Sensitive medical and other personal data was potentially exposed
ARcare, a US healthcare provider with facilities in Arkansas, Kentucky, and Mississippi, has admitted a data breach potentially affecting 345,000 individuals.
“On February 24, 2022, ARcare experienced a data security incident that impacted its computer systems and caused a temporary disruption to services,” reads a data breach alert published by ARcare, which provides discounted medical care in underserved communities via medical centers, pharmacies, and school-based clinics.
“ARcare immediately worked to secure its systems and quickly commenced an investigation to confirm the nature and scope of the incident.”
That investigation concluded on March 14 that a malicious hacker had access to ARcare’s network over a five-week period between January 18 and February 24.
Exposed data
Potentially exposed data, which varied by individual, included “names, Social Security numbers, drivers’ license or state identification numbers, dates of birth, financial account information, medical treatment information, prescription information, medical diagnosis or condition information, and health insurance information”.
ARcare said it is “unaware of any or actual or attempted misuse of the affected information as a result of this incident”.
On April 4, the healthcare provider determined that personal information relating to individuals was exposed and on April 25 began notifying potentially impacted individuals and regulators. The US Department of Health and Human Services (HSS) was notified that 345,353 individuals may have been affected.
“ARcare is reviewing and updating existing policies and procedures relating to data protection and security,” reads the data breach alert.
“ARcare is also investigating additional security measures to mitigate any risk associated with this incident and to better prevent future similar incidents.”
Potentially impacted individuals are “encouraged to remain vigilant against events of identity theft by reviewing account statements, explanation of benefits, and monitoring free credit reports for suspicious activity and to detect errors”, said ARcare. “Any suspicious activity should be reported to the appropriate insurance company, health care provider, or financial institution.”
The Daily Swig has contacted ARcare for further comment. We will update this story if we get a response.
Attorney General Merrick Garland on Thursday warned that the U.S. is on high alert for the possibility of Russia’s war against Ukraine spilling into cyberspace.
“No one looking at Ukraine right now can doubt that the Russian government poses an enormous threat to the United States,” Mr. Garland said in testimony before the House Appropriations Committee. “We are bracing for a potential cyber attack from Russia.”
“We’ve had numerous criminal cyber attacks which we’ve associated with criminal actors operating in Russia. No one operates within Russia without some support for looking away from the government there,” he continued.
Mr. Garland added that the U.S. faces “an enormously significant” intelligence threat from Russia.
Cyberattacks in Ukraine days before the Russian invasion have been linked to Moscow.
The attorney general is the latest member of the Biden administration to raise the alarm about ransomware attacks. In March, the administration warned U.S. businesses and local government governments that they should be vigilant against cyber attacks.
SEE ALSO: Russia reportedly using trained dolphins to protect Black Sea fleet
That warning came days after multiple U.S. agencies issued a similar warning to major U.S. banks.
President Biden in March urged U.S. companies to accelerate efforts to protect themselves against the threat of a cyberattack, adding the federal government is willing to help them fend off a move by Russia.
The White House called on companies to develop multiple steps of authentication, encrypt sensitive data, shore up vulnerabilities and make contingency plans.
Several cyberattacks carried out against U.S. companies and political groups have been tied to Russian agents or cybercriminals based in the country.
Last year’s shutdown of the Colonial oil pipeline, attack on JBS Foods, a meat processor, and an attack on the operator of ferries to Martha’s Vineyard in Massachusetts, have all been linked to hackers based in Russia.
The U.S. has also accused Russian government hackers of stealing the emails of Hillary Clinton campaign chairman John Podesta during the 2016 presidential election.
SEE ALSO: Ukrainian orphans, displaced children need aid, not adoption, advocates say
Flanked by Vice President Kamala Harris, left, and Administrator of the Small Business Administration (SBA) Isabella Casillas Guzman, right, President Joe Biden signs the Paycheck Protection Program (PPP) extension in the Oval Office on March 30, 2021, in Washington. A cybersecurity audit of the Small Business Administration found that pandemic relief programs introduced new vulnerabilities in the agency’s IT environment. (Photo by Doug Mills/Pool via Getty Images)
The Small Business Administration’s information security program is “not effective” according to its inspector general.
In a security audit this week, auditors concluded that almost every major domain of the agency’s cybersecurity operations could be considered below the necessary standards to effectively protect data and defend against malicious hacking threats. The report looked at nine such aspects of the agency’s cybersecurity operations: risk management, supply chain risk management, configuration management, identity and access management, security training, data protection and privacy, continuous monitoring, incident response and contingency planning.
Additionally, an influx of new data and software needed to track spending from relief programs passed by Congress in the wake of the coronavirus pandemic has introduced new vulnerabilities in the agency’s threat model that it has yet to account for.
“In FY 2021, SBA continued to face significant security challenges in carrying out the requirements of the pandemic relief programs. SBA needs to update and implement security operating procedures and address newly identified vulnerabilities in its systems,” auditors wrote. “We identified that control improvements are needed in system software inventory management, patching, user recertification, and in deployment of a comprehensive supply chain risk management policy.”
Each of SBA’s nine IT security domains were judged along four levels of maturity: managed and measurable, consistently implemented, defined or ad-hoc. Only “managed and measurable” is considered effective, but it doesn’t require a perfect or near-perfect score. To achieve it, the domain must score highly in just four out of seven metric questions, a bare majority.
Only one aspect of SBA’s cybersecurity operations, incident response, met that standard. That led the agency’s watchdog arm to classify the entire security program as “not effective.”
The audit measured how SBA’s security program stacked up to requirements listed in the Federal Information Security Modernization Act, a 20-year-old law that has become the primary means of regulating information security operations across the civilian federal government. As technology advanced and hacking threats grew more sophisticated, lawmakers have periodically updated the law over the years, and the House and Senate are currently negotiating another update that would incorporate newer entities, like the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the National Cyber Director, into the FISMA hierarchy.
Many of the shortfalls listed in the report stem from failures to strictly follow the letter of the law. For instance, it requires agencies to develop comprehensive lists of devices and systems connected to the agency network. SBA did not keep theirs up to date despite a similar finding last year and assurances that new polices were in place.
Their supply chain management policies — a major concern for the federal government following the SolarWinds compromise and other third-party intrusions — were deemed “ad hoc,” with no formal policy from the chief information officer (CIO) for how contract or acquisition officials should handle potential threats and agency officials saying they were consulting general guidance from the National Institute for Standards and Technology (NIST) to determine procedures.
Overall patch management, another long-standing problem highlighted in previous audits, remains a weakness.
At least one unnamed system was not regularly scanned, violating SBA policy. There was also no formal agency policy or timeline in place for patching and remediating certain vulnerabilities and misconfigurations (agencies are required through a binding directive from CISA to quickly patch high impact or known, exploited vulnerabilities.)
“If SBA does not promptly make security updates when they become available, there is an increased risk the confidentiality, integrity, and availability of the data residing on information systems could be compromised,” auditors warned. “There is also an increased risk that existing or new vulnerabilities could expose information systems and applications to attacks, unauthorized modification, or compromised data.”
In a written formal response, SBA Acting Chief Information Officer Luis Campudoni concurred with the 10 recommendations issued by auditors. As of the report’s release, all 10 are listed as resolved, though many describe actions in the future tense. Campudoni said the agency’s information security program “continues to mature” and the changes will help SBA comply with a range of federal cybersecurity mandates.
“These capabilities ensure the SBA is well-positioned to align to executive branch goals such as the FY2022 Chief Information Officer Metrics and the Executive Order 14028 initiatives, as well as enabling the SBA to rapidly respond to recent well-publicized global cyber events with minimal impact and no indications of compromise,” Campudoni wrote.
April 27 (Reuters) – Russian government hackers carried out multiple cyber operations against Ukraine that appeared to support Moscow’s military attacks and online propaganda campaigns, Microsoft (MSFT.O) said in a report on Wednesday.
The reported intrusions – some of which have not been previously disclosed – suggest that hacking has played a bigger role in the conflict than what has been publicly known.
The digital onslaught, which Microsoft said began one year prior to Russia’s Feb. 24 invasion, may have laid the groundwork for different military missions in the war-torn territory, researchers found.
Register now for FREE unlimited access to Reuters.com
Register
Between Feb. 23 and April 8, Microsoft said, it observed a total of 37 Russian destructive cyberattacks inside Ukraine.
The Russian Embassy in Washington did not immediately return a message seeking comment.
The findings underscore how modern warfare can combine digital and kinetic strikes, experts said.
“Russian generals and spies have tried to make cyberattacks part of their war effort while they’ve struggled on the battlefield,” said Thomas Rid, a professor of Strategic Studies at the Paul H. Nitze School of Advanced International Studies at Johns Hopkins University.
Microsoft said Russia’s hacking and military operations worked in “tandem against a shared target set.” The tech company said it could not determine whether this correlation was driven by coordinated decision-making or simply because of shared goals.
For example, a timeline published by Microsoft showed that on March 1 – the same day a Russian missile was fired at Kyiv’s TV tower – media companies in the capital were hit by destructive hacks and cyberespionage.
In another case, the company’s cybersecurity research team recorded “suspected Russian actors” lurking on Ukrainian critical infrastructure in the northeast city of Sumy, two weeks before widespread electricity shortages were reported in the area on March 3.
The next day, Microsoft said, Russian hackers broke into a government network in the central Ukrainian city of Vinnytsia. Two days later, missiles leveled the city’s airport.
Victor Zhora, a top Ukrainian cybersecurity official, said on Wednesday that he continues to see Russian cyberattacks on local telecom companies and energy grid operators.
“I believe that they can organize more attacks on these sectors,” Zhora told reporters. “We shouldn’t underestimate Russian hackers but we probably should not over-estimate their potential.”
He thanked Microsoft, the U.S. government and multiple European allies for their cybersecurity support.
Since the start of the war, academics and analysts have said Russia appeared to be less active in the cyber domain against Ukraine than expected. The Microsoft report reveals a flurry of malicious cyber activity, although its impact in most cases has been either unclear or not immediately evident.
Two weeks ago the U.S. government publicly exposed a cyberweapon, known as Pipedream, that was designed to damage industrial control systems. While the tool hasn’t been attributed to Russia, it is viewed as highly dangerous and its discovery coincides with the Ukraine conflict.
Register now for FREE unlimited access to Reuters.com
Register
Reporting by Raphael Satter, Christopher Bing and James Pearson; Editing by Howard Goller
Microsoft released a report on Wednesday detailing how Russian-backed hackers unleashed a series of cyber operations against Ukraine as early as March 2021.
According to the report, at least six separate Russian-backed hacking groups have launched more than 200 cyber operations against Ukraine, including destructive attacks that have threatened civilian welfare. The report also found that the hackers engaged in a broad range of espionage and intelligence activities.
Microsoft found nearly 40 destructive attacks, 32 percent of which directly targeted Ukrainian government organizations while 40 percent were aimed at critical sectors.
“The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership,” said Tom Burt, a Microsoft vice president, in a blog post.
The report comes as the war in Ukraine intensifies and the number of military and civilian casualties rises. Russia announced on Wednesday that it was ceasing its natural gas shipments to Poland and Bulgaria in response to Western sanctions.
The Microsoft report found that the cyberattacks were strongly tied and sometimes directly timed with the kinetic military operations on the ground targeting Ukrainian services and institutions. For instance, cyberattacks were launched against a major broadcasting company on March 1, on the same day the Russian military directed a missile strike against a TV tower in Kyiv.
The tech company also said Russian cyber operations began as early as March 2021, with the hackers attempting to “gain a larger foothold into Ukrainian systems.” The hackers also tried to gain access to the systems of NATO member states, it said.
The report concluded that “it’s likely the attacks we’ve observed are only a fraction of activity targeting Ukraine.”
This is the second time this month that Microsoft has released findings related to Russian cyberattacks amid the war. In early April, the tech giant said it disrupted cyberattacks intended to target Ukraine and organizations in the United States and the European Union.
Microsoft alleged that a Russian hacking group called Strontium was aiming at Ukrainian media organizations as well as foreign policy-related institutions in the U.S. and the EU.
The Russian embassy in Washington did not immediately respond to a request for comment.
