Universal Health Services lost $67m to ransomware attack

UHS was among the first hit with the coordinated ransomware wave that targeted the healthcare sector last year. On September 29 last year, Universal Health Services announced in a press release that due to an IT security incident that took place two days earlier, it had to suspend user access to its IT applications related to operations located in the United States.
In the early hours of September 27, UHS clinicians and staff members took to Reddit to determine if other UHS employees across the country were experiencing similar computer and phone outages.
The thread detailed internet and data center outages, with one employee attributing the incident to a ransomware attack after seeing ransom messages from the Ryuk hacking group displayed on some computer screens.
Upon discovery, the IT team took all systems offline to prevent further propagation. The following day, UHS officials confirmed the event as an IT disruption, before reporting as a malware infection several days later.
The disruption caused by the ransomware attack was immense, considering UHS is among the largest providers of hospital and healthcare services in the US, featuring among Fortune 500 companies in 2019 with annual revenue of $11.4 billion and also ranking #330 in Forbes list of U.S.' Largest Public Companies.
The company employs around 90,000 people across 26 acute care hospitals, 330 behavioral health facilities, 41 outpatient facilities, and a number of ambulatory care access points and a network of physicians. Aside from the US, Universal Health Services also operates in Puerto Rico and the United Kingdom.
UHS said that it immediately implemented extensive IT security protocols and was working with security partners to restore the affected IT services as soon as possible. The incident caused temporary disruption to some clinical and financial operations, forcing acute care and behavioural health facilities to rely on offline documentation efforts to deliver round-the-clock patient care.

Police arrest 11 suspects of ‘Anonymous Malaysia’ hacker group

Eleven men, believed to be part of the "Anonymous Malaysia" hacker group, have been detained following six raids conducted by Malaysian police in Pahang, Johor, Perak and the Klang Valley. The group was believed to be responsible for cyber attacks on websites belonging to the government and the private sector.
Deputy Inspector-General of Police Acryl Sani Abdullah Sani said the suspects, aged between 22 and 40, were detained following the group's recent threat to hack the government's computer system.
Among those arrested by the Commercial Crime Investigation Department of Malaysian police headquarters, he said, was the administrator of the Anonymous Malaysia Facebook page.
"We will investigate further and ascertain if there are other members of the group," he told reporters after visiting a Covid-19 police roadblock set up at a Selangor toll plaza.
Datuk Seri Acryl Sani said the group was believed to be responsible for cyber attacks on websites belonging to the government and the private sector.
"We are not ruling out the possibility of 17 websites having been hacked," he added.
It was learnt that the suspects were also responsible for hacking the systems belonging to the Johor and Sabah state governments as well as Malaysia's International Trade and Industry Ministry.

NYU Tandon’s Index of Cyber Security sees rapid rise in nation-state concerns

The recent Solar Winds attack confirms fears from cybersecurity experts that threats from nation-states are on the rise.
Cybersecurity experts across the world reported a 5% rise in nation-state and targeted counterparty hacking concerns in December, according to an index issued by a research team from the NYU Center for Cybersecurity (CCS) at the New York University Tandon School of Engineering. This rise appears to correlate closely with the recent “sunburst” attack on national and business infrastructure via SolarWinds’ Orion business software updates.
The Index of Cyber Security, which is updated monthly at the NYU CCS website, collects sentiment estimates via direct polling of practicing security experts around the world on cybersecurity threat-related issues. The index has operated since 2008, with CCS curating and hosting the research project for two years.
“When we saw this rise, we immediately connected it to the recent massive third-party software attack involving SolarWinds,” said NYU Tandon Distinguished Research Professor Edward Amoroso, who leads the ICS research team. “The experts who provide data for our index clearly saw this threat as increasing in intensity.”
An additional risk indicator that rose during the month was a shift toward cyberattacks being specifically aimed at counterparties. “This increased targeting of designated counterparties, versus devices, systems, or other non-human actors, is consistent with the motivation inherent in most nation-state campaigns,” said Amoroso.
The sentiment index is based on observational factors such as unpatched servers, unsatisfactory audit findings, and average time to respond to an incident. Amoroso’s academic research group at NYU Tandon’s Department of Computer Science and Engineering collaborates with TAG Cyber LLC, which supports information technology functions.