Medical devices and healthcare systems - if it connects, it’s vulnerable. Let's make sure it stays safe.
"No-one from nowhere." - It’s not about being seen. It’s about doing the work.
No hype. Just security.
#Cybersecurity #MedicalDevices #NoOneFromNowhere #HealthTech #MedSec #SecurityFirst
The NoEscape ransomware gang claims to have hit two more medical entities. They provide no proof of claims, however, and there is no notice on either entity's site about any incident. BUT:
One of them is Southeastern Orthopaedic Specialists in NC. NoEscape claims it locked them on October 25 and the victim hasn't responded to them at all. As we've seen with NoEscape before, they appear to now be hitting the victim with a DDoS attack and attempts to connect to the entity's site right now are failing/timing out. NoEscape claims to have 400,000 files / 3 GB of data. DataBreaches has written to the entity, but that was just a few minutes ago and unsurprisingly, no reply as yet.
The other entity hit is Caresprings in Ohio and Kentucky. No DDoS on this one. NoEscape claims to have locked them on Nov. 10 and to have exfil'd 364 GB of files. There is no notice on Carespring's site at this time.
#MedSec #databreach #ransomware #infosec #cybersecurity #DDoS
Following up: Everest declined to give me any info on this one, saying details will only go to the end buyer.
No response yet from the hospital that I reached out to to inquire if they knew of any breach.
Everest Team claims to have access to something big and U.S. medical. Reads like a third-party situation and he provides very detailed list of field types.
No proof of claims provided at this point but a few covered entities named. I've emailed one of them already to ask if they are aware of any breach and have reached out to the TA to see if he is willing to reveal a bit more.
Ugh, ugh, ugh.... :(
No-one from nowhere
seniorfrosk
Dissent Doe 
ITSEC News