Information Technology Security

By Bill Toulas,  Bleeping Computer Geisinger , a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance , an IT services provider contracted by the organization. Geisinger is a non-profit organization that operates 134 care sites, ten hospitals, and the Geisinger Health Plan, serving a total of 1.2 million people. It employs 26,000 staff, including 1,600 doctors, and is considered one of Pennsylvania’s most important organizations. An announcement published earlier this week explains that in November 2023, Geisinger detected unauthorized access to its patients’ database by a former Nuance employee. Nuance was promptly informed and took action to block the former employee’s access to Geisinger’s systems holding patient records. “On Nov. 29, 2023, Geisinger discovered and immediately notified Nuance that a former Nuance employee had accessed certain Geisinger patient information two days after the employee had been terminated,” ...

By  The Hacker News A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing. The threat actors are luring unsuspecting users to fake websites purporting to contain legitimate software. But attempting to download the setup binary launches a malware infection chain instead. Specifically, the executable serves as a pathway for a backdoor called Oyster, which is capable of gathering information about the compromised host, communicating with a hard-coded command-and-control (C2) address, and supporting remote code execution. While Oyster has been observed in the past being delivered by means of a dedicated loader component known as Broomstick Loader (aka ...

By Lawrence Abrams,  Bleeping Computer UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change Healthcare ransomware attack, stating that data breach notifications will be mailed in July. On Thursday, the company published a data breach notification warning that the ransomware attack exposed a "substantial quantity of data" for a "substantial proportion of people in America." While UnitedHealth has not explicitly shared how many people were affected, UnitedHealth CEO Andrew Witty stated during a congressional hearing that "maybe a third" of all American's health data was exposed in the attack. According to the data breach notification, a massive trove of sensitive information was stolen, including: Health insurance information (such as primary, secondary or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers); Health i...

By Bill Toulas,  Bleeping Computer A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. The new campaign was observed being used by multiple threat actors, including those behind ClearFake, a new attack cluster called ClickFix, and the TA571 threat actor, known for operating as a spam distributor that sends large volumes of email, leading to malware and ransomware infections. Previous ClearFake attacks utilize website overlays that prompt visitors to install a fake browser update that installs malware. Threat actors also utilize JavaScript in HTML attachments and compromised websites in the new attacks. However, now the overlays display fake Google Chrome, Microsoft Word, and OneDrive errors. These errors prompt the visitor to click a button to copy a PowerShell "fix" into the clipboard and then paste and run it in a Run: dialog or PowerShell prompt. ...

By Sergiu Gatlan,  Bleeping Computer NHS England revealed today that multiple London hospitals impacted by last week’s Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. Formerly known as Viapath, Synnovis was established as GSTS Pathology in 2009 and switched to the Synnovis brand in October 2022. The organization was established as a partnership between SYNLAB UK & Ireland, Guy's and St Thomas' NHS Foundation Trust, and the King's College Hospital NHS Foundation Trust. Ongoing service disruptions at Guy's and St Thomas' NHS Foundation Trust, King's College Hospital NHS Foundation Trust, and primary care providers across South East London result from Synnovis being locked out of its systems by a June 3 attack linked to the Qilin ransomware operation. While memos issued by hospital officials revealed this "ongoing critical incident" has had a "major impact" on their procedures and operations ...

By Lawrence Abrams, Bleeping Computer LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. Starting at around 1 PM ET yesterday, LastPass users were suddenly unable to access their password vaults or log into their accounts, instead seeing "404 Not Found" errors, which typically indicate a page does not exist. The impact did not go unnoticed, with LastPass customers venting their frustration on Reddit and Twitter about the outage and their inability to retrieve their saved credentials and log in to sites.