Issue link: https://beckershealthcare.uberflip.com/i/821337
53 CIO / HEALTH IT NC Officials Mistakenly Send Information for 1.2k Patients to Media Outlets By Jessica Kim Cohen M ecklenburg County, N.C., officials accidentally sent HIPAA-pro- tected information to two media outlets on March 27, impact- ing at least 1,200 patients, WSOC-TV reports. WSOC-TV was one of the media outlets that received patient information. The Mecklenburg County Health Department intended to respond to a public records request over the department's alleged failure to notify patients who received abnormal Pap smear test results at Mecklenburg County clinics, according to another WSOC-TV report. Upon receiving the confidential patient information, WSOC-TV notified county officials. "The County has contacted the outlets to recall the information and is confident that no protected information has been released to the pub- lic," the health department said in a statement, reported by WSOC-TV. Mecklenburg County officials are in the process of contacting impacted patients. Dena Diorio, Mecklenburg County manager, said the county is establishing new processes for sharing patient information, including no longer sending private information in emailed spreadsheets. "Mecklenburg County takes protecting private information very serious- ly and has multiple levels of security to keep this from occurring," ac- cording to the health department statement. "That system failed in this instance, and the County will closely review the policy and procedures used to release information and to make sure this type of information is not released in the future." The Mecklenburg County Health Department declined Becker's request for comment. n A Popular Ransomware Family Now Evades AI Detection By Jessica Kim Cohen C erber — the most commonly deployed ransomware family — found a new technique to conceal itself, according to an analysis by the security vendor Trend Micro. Like most ransomware, this Cerber variant is delivered via email. However, this email mes- sage includes a link to an archive, which is located on a Dropbox account controlled by the attackers. Once a cybervictim downloads the self-extracting archive — which contains three files — the system is infected with a vi- rus. "All self-extracting files may look similar by structure, regardless of the content," accord- ing to Trend Micro. "In other words, the way Cerber is packaged could be said to be de- signed to evade machine learning file detec- tion." One of the three files also checks whether certain security analysis tools — including some of those run by Trend Micro — are run- ning on the system. n 9 Types of Malware That Should Be on a Hospital's Radar By Jessica Kim Cohen T here are nine types of malware fre- quently delivered to healthcare organi- zations, according to a Workgroup for Electronic Data Interchange report. e report, titled e Rampant Growth of Cy- bercrime in Healthcare, gives an overview of common vulnerabilities healthcare organiza- tions face and summarizes topics discussed at cybersecurity roundtables in 2015 and 2016. Here are the nine types of malware delivered to healthcare organizations. 1. Virus. is contagious malware spreads by infecting soware. Once this soware is opened, the virus copies itself. 2. Worm. Another type of contagious mal- ware, a worm will infect soware and copy itself without the need for user action. 3. Trojan. is masked malware conceals it- self as a legitimate soware, but reveals itself as harmful upon installation. 4. Rootkit. is is another type of masked malware. Although it doesn't cause any dam- age itself, it helps conceal malware from anti- virus detection. 5. Keystroke logger. is malware takes the form of a program or hardware that monitors and records a user's key strokes. is masked malware is oen used to steal passwords. 6. RAM scraping. is masked malware steals credit and debit card data during trans- actions on point-of-sale machines. 7. Adware. is malware takes the form of embedded script or code, which automatical- ly displays or downloads damaging soware. 8. Rogue security soware. is soware tells users they already have a virus in their system, and encourages them to install Trojan or ransomware disguised as a removal tool. 9. Ransomware. is malware encrypts files or prevents users from accessing a system un- til they pay a ransom. n