Cybersecurity roundup: Russian attacks decreasing, 320K patients affected in portal breach – Healthcare IT News
White House officials testified this past week that they have seen a “discernible decrease” in U.S.-targeted cyberattacks linked to Russia.
As reported by The Hill, Chris Inglis, the country’s first national cyber director, told the House Homeland Security Committee that it was too soon to tell why the number of incidents had lessened.
“It may well be that the transgressors in this space have simply lain low in understanding that this is for the moment a very hot time for them, and we need to ensure that that continues to be the case,” said Inglis.
“I think in the longer term, we will be able to measure in a qualitative and a quantitative fashion what the diminishment of those efforts are,” he added.
Inglis emphasized the importance of staying the course when it comes to cyber defenses, saying that the United States needs to “ensure that our strategy is solidified and brought to bear.”
Inglis’ remarks prefaced news that the Department of Justice had charged two individuals for deploying Russia-linked REvil ransomware against U.S. targets.
EHR vendor reports security breach
QRS, Inc. has begun notifying individuals of a cyberattack that involved the personal information, including the health information, of some of its clients’ patients.
QRS, a technology services company that offers electronic health record and practice management software, said in a notice on its website that it had discovered in August that one of its dedicated patient portal servers had been accessed.
After taking the server offline and investigating, QRS determined that the attacker had accessed the server between August 23 and 26.
During that time, the attacker may have acquired files containing individuals’ name, address, date of birth, Social Security number, patient identification number, portal username, and/or medical treatment or diagnosis information.
According to the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal, the incident affected 319,778 individuals.
“Although QRS is not aware of any identity theft or fraud to any person as a result of this incident, it is notifying the potentially affected patients on behalf of its clients to advise them about the steps QRS has taken to investigate the incident and provide them with guidance about monitoring their information,” wrote the company on its site.
Philips flags security vulnerability in EMR systems
Philips has issued an advisory regarding a version of its TASY Electronic Medical Record HTML5 system.
According to the alert, Philips said it had identified two potential vulnerabilities in system versions 3.06.1803 and prior that may allow …….