Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/8/2018
11:15 AM
50%
50%

Tennessee Hospital Hit With Cryptocurrency Mining Malware

Decatur County General Hospital is notifying 24,000 patients of cryptocurrency mining software on its EMR system.

Decatur County General Hospital (DCGH) in Parsons, Tennessee, recently discovered cryptocurrency mining malware on its its Electronic Medical Record (EMR) server. The hospital began informing 24,000 patients of the attack on January 26.

On November 27, 2017, the hospital received a security incident report from its EMR system vendor, which said unauthorized software, designed to mine cryptocurrency, had been installed on the server supported by the vendor. An ongoing investigation has indicated an unauthorized attacker accessed the server with the EMR system and injected the software.

The hospital's EMR server contained data including patient names, addresses, birthdates, and social security numbers, as well as diagnosis and treatment data. There is no evidence either type of data was taken or viewed, and so far it doesn't seem data theft was the attacker's goal. However, the hospital cannot definitively prove data was not compromised and is therefore notifying patients.

DCGH has not named the EMR system vendor and is offering patients the myTrueIdentity online credit monitoring service for one year. Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/8/2018 | 5:09:46 PM
Re: you'd assume the EMR data is encrypted
@tmerrem945: sensitive data that leaves a private network should be encrypted.  Data kept within a private network might be encrypted - but anyone (real person or system/application process), that needs access to those data values, has to have the means to decrypt that data. 

So, if an attacker has acquired the necessary credentials,  they'll have the access privileges that go with those credentials. 

Post breech forensics might be able to determine if the attacker used stolen credentials - but that can take time; and breech notification requirements don't always leave enough time for a complete investigation.  
tmerrem945
100%
0%
tmerrem945,
User Rank: Apprentice
2/8/2018 | 1:30:08 PM
you'd assume the EMR data is encrypted
It troubles me that the hospital cannot confirm if the data was taken or viewed.  Had the data been encrypted, then they can be certain the intruder wasn't able to view the information.  
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.