Tag Archives: affected

Recent ransomware attack cripples nursing homes, acute care facilities

A recent ransomware attack has affected roughly 110 nursing homes and acute care facilities in 45 states, cutting caretakers off from patient records.

Virtual Care Provider Inc. (VCPI), a Milwaukee-based IT consulting, security and management service company, first became aware of the attack Nov. 17. In a letter to clients, VCPI said the business was attacked with Ryuk encryption ransomware, which is used to target large software systems, and that it was spread by the TrickBot virus, a malicious program that targets Windows machines.

The company estimated 20% of its servers have been affected by the attack, and that roughly 100 physical servers will need to be rebuilt. VCPI said it is using a virus-specific software application to scan individual Microsoft Windows servers to verify they aren’t infected. If the server is infected, the business plans to restore it. The company maintains roughly 80,000 computers and servers for the affected facilities, according to KrebsOnSecurity, which broke the story.  

Attackers are demanding $14 million in Bitcoin as ransom for a digital key that VCPI could use to unlock access to its files, a price the company doesn’t want to pay, according to KrebsOnSecurity. VCPI CEO and owner Karen Christianson said in an interview with the security news site that the attack affected nearly all of its offerings, including email and internet service, client billing and phone systems, and access to patient records. She said the ongoing attack is keeping care facilities from accessing patient records.

Experts said the incident shows even the best organizations with the best procedures and controls can fall victim to attack, providing a stark warning to healthcare CIOs to educate employees on best cybersecurity practices.

Ransomware’s impact on healthcare

Larry Ponemon, founder of data protection research company Ponemon Institute in Traverse City, Mich., described the recent ransomware attack as especially devastating.

Larry PonemonLarry Ponemon

“It’s very serious because it’s not just about losing some data or preventing people from accessing their data,” he said. “It’s about the ability to provide services that can be life and death.”

If a ransom isn’t paid to retrieve a digital key to unlock the files, Ponemon said it can take months, or even years, for an affected healthcare organization or business to rebuild its systems after a ransomware attack.

In the letter sent by VCPI, the company said its plan is to rebuild servers and install them into newly created network segments. It is prioritizing servers that provide access to email and EHR applications. The company acknowledged it doesn’t know when clients will have access to VCPI systems again and noted that it intends to investigate if the recent ransomware attack has resulted in the acquisition of client data.

“We are working diligently, nonstop, without resource constraint, according to our documented plan, and with experienced expert leadership,” the letter stated. “We need to ensure the integrity of the new environment. We are prioritizing critical VCPI infrastructure, including Microsoft Exchange email system, and electronic health record software.”

David ChouDavid Chou

David Chou, vice president and principal analyst for Constellation Research in Cupertino, Calif., said he was struck not by the ransomware attack but by the fact that the victim is a technology company that provides technology services to healthcare organizations.

Chou said the incident highlights the importance of properly educating employees to be aware of the ways attackers will try to infiltrate an organization’s systems and to ask questions before opening external emails with potentially malicious attachments. “If you don’t, you’re going to pay the price,” he said.

Go to Original Article
Author:

Microsoft releases 18M building footprints in Africa to enable AI Assisted Mapping

In the last ten years, 2 billion people were affected by disasters according to the World Disasters report 2018. In 2017, 201 million people needed humanitarian assistance and 18 million were displaced due to weather related disasters. Many of these disaster-prone areas are literally “missing” from the map, making it harder for first responders to prepare and deliver relief efforts.

Since the inception of Tasking Manager, the Humanitarian OpenStreetMap Team (HOT) community has mapped at an incredible rate with 11 million square kilometers mapped in Africa alone. However, large parts of Africa with populations prone to disasters still remain unmapped — 60% of the 30 million square kilometers.

Under Microsoft’s AI for Humanitarian Action program, Bing Maps together with Microsoft Philanthropies is partnering with HOT on an initiative to bring AI Assistance as a resource in open map building. The initiative focuses on incorporating design updates, integrating machine learning, and bringing new open building datasets into Tasking Manager.

The Bing Maps team has been harnessing the power of Computer Vision to identify map features at scale. Building upon their work in the United States and Canada, Bing Maps is now releasing country-wide open building footprints datasets in Uganda and Tanzania. This will be one of the first open building datasets in Africa and will be available for use within OpenStreetMap (OSM).

In Tasking Manager specifically, the dataset will be used to help in task creation with the goal of improving task completion rates. Tasking Manager relies on ‘ML enabler’ to connect with building datasets through an API. This API-based integration makes it convenient to access not just Africa building footprints, but all open building footprints datasets from Bing Maps through ML Enabler, and thus the OpenStreetMap ecosystem.

“Machine learning datasets for OSM need to be open. We need to go beyond identifying roads and buildings and open datasets allow us to experiment and uncover new opportunities. Open Building Dataset gives us the ability to not only explore quality and validation aspects, but also advance how ML data assists mapping.”
– Tyler Radford (Executive Director, Humanitarian OpenStreetMap Team)

Africa presented several challenges: stark difference in landscape from the United States or Canada, unique settlements such as Tukuls, dense urban areas with connected structures, imagery quality and vintage, and lack of training data in rural areas. The team identified areas with poor recall by leveraging population estimates from CIESIN. Subsequent targeted labeling efforts across Bing Maps and HOT improved model recall especially in rural areas. A two-step process with semantic segmentation followed by polygonization resulted in 18M building footprints — 7M in Uganda and 11M in Tanzania.

Extractions Musoma, TanzaniaExtractions in Musoma, Tanzania

Bing Maps is making this data open for download free of charge and usable for research, analysis and of course, OSM. In OpenStreetMap there are currently 14M building footprints in Uganda and Tanzania (the last time our team counted). We are working to determine overlaps.

We will be making the data available on Github to download. The CNTK toolkit developed by Microsoft is open source and available on GitHub as well. The ResNet3 model is also open source and available on GitHub. The Bing Maps computer vision team will be presenting the work in Africa at the annual International State of the Map conference in Heidelberg, Germany and at the HOT Summit.

– Bing Maps Team

Go to Original Article
Author: Microsoft News Center

ComplyRight data breach affects 662,000, gets lawsuit

A data breach at ComplyRight, a firm that provides HR and tax services to businesses, may have affected 662,000 people, according to a state agency. It has also prompted a lawsuit, which was filed in federal court by a person who was notified that their personal data was breached. The lawsuit seeks class-action status.

The ComplyRight data breach included names, addresses, phone numbers, email addresses and Social Security numbers, some of which came from tax and W-2 forms.

ComplyRight’s services include a range of HR products, such as recruitment, time and attendance, as well as an online app for storing essential employee data. This particular attack was directed at its tax-form-preparation website. Hackers go after customer and employee data. The Identity Theft Resource Center 2018 midyear report, for instance, lists every known breach so far this year. It said the compromised data is a shopping list of HR managed data.

Company: No more than 10% of customers affected

The breach occurred between April 20 and May 22, and the company notified affected parties by mail.

ComplyRight, in a posted statement, said “a portion (less than 10%)” of people who have their tax forms prepared on its web platform were affected by a cyberattack, but it did not say how many customers were affected by its breach. The company knows the data was accessed or viewed, but it was unable to determine if the data was downloaded, according to the firm’s statement.

But the state of Wisconsin, which publishes data breach reports, has shed some light on the scale of the impact. It reported the ComplyRight data breach affected 662,000 people — including 12,155 Wisconsin residents. A spokesman for Wisconsin Department of Agriculture, Trade and Consumer Protection said this figure was provided verbally to the state by an attorney for ComplyRight.

Rick Roddis, president of ComplyRight, based in Pompano Beach, Fla., said in an email that the firm won’t be commenting, for now, beyond what it has posted on the site.

Among the steps ComplyRight said it took was the hiring of a third-party security expert who conducted a forensic investigation. The firm is also offering credit-monitoring services to affected parties.

Security expert Nikolai Vargas, who looked at the firm’s statement, said ComplyRight “is doing the bare minimum in terms of transparency and informing their clients of the details of the security incident.”

“In cases of a data breach, it is important to disclose how long the exposure occurred and the scope of the exposure,” said Vargas, who is CTO of Switchfast, an IT consulting and managed service provider based in Chicago. ComplyRight stating that “less than 10%” of individuals were affected “doesn’t really explain how many people were impacted,” he added.

“Technical details are nice to have, but they’re not always necessary and may need to be withheld until protections are put in place,” Vargas said.

Federal suit alleges poor protection

[ComplyRight] is doing the bare minimum in terms of transparency and informing their clients of the details of the security incident.
Nikolai VargasCTO at Switchfast

The ComplyRight data breach was first reported by Krebs on Security, which had heard from customers who had received breach notification letters.

Susan Winstead, an Illinois resident, received the notification from ComplyRight on July 17, outlining what happened. She is the plaintiff in the lawsuit filed July 20 in the U.S. District Court for the Northern District of Illinois.

The lawsuit faults ComplyRight for allegedly not properly protecting its data and not immediately notifying affected individuals, and the suit seeks damages for the improper disclosure of personal information, including the time and effort to remediate the data beach. 

Company faced difficult detective work

Another independent expert who looked at ComplyRight’s notice, Avani Desai, said the company “followed best practice for incident response.”

With a cyberattack, one of the most difficult processes initially is identifying that there was an actual attack and the true extent of it, said Desai, president of Schellman & Company, a security and privacy compliance assessor in Tampa, Fla. It’s important to ask the following questions early: Was there sensitive information that was involved? Which systems were exploited? The firm quickly hired a third-party forensic group, she noted.

“ComplyRight locked down the system prior to announcing the breach, which is important, because when organizations announce too quickly, we see copycat attacks hit the already vulnerable situation,” Desai said.

Mike Sanchez, chief information security officer of United Data Technologies, an IT technology and services firm in Doral, Fla., said the things the firm did right are “they disabled the platform and performed a forensic investigation to understand the cause of the breach, as well as the breadth of the malicious actor’s actions.”

But Sanchez said the firm’s statement, which he described as a “very high-level summary,” lacked many specifics, including the exact flaw that was used to gain access to the data.

The Identity Theft Resource Center reported that as of the first six months of this year, there were 668 breaches exposing nearly 22.5 million records.