May 6, 2024

Data Breach Epidemic Hits MedStar: Patient Information Under the Microscope

By

Matt Berns, Access Point Consulting

By

Access Point Consulting

Overview

MedStar, a leading healthcare service provider operating across Maryland, Virginia, and Washington DC, has recently fallen victim to a significant data breach. This incident, which came to light following an investigation concluded in March 2024, involved unauthorized access to the personal information of approximately 183,000 patients. Detected activities occurred intermittently between January and October of 2023, compromising sensitive data including health insurance information and individual healthcare details, which can fetch high prices on dark web markets. MedStar has responded by notifying affected patients and reinforcing their security measures.

While information about this breach is limited, its source can be traced back to unauthorized access to emails and files associated with three employee email accounts. These intrusions occurred sporadically over several months and led to the potential exposure of sensitive patient information. The initial red flags were likely raised by unusual account activities detected by internal security systems, prompting an investigation.

Impact

The compromised data includes names, mailing addresses, dates of birth, dates of service, provider names, and health insurance information. While there is no concrete evidence that this information was viewed or acquired by the attackers, the possibility cannot be dismissed. This breach not only threatens the privacy and security of the affected patients but also places them at risk of medical identity theft and other frauds.

Recommendations

It is paramount for organizations to improve email security to guard against phishing and other schemes targeting employee accounts. This can include advanced phishing defense technologies and regular security training for all employees to recognize suspicious emails. Secondly, organizations must enhance their network monitoring to detect and respond to unusual activities more swiftly. Implementation of stricter access controls and using encryption for sensitive data will further protect sensitive information from unauthorized access.

Events like these illustrate the capabilities of threat actors. They can live inside networks undetected for long periods of time. It’s important for most organizations to have the support of Threat Intelligence experts who know the latest cybersecurity threats and the tactics, techniques, and procedures (TTPs) currently in use by cybercriminals. It has never been more important for organizations to be proactively hunting for threats that may already be lurking within their networks.

Resources

CyberWatch

May 16, 2024

Ransomware Pandemic Hits Ascension Hospitals

On May 9, Ascension, a leading private healthcare provider managing 140 hospitals across the United States, confirmed experiencing a significant ransomware attack initiated by the Black Basta group. This cybersecurity breach was first detected the day before, May 8, because of unusual activity on the organization's network systems. The attack severely disrupted operations, leading to delays and postponements of patient appointments and other healthcare services.

Find out more
May 16, 2024

Two Exploited Zero-Day Vulnerabilities Patched

Microsoft released their security updates for May of 2024 which include fixes for two zero-day vulnerabilities: CVE-2024-30040 (CVSSv3: 8.8) and CVE-2024-30051 (CVSSv3:7.8). CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege Vulnerability) allows for a local attacker to exploit this vulnerability to gain system-level privileges. CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability) allows a remote attacker to bypass OLE mitigations in M365 and Microsoft Office that protect users from vulnerable COM/OLE controls. It requires an attacker to convince a user to load a malicious file into a vulnerable system and manipulate it. This can allow an unauthenticated attacker to achieve remote arbitrary code execution from the context of the user. Both of these vulnerabilities are known to be exploited and have each been added to CISA’s Known Exploited Vulnerabilities Catalog, giving them a heightened patch priority and associated risk.

Find out more
May 10, 2024

Fix Available for Use-After-Free Vulnerability in Tinyproxy

This is a vulnerability that exists in HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.1 classified as CVE-2024-49606 (CVSSv3: 9.8). Cisco Talos security researchers describe this vulnerability as a use-after-free which exists in the HTTP Connection Headers of vulnerable versions of tiny proxy. Utilizing a specially crafted HTTP header can trigger reuse of previously freed memory which leads to memory corruption and can potentially lead to remote code execution. This method does not require authentication. This vulnerability is considered a zero day, but a fix has been made available through GitHub.

Find out more

Peace of mind starts today, with Access Point Consulting

Meet with an Expert