Hackers tied to China targeted the COVID-19 vaccine research developer Moderna in an effort to steal data; ransomware, records theft, and an employee email hack completes this week’s breach roundup.
August 03, 2020 - Massachusetts-based Moderna, a research firm currently tasked with the development of a COVID-19 vaccine, was targeted by hackers with ties to the government of China, in an effort designed to steal valuable data, according to Reuters.
Moderna recently announced it entered the final phase of its investigational vaccine trials.
The report comes just two weeks after the Department of Justice indicted two hackers for allegedly working with China to steal valuable data, including coronavirus research, from a wide range of US organizations, companies, and governments.
According to Reuters, Moderna officials confirmed they’ve discussed the reconnaissance activities outlined in the DOJ indictment with the FBI.
“Moderna remains highly vigilant to potential cybersecurity threats, maintaining an internal team, external support services and good working relationships with outside authorities to continuously assess threats and protect our valuable information,” Moderna company spokesman Ray Jordan, said in a statement.
Moderna is just the latest US research firm to be targeted by hackers amid the COVID-19 pandemic. The World Health Organization, Hammersmith Medicines Research, and 10x Genomics. Reports have shown Russian hackers are targeting US COVID-19 vaccine developers, as well.
The reports are concerning given research shows 17 major biomedical companies working on the development of a COVID-19 vaccine are operating with severe security vulnerabilities in their computer systems.
RANSOMWARE ATTACK ON HIGHPOINT FOOT AND ANKLE CENTER
A ransomware attack on Highpoint Foot and Ankle Center in Pennsylvania potentially breached the data of 25,554 patients.
On May 20, Highpoint officials detected a data security incident involving electronic patient records. An investigation determined a hacker remotely gained access to the servers, potentially giving access to patient records. Access to the server was restricted, but the attack likely bypassed those protections.
The compromised data could include patient names, contact information, dates of birth, Social Security numbers, and protected health information, such as diagnoses and treatments. Upon discovery, Highpoint changed the access credentials and implemented additional safeguard for patient records.
MULTIPLE PHARMACIES REPORT BREAK-INS, PHI THEFT
CVS and Walgreens recently reported several of their pharmacies were broken into between May and June, which led to the theft of some protected health information.
Protests held between May 27 and June 8, resulted in multiple looting and vandalism incidents at several CVS pharmacies. Individuals gained access to CVS stores and stole prescriptions left in the pharmacy waiting bins. Those individuals also stole paper prescriptions and vaccine consent forms.
As a result, a range of PHI was compromised, such as patient names, contact information, prescriber details, medication types, and information on primary care providers. CVS reported the breach to the Department of Health and Human Services as impacting 21,289 patients.
For Walgreens, the break-ins tied to looting and vandalism occurred at multiple stores between May 26 and June 5. The individuals allegedly stole multiple hard drives connected to cash registers, prescriptions from waiting bins, paper records, and an automation device used to print prescription labels.
Compromised or stolen data varied by patients and could include contact information, state ID numbers, medication names, prescriber information, dates of birth, balance rewards numbers passports, driver’s licenses, military IDs, health plan names and group numbers, vaccine data, and prescription numbers. No Social Security numbers or financial information were compromised during the theft.
Walgreens reported incidents at 180 of its stores across the country. The pharmacy giant has since closed out and reentered impacted prescriptions and reversed insurance claims, in an effort to prevent fraud.
Meanwhile, Cub Pharmacies reported that eight of its stores were broken into between May 27 and May 30, which included the theft of locked safes, binders with prescription records, and prescription orders awaiting fulfillment. Credit card authorizations were also stolen during the break-ins.
Cub officials are continuing to investigate and review security footage to verify the extent of the thefts and impact to customer data.
ELKINS REHABILITATION & CARE CENTER REPORTS EMAIL HACK FROM 2019
Elkins Rehabilitation & Care Center (ERCC) in West Virginia is just now notifying 3,127 patients that their data was potentially breached after several employee emails accounts were hacked in 2019.
Under HIPAA, providers are required to report PHI data breaches to HHS within 60 days of discovery, not at the close of the investigation.
First discovered in February 2019, several employee email accounts were inappropriately accessed, and a hacker deployed malware infected several ERCC network systems between February 4 and February 7, 2019.
The IT team worked to investigate the incident and moved to clean the infection, as well as reset all passwords and identify the type of malware used in the attack. The investigation determined the hackers used a malware variant known to extract emails.
The account review was completed in July 2020, finding the email accounts contained limited patient health information, Social Security numbers, and or driver’s licenses.
ERCC has since replaced the impacted hard drives, installed and updated its anti-virus and anti-malware software, and retrained its workforce on security awareness.
Xtelligent Healthcare Media