Another doozy of a week. The one thing about InfoSec is that the breaches, vulns, and exploits keep on coming. On the menu this week:

• Take a number: Those Rx’s are gonna be a minute.

• Can’t Miss: this week’s top hit

• Data broker goes broke: where does the data go?

• Might have missed: executive orders and leap years

• Lockbit’s back: next victim - Democracy?

Big News

Healthcare Hacked: Prescriptions on Hold and You're Left Holding the Bag (of Pills... Hopefully)

So, you need a refill on your meds, but the pharmacy says to hold your horses (or pills, as it were)? Last week, a major disruption hit Change Healthcare, a provider under United Healthcare’s umbrella responsible for providing claim and payment services to over 67K pharmacies. It turns out that disruption initially thought to be a nation-state actor, was the ransomware operator ALPHV/Blackcat. The FBI claimed to have disrupted this same group in December of last year, who was also responsible for high-profile attacks against Ceasars and MGM Casinos.

What happened: The hackers infiltrated Change Healthcare's systems, causing major disruptions for ELEVEN. WHOLE. DAYS. Change Healthcare is HUGE. This means delays in processing prescriptions, pharmacies scrambling, and potentially you waiting longer to get the medication you need. Not exactly ideal, right? Following the FBI takedown of ALPHV’s data leak site in December, the ransomware operator put out a notice that they would drop their rule against attacking critical infrastructure, including healthcare.

Why it matters: This isn't just an inconvenience. Delays in essential medications can have serious consequences, especially for people with chronic conditions. It also highlights the growing threat of cyberattacks on critical infrastructure systems. Hackers targeting medical data is a recipe for real-world problems. Ransomware operators don’t stop at encrypting data. They will exfiltrate the medical records (Change has over 1/3 of the US’s patient data) and leak them if the ransom isn’t paid. This means extortion or embarrassment for affected patients once the data is leaked to the public.

The other side: Not much to celebrate here. While there are some efforts to contain the attack and restore systems, it's unclear how long things will take to get back to normal. These systems are on day 11 of the outage as of this article’s writing. Change is offering short-term loans to process payments, which will need to be paid back once Change is back up and running.

The takeaway: This whole situation is a wake-up call. We need stronger cybersecurity measures to protect our health data from falling into the wrong hands. And maybe, just maybe, a reminder to keep a small stockpile of your essential medications in case things go south, like, say, a cyberattack. This retaliatory attack also shows the ability of the groups to pivot and become operational again post-law enforcement action quickly.

tl;dr: Hackers attacked a healthcare data company causing delays in prescriptions. Not cool. Be prepared, stay vigilant, and hope for better cybersecurity.

More: CBS | Yahoo | Reuters | BusinessInsider | WashPost$

Can’t Miss

Breaches, vulns, and more.

When a soul-sucking data broker goes bankrupt. Yay?

I know we’ve talked data brokers before, most recently about Meta attempting to fight back. We all know our data is out there, floating around the internet like digital tumbleweeds. Whether you give permission or not, your online activities are being tracked and collected. But what happens when the companies collecting it go belly up?

What Happened: Near, a company that boasted it was “The World’s Largest Dataset of People’s Behavior in the Real-World,” and it has data on “1.6B people across 44 countries”, filed for bankruptcy. The Wall Street Journal had previously investigated Near for selling location data to anti-abortion groups and the Department of Defense. Yeesh.

Why It's Important: Because let's face it, your data is like gold in the shady corners of the internet. If a data broker goes bankrupt, their precious collection, including your info, could be sold off to the highest bidder. It’s not like Near was trustworthy, but the unknowns of where the sensitive data goes in a sell-off are concerning.

The other side: Okay, so things look bleak, but there's a silver lining (maybe). Senator Ron Wyden pushed the FTC to step in and create restrictions around the use and sale of sensitive data. It’s not the end all be all of data privacy, but it does require explicit consent for sensitive location data in the sale.

The Takeaway: This whole situation is a stark reminder that regardless of how we permission our location data, it can still be collected and used with very little oversight. Strong data privacy laws are needed.

tl;dr: Data broker collects your info, goes bankrupt, and then sells your data to potentially sketchy individuals. Fun times.

More: TheMarkup | ArsTechnica

Might have missed

Off Track

Lockbit’s back and threatenin’ broken democracy

Last week, we wrote about an international takedown of Lockbit, one of the most prolific ransomware gangs in existence. Well, er, were in existence, but now back in existence? When the takedown occurred, Lockbit claimed law enforcement was not able to obtain their backups, arrested the wrong people, and overall had not done much to stop the organization. While there was a lot of conflicting information, Lockbit claimed to have restored systems and was back-extorting victims.

What happened: In Lockbit’s communications post-takedown, they claimed that law enforcement fumbled the takedown, in part, because they were acting quickly to prevent documents one of its victims from leaking. At the time of the takedown, Lockbit had publicly given Fulton County, Georgia, one of 11 victims posted on its website, a deadline to pay the ransom and prevent confidential documents from leaking.

Why was it important: Fulton County, Georgia’s courtroom saw a few high profile cases, namely, Donald Trump’s case on whether he interfered in the 202 US election. Lockbit is claiming to have documents that could heavily influence this year’s US Election. The group provided a deadline of Feb 29, 8:49 AM to pay the ransom or the documents would be released. Well, that date came and went, with Lockbit claiming they’ve been paid, and Fulton County claiming “we did not pay nor did anyone pay on our behalf”.

The other side: Does Lockbit have the data? Who knows. Generally, Ransomware operators don’t lie about having data, that’s their reputation and bluffing leads to other victims not paying. On the other hand, given the recent takedown, perhaps all the data is lost and they’re trying to recoup what they can. At the end of the day, one of them appears to be lying.

The takeaway: Lockbit is still causing havoc. The law enforcement action against them was a beautifully coordinated effort that may have done little to prevent continued operation. It shows the ransomware group’s ability to mold, morph, and change when needed. It also highlights, yet again, why backups are so important. Even if those backups are Fulton County’s or Lockbits, one or both of them is restoring systems to get back up to operating speed.

tl;dr: Lockbit’s back and claiming to have documents related to Donald Trump’s case in Fulton County, GA. They might have em, they might not, but they’re still causing trouble.

More: TechCrunch | Wired | Yahoo | KrebsOnSecurity

Cool Sh*t Corner

A fully foldable phone? I suppose I’ll wait for Apple to make one in 20 years and claim they invented it.

Thanks for reading this week’s edition. If you have feedback or advice, or just hate everything you see? Hit this link!