The Week in Breach: 11/06/19 – 11/12/19 | CloudSmart IT

The Week in Breach: 11/06/19 – 11/12/19

This week, healthcare data is targeted by cybercriminals, lax account security compromises PII, and Australian cybersecurity specialists are on the verge of burnout.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: 
Domain
Top Industry: 
Finance & Insurance
Top Employee Count: 
1 – 10 Employees 


United States – InterMed 

https://www.newscentermaine.com/article/news/crime/maine-health-provider-hit-by-an-email-security-breach-30000-patients-health-information-exposed/97-c8a8aa5f-fa87-45ba-999c-122fea7a76c8

Exploit: Compromised email account
InterMed: Maine-based physician group

twib-severeRisk to Small Business: 1.777 = Severe: Hackers gained access to four employee email accounts that contained patients’ protected health information. The first employee account was accessed on September 6th, and the subsequent accounts were available between September 7th and September 10th. Although InterMed did not report the specific vulnerability that led to the breach, credential stuffing and phishing attacks were likely the culprit. The company’s slow response time and the sensitive nature of the compromised data will result in regulatory scrutiny that will amplify the post-breach impact.
twib-severeIndividual Risk: 2.428 = Severe: Patients’ protected health data was compromised in the breach. This includes names, dates of birth, health insurance information, and clinical data. In addition, some Social Security numbers were exposed to hackers. This information has a ready market on the Dark Web, and those impacted by the breach should take every precaution to protect their identity.

Customers Impacted: 30,000
How it Could Affect Your Customers’ Business: Data breaches are becoming increasingly costly, so sufficiently addressing defensible threats should be a top priority for every organization. Employee email accounts are often a top target for hackers who use phishing campaigns and credential stuffing attacks to gain access to their account data. Comprehensive awareness training and Dark Web services that provide advanced notification when credentials are compromised can position companies to protect this easy access point from bad actors.


United States – Brooklyn Hospital Center

https://www.fiercehealthcare.com/tech/ransomware-attack-at-brooklyn-hospital-center-results-permanent-loss-some-patient-data

Exploit: Ransomware
Brooklyn Hospital Center: Full-service community teaching hospital

twib-severeRisk to Small Business: 2.111 = Severe: A ransomware attack struck Brooklyn Hospital Center, making some patient data inaccessible while deleting other information entirely. The ransomware originated with unusual network activity in July, but it wasn’t until September that the hospital determined that certain data would never be recoverable. However, it’s unclear why it took another month to notify the public of the disabled or missing data. As healthcare providers both big and small face the threat of ransomware attack, this lengthy reporting delay can compound the problem as it ushers in the opportunity for more hostile consumer blowback.
twib-severeIndividual Risk: 2.285 = Severe: Brooklyn Hospital Center declined to identify the specific data compromised in the breach, but healthcare providers are often a target for cybercriminals because of the sensitive nature of this information. Therefore, anyone impacted by the breach should take the necessary steps to ensure their data’s security, including enrolling in identity monitoring services and closely evaluating their accounts for unusual or suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident is a reminder that ransomware attacks can have ominous outcomes for any organization. While some are cut and dry transactions, others can be more damaging, resulting in permanent data loss or information exposure. Once your company’s data is in the hands of bad actors, there is no script for determining what happens next. With that in mind, preventing ransomware attacks proactively with proper cybersecurity measures must be a top priority for businesses of every shape, size, and sector.


United States – Utah Valley Eye Clinic

https://threatpost.com/eye-clinic-breach-reveals-data-of-20000-patients/149878/

Exploit: Unauthorized database access
Utah Valley Eye Clinic: Utah-based eye clinic

twib-severeRisk to Small Business: 2.333 = Severe: A cybersecurity vulnerability at a third-party affiliate compromised personal data for thousands of the clinic’s customers. The incident resulted in patients receiving fraudulent emails indicating that they received a payment from PayPal. The breach was only recently discovered, originally occurring on June 18, 2018, so patient data has been exposed for a significant duration. As a result, the company will likely face legal penalties and lost revenue due to exposed protected health information (PHI).
twib-severeIndividual Risk: 2.142 = Severe: The clinic confirmed that patient email addresses were compromised in the breach, but it also conceded that other personally identifiable information, including names, addresses, dates of birth, and phone numbers, may have been exposed. The prolonged time to detection means that this information has been available for misuse, and they should be especially vigilant to evaluate online communications and credentials for suspicious or unusual activity.

Customers Impacted: 20,000
How it Could Affect Your Customers’ Business: Third-party partnerships are becoming increasingly important in today’s business environment, yet also capable of inviting potential cybersecurity vulnerabilities. It’s estimated that more than 60% of data breaches involve a third-party exposure. Consequently, cybersecurity should be a top priority when considering partnerships, information sharing, or other collaborative opportunities.


Canada – TD Canada Trust

https://globalnews.ca/news/6126894/a-couple-who-banks-with-td-canada-trust-loses-hundreds-of-dollars-during-e-transfer-not-once-but-twice/

Exploit: Unauthorized database access
TD Canada Trust: Financial services provider

twib-severeRisk to Small Business: 2 = Severe TD Canada Trust believes that weak security questions provided hackers with an easy way to access user accounts and redirect online money transfers. Although the complaints are currently limited to two accounts within the same family, compromised user credentials can be a serious problem for both companies and consumers. In this case, frustrated clients took to the media to complain about their experience, harming TD Canada Trust’s customer relationships and brand reputation.
extreme gaugeIndividual Risk: 2.142 = Severe: Although it is unclear what personal information is compromised, it’s certain that hackers had access to users’ login credentials and security questions. Therefore, other personal information including names, addresses, and financial data could be compromised. In that case, disrupted payment transfers could be the least of the company’s problems. Those impacted by the event should notify their financial institutions about the compromise, and should update credentials with strong, unique passwords and better security questions.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: TD Canada Trust views this cyber incident as an avoidable intrusion since hackers relied on weak login credentials to access a user’s account. Faced with an already complex threat landscape, ensuring that employees and customers do their part to secure data should be an obvious priority for every business. At the same time, having the ability to identify compromised credentials before they are used maliciously allows for preemptive action to prevent a data breach.


Canada – Pipestone Kin-Ability Centre 

https://www.cbc.ca/news/canada/saskatchewan/kin-ability-cyber-attack-sask-1.5349230

Exploit: Unauthorized network access
Pipestone Kin-Ability Centre: Non-profit serving adults with mental and physical disabilities

twib-severeRisk to Small Business: 1.666 = Severe: A flaw in the non-profit’s network security allowed hackers to access the company’s financial system, eventually siphoning off more than $400,000. The funds were earmarked for general operations and wages. Administrators immediately identified the unauthorized activity, but their reactive security measures will cause significant losses. The organization is working to identify the culprit, but their efforts are unlikely to fully restore the company’s resources.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident underscores the importance of a forward-thinking readiness posture when addressing today’s cybersecurity risks. Any company relying exclusively on reactive measures will lose time, money, credibility, and customers. However, by preparing for the most prescient threats before they occur, companies can help ensure that their IT infrastructure remains secure.


Kingdom – LendingCrowd

https://www.p2pfinancenews.co.uk/2019/11/04/lendingcrowd-reports-data-breach/

Exploit: Unauthorized database access
LendingCrowd: Online peer-to-peer lending company

twib-severeRisk to Small Business: 1.888 = Severe: LendingCrowd notified users of a data breach that impacted a subset of the company’s investors. Company officials noted that their platform hasn’t been breached, which could indicate successful credential stuffing attacks or other account-specific vulnerabilities. The company has contacted those impacted by the breach and regulatory bodies, but LendingCrowd will now deal with the litany of negative consequences that accompany a breach of any size.
extreme gaugeIndividual Risk: 2.428 = Severe: LendingCrowd failed to disclose the specific data involved in the breach, but since it impacted P2P lenders, it’s likely to include personally identifiable information such as names, addresses, and certain financial data. This information has incredible value on the Dark Web where it can quickly spread, putting users at risk for additional cybercrimes. Therefore, anyone impacted by the breach should enroll in credit and identity monitoring services to oversee and ensure their data’s long-term integrity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Every business faces numerous cybersecurity threats, but many can be avoided by following cybersecurity best practices. In this case, LendingCrowd is asking all users to enable two-factor authentication to protect their account integrity. These simple steps can make a profound difference in your cybersecurity readiness posture.


United Kingdom – James Fisher and Sons PLC

https://www.cnbc.com/2019/11/05/reuters-america-update-1-marine-firm-james-fisher-reports-cyber-breach.html

Exploit: Unauthorized database access
James Fisher and Sons PLC: Marine services provider

correct severe gaugeRisk to Small Business: 3 = Moderate: An unauthorized third-party gained access to the company’s computer system, forcing JFS to bring their systems offline to prevent intruders from further infiltrating their network. In some sense, the company was lucky. Personal information wasn’t compromised in the breach, but cybersecurity events of any kind can still have serious repercussions for any company. In this case, the company’s shares dropped by nearly 6% after the breach, and JFS will incur the cost of cybersecurity specialists who are working to secure their network retroactively.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Shareholders recognize that a data breach will inevitably impact a company’s bottom line and sell offs have become a common response to many cybersecurity incidents. This only accelerates and amplifies brand erosion. When coupled with consumers’ wariness surrounding cybersecurity breaches, it’s clear that the financial impact of a data breach can be extensive and long-lasting.


Spain – Everis 

https://www.bleepingcomputer.com/news/security/ransomware-attacks-hit-everis-and-spains-largest-radio-network/

Exploit: Ransomware
Everis: Managed service provider

twib-severeRisk to Small Business: 2.666 = Severe: A ransomware attack forced Everis to disconnect their network, cutting off services to employees and customers alike. The attack encrypted many of the company’s files, and it caused a frantic response from IT administrators who warned employees to keep their computers turned off to avoid infection. The hackers left a ransom note that includes a contact address, and they demanded $835,923 to provide a decryption key. In the meantime, the company’s services are entirely inaccessible, and employees are unable to complete work, signaling impending financial implications for the company.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are incredibly costly. Not only are companies tasked with either paying a pricey ransom or acquiring IT support to restore their information, but the brand erosion, opportunity cost, and reduction in productivity all compound the costs. Since there is no cheap way to recover from such an attack, establishing a robust defensive posture is the only advantageous way forward.

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 
View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.