Cybersecurity roundup: Russian attacks decreasing, 320K patients affected in portal breach
White House officials testified this past week that they have seen a “discernible decrease” in U.S.-targeted cyber attacks linked to Russia.
As reported by The Hill, Chris Inglis, the country’s first national cyber director, told the House Homeland Security Committee that it was too soon to tell why the number of incidents had lessened.
“It may well be that the transgressors in this space have simply lain low in understanding that this is for the moment a very hot time for them, and we need to ensure that that continues to be the case,” said Inglis.
“I think in the longer term, we will be able to measure in a qualitative and a quantitative fashion what the diminishment of those efforts are,” he added.
Inglis emphasized the importance of staying the course when it comes to cyber defenses, saying that the United States needs to “ensure that our strategy is solidified and brought to bear.”
Inglis’ remarks prefaced news that the Department of Justice had charged two individuals for deploying Russia-linked REvil ransomware against U.S. targets.
EHR vendor reports security breach
QRS, Inc. has begun notifying individuals of a cyber-attack that involved the personal information, including the health information, of some of its clients’ patients.
QRS, a technology services company that offers electronic health record and practice management software, said in a notice on its website that it had discovered in August that one of its dedicated patient portal servers had been accessed.
After taking the server offline and investigating, QRS determined that the attacker had accessed the server between August 23 and 26.
During that time, the attacker may have acquired files containing individuals’ name, address, date of birth, Social Security number, patient identification number, portal username, and/or medical treatment or diagnosis information.
According to the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal, the incident affected 319,778 individuals.
“Although QRS is not aware of any identity theft or fraud to any person as a result of this incident, it is notifying the potentially affected patients on behalf of its clients to advise them about the steps QRS has taken to investigate the incident and provide them with guidance about monitoring their information,” wrote the company on its site.
Philips flags security vulnerability in EMR systems
Philips has issued an advisory regarding a version of its TASY Electronic Medical Record HTML5 system.
According to the alert, Philips said it had identified two potential vulnerabilities in system versions 3.06.1803 and prior that may allow SQL injection under certain conditions.
“Should this occur, a successful SQL injection attack can result in confidential patient data being exposed or extracted from the TASY database,” said the company.
“Attackers could gain unauthorized access to Tasy EMR systems or accounts and, ultimately may lead to a Denial of Service to the database,” the advisory continued.
Philips advised affected customers to upgrade to versions 3.06.1804 or later, which are not subject to the vulnerabilities.
“At this time, Philips has received no reports of exploitation of these vulnerabilities or incidents from clinical use that we have been able to associate with this problem. Philips’ analysis has shown that it is unlikely that this vulnerability would impact clinical use,” said the vendor.
“Philips’ analysis also indicates there is no expectation of patient hazard due to this issue,” said the alert.