Samy Bayod, deputy director of the Armentières CH. “We immediately disconnected the entire hospital network, we have been isolated since 3 a.m.,” he specifies.

By Alexander Martin, TheRecord.Media Data on more than 33 million people in France, approximately half the population, was compromised in a cyberattack at the end of January, according to the country’s privacy watchdog. The Commission Nationale Informatique et Libertés (CNIL) announced this week it had been informed by two health insurance companies, Viamedis and Almerys, about the incident. It warned that the data affects policyholders and their families and includes “marital status, date of birth and social security number, the name of the health insurer as well as the guarantees of the contract taken out.” Fortunately, unlike the incident affecting Australian health insurance business Medibank , medical histories and treatment data was not compromised. The CNIL said that the health insurance companies were directly responsible for informing the affected individuals — but people are urged to be cautious over potential phishing attempts intending to defraud them. The CNIL warned tha...