HC3 TLP White Vulnerability Bulletin February 4, 2022

January News Items of Interest to the Health Sector

FBI: Hackers target US defense firms with malicious USB packages The FBI released a flash alert warning US companies that the cybercriminal group FIN7 targeted the US defense industry with infected USB devices to deploy ransomware. FIN7 impersonated Amazon and the US Department of Health and Human Services and mailed packages containing USB drives with the LilyGO logo containing malware such as 'BadUSB' or 'Bad Beetle USB' . They targeted the transportation and insurance industries since August 2021 and defense firms starting in November 2021. Since August, these packages also contain letters about COVID-19 guidelines or counterfeit gift cards and forged thank you notes.

Number of Major Health Data Breaches in 2021

Health Care Info Security analyzed the data breach numbers reported to HHS for 2021 and they noted the following:

• In 2021, there were a total of 713 health data breaches affecting more than 45.7 million individuals
• Breaches caused by Hacking/IT incidents were the most prevalent
• This total represents a noticeable increase from 2020 when there were 663 breaches affecting more than 34 million individuals in 2020 (very rough numbers, 10% increase in breaches and 30% increase in number of people impacted)
• These numbers represent the most individuals in a single year impacted since 2015. However, in 2015, there was a single incident with the health insurance company Anthem, which involved exposure of almost 80M individual records, bringing the total for that year over 112M.

View the detailed bulletin below.