Gorodenkoff - stock.adobe.com

Another COVID-19 Research Firm Targeted by Ransomware Attack

Hackers hit biotech research firm 10x Genomics with a ransomware attack amid work on potential COVID-19 treatments; two email security hacks complete this week’s breach roundup.

Hackers successfully targeted and infected California-based 10x Genomics in March, as the biotechnology research firm worked to gain insights into the Coronavirus, or COVID-19, according to a US Securities and Exchange Commission filing.

The biotech firm is part of an international alliance sequencing cells from patients who’ve recovered from the Coronavirus, in an effort to fuel the discovery of potential treatments.

The attempted ransomware attack involved the theft of some sensitive information. However, 10x Genomics was able to isolate the source of the attack and restore normal business operations without a daily impact to the firm’s ability to access its data.

The REvil or Sodinokibi ransomware group took credit for the cyberattack, claiming they were able to take about 1TB of data from 10x Genomics and posting some of the stolen data. The human-operated ransomware campaign known as Sodinokibi first began targeting the health and health IT sector in late 2019.

The hacking group actively scans the internet for vulnerable systems and will typically leverage the updater features of Virtual Private Network (VPN) clients to deploy the malware payload.

Currently, 10x Genomics is working with a third-party investigation team and law enforcement officials to investigate the criminal activity. According to the SEC filing, the company does not believe the data breach will impact future operations.

It’s the second research firm focused on the pandemic to report being hit by ransomware in the past month. The notorious Maze ransomware hacking group successfully hacked and published the sensitive data from Hammersmith Medicines Research, a UK research team on standby for developing a COVID-19 vaccine.

Security researchers and multiple Federal agencies have all warned that hackers are relentlessly targeting the healthcare during the pandemic, in an effort to take advantage of the crisis.

Healthcare Vendor EVERSANA Reports 2019 PHI Breach

Wisconsin-based EVERSANA recently reported it fell victim to a protected health information data breach that occurred between April 1 and July 3, 2019.  EVERSANA is a commercial services vendor to the healthcare sector.

According to the notice, EVERSANA launched an investigation into unusual activity discovered on its email accounts in 2019 with assistance from a third-party cybersecurity firm. Officials did not disclose when the activity was first discovered, nor when the investigation was launched.

The investigation revealed several email accounts were compromised through a hack of its legacy technology environment during the three-month period. As a result, “a limited number” of patient services data was potentially accessible. EVERSANA has since updated the outdated tech and implemented additional security measures.

The compromised data varied by patient but could include names, contact information, Social Security numbers, driver’s licenses or state identification numbers, passports, tax identification numbers, financial account data, debit or credit card information, user credentials, health data, treatments, diagnoses, provider names, MRN/patient ID number, Medicare/Medicaid number, health insurance data, and prescription details.

Impacted patients will receive a year of free credit monitoring and identity restoration services.

On February 7, EVERSANA concluded its investigation. It’s crucial to point out that if the data was covered by HIPAA, the vendor had just 60 days to report the breach to the Department of Health and Human Services after the breach was discovered – not at the investigation’s conclusion.

Otis Bowen Center for Human Services’ Email Hack

Otis Bowen Center for Human Services in Indiana is notifying 35,804 patients that their data was potentially compromised after a hack on two employee email accounts.

On January 28, the Bowen Center discovered some patient and employee data was potentially exposed to an unauthorized user, as officials were performing an independent digital forensics investigation. Officials said they launched a review of the security incident to determine what patient information was impacted.

The notification did not provide further information into the event, such the duration of the compromise, specifics into the hack, and when the attack began. Bowen Center has since enhanced the security of its digital environment.

Next Steps

Dig Deeper on Healthcare data breaches