Cybersecurity and Medical Groups

City of Hope Pwned

Charles Parker

The list of medical companies being compromised continues to grow. It seems like very

day there are more of these. The reach of the issue goes far beyond the company or practice

and to the patients who have to deal with this for years and years, always watching if their tax

return has been fraudulently filed, new credit cards opened by someone in the victim’s name, or

simply their identity stolen for whatever purpose the adversaries want.

A successful attack was on the City of Hope. This is a cancer treatment center. The City

of Hope (on a tangent, of all the potential targets a cancer treatment center was chosen?)

detected unusual activity on one of their systems around October 13, 2023. Upon verifying the

issue, the security team went into incident response mode and began to put their plans into play

to stop the continued internal growth of the attack.

While they were diligent, the adversary did gain unauthorized access/foothold to a

portion of their systems and were able to copy files with sensitive, personal data. The data set

would be perfect for the adversaries to sell in whole or cut into pieces. This included the

patient’s name, email address, phone number, date of birth, social security number, driver’s

license number or other government ID, their financial details, health insurance information,

medical records, and more. For each person this is a treasure trove. In this incident, 827,149

people were affected.

As part of the post-incident, the City of Hope did notify the Attorney General’s Office. The

organization also led an investigation into the attack.

About the author-

Charles Parker II has been working in the info sec field for over a decade, in the banking,

medical, automotive, and staffing industries. Charles has matriculated and attained the MBA,

MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security

(ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and

SCADA.

Comentários

Check back soon

Once posts are published, you’ll see them here.

Cybersecurity and Medical Groups

Cybersecurity and Surveys

Cybersecurity and Embedded Systems

Cybersecurity and PII/PHI

Cybersecurity, Passwords and Small Businesses

Cybersecurity and Blanket Training

Cybersecurity and Changing Cultures

Women In Cybersecurity

Cybersecurity and the Value of Verification

Cybersecurity and ICS Ransomware

No tags yet.