Security News

Memorial Health System recovers from ransomware

Plus, Twitter introduces a new tool, and a secret terrorist watchlist with 1.9 million records appears online

In a bulletin posted on its site, healthcare facility network Memorial Health System, based in West Virginia and Ohio, said it was beginning the process of recovery and restoration after being hit with a ransomware attack earlier in the week. The network reported on Sunday that it experienced an “information technology security incident” that caused it to suspend all online access across its 64 clinics, including hospitals Marietta Memorial, Selby General, and Sistersville General. Surgeries have been canceled, ambulances have been diverted, and clinic staff have had to work with paper charts. But on Wednesday, the network announced it had reached a “negotiated solution,” and that it is “beginning the process that will restore operations as quickly and as safely as possible.”

While details have not been given out, the wording in the MHS statement makes it sound as though the “negotiated solution” is a ransom payment. Avast Security Evangelist Luis Corrons commented, “Ransomware attacks can be devastating, and the healthcare industry is suffering from them worldwide. Sadly, in hopes of recovering their information, some victims choose to pay the ransom. This only fuels the attackers to attack more. That’s why companies have to focus on other aspects – besides prevention – that will allow early threat detection and limit the damages. They also need to have back-ups to get them up and on their feet without having to pay.” For more on this story, see Ars Technica

Twitter allows flagging of misinformation

This week, Twitter began allowing users to flag misinformation the same way they can already flag harassment and other harmful content. The new alert tool comes as a result of heavy government pressure on social platforms to limit the amount of Covid-19 misinformation being distributed. President Biden told reporters in July that Facebook was “killing people” with vaccine misinformation. When users flag content on the platform as misinformation, they will be prompted to select whether the misleading content is political, health-related, or falls into another category. For more on this, see The Verge. To learn how you can limit the spread of misinformation on social media, follow these handy tips

Terrorist watchlist with 1.9M names exposed online

Last month, a security researcher found an exposed Elasticsearch cluster online containing records of sensitive information for 1.9 million people, including their names, countries of citizenship, gender, date of birth, passport details, and no-fly status. One of the fields listed in the records is “TSC_ID.” Judging by this and the other fields, Bleeping Computer posits that TSC_ID refers to the Terrorist Screening Center and that the records comprise a top secret terrorist watchlist. The researcher reported the list to the Department of Homeland Security, and the files were taken down three weeks later. The FBI declined to comment on the matter. 

Survey shows data collection on the rise

Findings collected this past spring by consultant firm KPMG showed not only that businesses were growing their collection of personal data, but that consumers found data privacy an increasingly important concern. Surveying 2,000 U.S. adults and 250 business leaders, KPMG learned that 70% of business leaders said their company increased collection of personal data over the last year, while 62% said their company should do more to strengthen existing data protection measures. Another key finding was that 86% of consumers said data privacy was a growing concern for them. For more stats, see the full KPMG report

CISA warns of Blackberry vulnerability 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert this week amplifying Blackberry’s announcement that its QNX Real Time Operating System (RTOS) can be compromised by a BadAlloc vulnerability, possibly resulting in a denial-of-service condition or having arbitrary code executed on the affected device. The Blackberry QNX RTOS is used in many Blackberry operations, including medical devices, factories, cars, and even the International Space Station. CISA strongly recommends that all organizations using the affected RTOS patch the vulnerable systems as quickly as possible. 

This week’s ‘must-read’ on The Avast Blog

TikTok is pretty invasive: It knows what you’re watching, how much time you’re spending there, and every single search you make. And even if you don’t have an account, you can still browse around. So, should you care? Find out in our latest What Does the Internet Know About Me? installment.