The Week In Breach News 04/28/2021 - 05/04/2021

by Wally Moore

on May 5, 2021

in Data Breach

The Week In Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our partner and friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

by ID Agent


It’s a very public-sector-oriented Week in Breach. Ransomware woes have made a home in five North American locales (complete with a new gang on the scene), trouble rained on everyone’s parade at Swiss Cloud and we’ll explore the idea of cybercrime as a public health threat.


Cyber resilience

Get on The Road to Cyber Resilience to make your next stop successful no matter what challenges lie ahead. START YOUR ENGINE>>


United States

United States – Metropolitan Police Department of the District of Columbia

https://www.washingtonpost.com/local/public-safety/hacking-group-that-targeted-dc-police-briefly-posts-internal-police-files/2021/04/29/db18c98c-a8f2-11eb-8c1a-56f0cb4ff3b5_story.html

Exploit: Ransomware

Metropolitan Police Department of the District of Columbia: Law Enforcement Agency

Severity meter

Risk to Business: 1.717= Severe

The Babuk Locker ransomware gang snatched data from the DC Metropolitan Police. The sample the cybercrime group posted, included 576 pages of personnel files including full names, Social Security numbers, phone numbers, financial and housing records, job histories, and polygraph assessments for current and former officers. That data was briefly visible on the gang’s site but taken down after a short period. No word on whether the gang was paid or the exact contents of the stolen files. In total, the Babuk Locker gang claims it downloaded more than 250 GB of data from DC Police servers.

Severity meter

Individual Risk: 2.166= Severe

Current and former employees of the Metro Police may be in danger of spear phishing, identity theft, or blackmail and should remain alert for fraud attempts.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Data theft like this is the bread and butter of cybercrime. This data is especially desirable because it contains information about law enforcement. When storing this kind of information, ensuring that you’re using multi-factor authentication is essential as is antiphishing security to guard against ransomware.

ID Agent to the Rescue: Make sure that everyone on the IT team is up to date on today’s threats and ready for tomorrow’s with the tips and tricks in “The Security Awareness Champion’s Guide." GET THIS FREE BOOK>>


United States – Illinois Office of the Attorney General

https://therecord.media/ransomware-gang-leaks-court-and-prisoner-files-from-illinois-attorney-general-office/ 

Exploit: Ransomware

Illinois Office of the Attorney General: State Government Agency

Severity meter

Risk to Business: 1.807= Severe

The DopplePaymer ransomware gang has leaked a large collection of files from the Illinois Office of the Attorney General after the agency declined to pay the ransom that the gang demanded. The cybercriminals released information from court cases orchestrated by the Illinois OAG, including some private documents that do not appear in public records. The data also contains personally identifiable information about state prisoners, notes of their grievances, and case information.

Severity meter

Risk to Business: 2.177= Severe

In the documents posted so far, there is some personal data for prisoners, but the full extent of the breach is not clear. Formerly incarcerated people may be at risk of blackmail or spear phishing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: More than 50% of businesses were impacted by ransomware in the last 12 months. By taking sensible precautions like antiphishing software, secure identity, and access management, and updated security awareness training, companies can avoid this menace.

ID Agent to the Rescue: Make sure that you’re covering all of the bases to avoid breaches and nasty regulatory action with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>


United States – Pennsylvania Department of Health

https://6abc.com/covid-19-contact-tracing-coronavirus-pennsylvania-pa-data-breach-insight-global/10560542/

Exploit: Third-Party Data Breach

Pennsylvania Department of Health: State Government Agency

Severity meter

Risk to Business: 1.803 = Severe

The Pennsylvania Department of Health received an unpleasant shock when it learned that the third-party firm it had employed to process contact tracing data had made data handling mistakes, potentially opening thousands of residents of the Keystone State up to trouble. The contractor, Atlanta-based Insight Global reported that several employees violated security protocols to create unauthorized documents outside of the secure data system that the state’s contract required using the data collected.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.277 = Severe

Some of the records in question associated names with phone numbers, emails, genders, ages, sexual orientations, and COVID-19 diagnoses and exposure status. They did not include financial account information, addresses, or Social Security numbers. A daytime hotline is available for anyone concerned they might have been involved at 855-535-1787. Free credit monitoring and identity protection services will be offered.

Customers Impacted: 72,000

How it Could Affect Your Customers’ Business: No business is an island. That’s why it pays to take precautions against potential intrusions and data theft that results from a service provider’s cybersecurity failure

ID Agent to the Rescue: Keep your data in and the bad guys out with Passly. By including multiple security essentials into one tool, Passly does the job of multiple solutions at a price everyone will love. WATCH A VIDEO DEMO>>


United States – Wyoming Department of Health

https://www.infosecurity-magazine.com/news/data-breach-impacts-1-in-4/ 

Exploit: Unsecured Data

Wyoming Department of Health: State Government Agency

Severity meter

Risk to Business: 2.303 = Severe

Wyoming’s Department of Health (WDH) has announced the accidental exposure of personal health information belonging to more than a quarter of the state’s population on GitHub.com. The data breach occurred when an estimated 53 files containing laboratory test results were mishandled by a worker. Data in the leaked files included test results for flu and COVID-19 performed for Wyoming. One file containing breath alcohol test results was also exposed.

Severity meter

Individual Risk: 2.676 = Severe

Along with the test results were patients’ names, ID numbers, addresses, dates of birth, and dates of when tests had been carried out. WDH has begun the process of notifying impacted individuals and victims will be offered a year of free identity theft protection.

Customers Impacted: 164,021 Wyoming residents and others. 

How it Could Affect Your Customers’ Business: Taking care of business includes taking care of training to prevent slip-ups like this that will ultimately cost the state millions after remediation and fines.

ID Agent to the Rescue: Security awareness training including phishing resistance with BullPhish ID is easy and painless for trainers and employees. SEE IT AT WORK IN A NEW VIDEO!>>


Canada

Canada – The Resort Municipality of Whistler 

https://www.bleepingcomputer.com/news/security/whistler-resort-municipality-hit-by-new-ransomware-operation

Exploit: Ransomware

The Resort Municipality of Whistler: Municipal Government 

Severity meter

Risk to Business: 1.867 = Severe

The Resort Municipality of Whistler (RMOW) has temporarily suspended all online and some in-person services in the wake of a ransomware attack purportedly carried out by an unnamed new ransomware gang. The group leaked some data on its unfinished dark website and claims to have stolen 800 GB of data. RMOW states that they are currently working with cybersecurity experts and the Royal Canadian Mounted Police (RCMP) to investigate further.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware has been an increasingly popular tool for cybercriminals to use against targets in the education sector. Preventing it from hitting systems is just as important as protecting data.

ID Agent to the Rescue: Stopping ransomware starts with stopping phishing. In “The Phish Files", you’ll learn strategies to spot and stop phishing attacks fast. READ THIS BOOK>>


Password

Is your password a hero or a zero? See how it stacks up! Get the eBook Is That Your Password now! GET THIS BOOK>>


United Kingdom

United Kingdom – Merseyrail

https://www.bleepingcomputer.com/news/security/uk-rail-network-merseyrail-likely-hit-by-lockbit-ransomware/

Exploit: Ransomware

Merseyrail: Train Operator

Severity meter

Risk to Business: 1.672 = Severe

Merseyrail, a UK rail network that provides train service through 68 stations in the Liverpool area, has been hit with a suspected ransomware attack. Reporters have been contacted by the LockBit ransomware gang claiming responsibility. The gang supposedly accessed the rail company’s systems through a compromised administrator email account. The cybercriminals claim to have personal information about the railway’s employees and business data. The incident is under investigation.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware, especially targeted ransomware, is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen about disrupting business operations and holding them hostage until they’re paid.

ID Agent to the Rescue: Don’t let cybercriminals slow your business down – learn to mitigate the risk of trouble in Ransomware 101. DOWNLOAD FREE EBOOK>>


Switzerland – Swiss Cloud

https://securityaffairs.co/wordpress/117433/cyber-crime/swiss-cloud-ransomware-attack.html

Exploit: Ransomware

Swiss Cloud: Cloud Hosting Provider 

Severity meter

Risk to Business: 2.217 = Severe

Cloud hosting provider Swiss Cloud was hit by a ransomware attack that brought down the company’s server infrastructure. The company is currently working to restore operations from its backups with the help of experts from HPE and Microsoft. The impacted servers are expected to be restored by next week. The disruption has impacted server availability for more than 6,500 customers.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the modern cybercriminal’s weapon of choice. Make sure your clients are taking every possible precaution because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.

ID Agent to the Rescue: Review the trends in ransomware in 2020 and see how we expect it will impact businesses in 2021 in The Global Year in Breach 2021. GET THIS BOOK>>


Dark Web ID

Take a deep dive into the dark web with experts (and take home a deck of screenshots) In the webinar Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>


Australia

Australia – UnitingCare Queensland 

https://www.zdnet.com/article/unitingcare-queensland-security-incident-takes-some-systems-offline/

Exploit: Hacking

UnitingCare Queensland: Healthcare Support Services

Severity meter

Risk to Business: 2.112 = Severe

UnitingCare Queensland has confirmed it has been impacted by a cybersecurity incident that has caused some of its systems to become inaccessible as remediation efforts begin. The organization supplies eldercare, disability support, in-home health care, and crisis response services. The company does not expect significant disruptions in care as a result of the incident which is under investigation.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Malware and ransomware have been the plague of increasingly beleaguered healthcare targets. Every organization in the sector should step up phishing resistance training to reduce the chance of falling prey to an attack.

ID Agent to the Rescue: Get the tools that you need to conduct security awareness training that includes phishing resistance painlessly in the new BullPhish ID. SEE THE UPDATE WEBINAR>>


Guide To Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Added intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


Cybersecurity Risk Protection Checklist

Don’t become a cybercrime statistic. The Cybersecurity Risk Protection Checklist will help you find and fix security gaps. GET IT>>


Resource spotlight

Learn Fresh Tips to Mitigate Phishing Risk from Experts


Did you know that more than 75% of organizations worldwide were impacted by phishing last year? We know you’re constantly working to keep your clients (and your business) safe from phishing-related cybercrime. But you’re not in the fight to defend your clients from phishing alone – our experts are here to help with the latest strategies and tools to stay off cybercriminals’ hooks! In “The Phish Files: Special Edition” you’ll learn:

  • How to fight back and defeat today’s nastiest variants of popular phishing attacks
  • Why you’ll benefit from adding automated phishing defense to your menu

Dive into “The Phish Files: Special Edition“! LISTEN NOW>>

Ready to See the Future Of Cybercrime?

Learn to discern the trends that will impact your clients and your business this year. In The Global Year in Breach 2021, you’ll see how 2020’s cybersecurity rollercoaster deposited us where we are today, and what we see ahead. GET YOUR FREE COPY>>

Are you ready for what’s next in cybersecurity? Make sure you’re covering all the bases with the Cybersecurity Risk Protection ChecklistDOWNLOAD IT>>


 

Featured Briefing

The Healthcare Sector is Still Under Siege by Cybercriminals


Although every industry has been impacted by cyberattacks during the unprecedented wave of cybercrime in 2020, the healthcare sector really experienced a disproportionate share. That wasn’t good news in the middle of a global pandemic that was driving already challenged healthcare organizations to the brink and beyond in the worst health crisis in generations. Cybercriminals saw an opportunity and they took it – confirmed data breaches in the healthcare industry increased by 58% in 2020. Now industry experts are wrestling with a thorny question: are healthcare cyberattacks a legitimate public health crisis?

No one disputes that cyberattacks against hospitals, health systems, research facilities, pharmaceutical manufacturers, and even temperature-controlled transportation were incredibly disruptive to the COVID-19 pandemic response around the world. Experts estimate that the healthcare sector alone lost $25 billion alone last year and an estimated 27% of all cyberattacks in 2020 targeted healthcare organizations. That’s not including pharmaceutical companies, research facilities, testing laboratories, equipment manufacturers, technology providers, insurance companies, and myriad other healthcare-related businesses.

This onslaught led to huge problems exactly when hospitals and clinics couldn’t stand to have anything else go wrong. Unfortunately, according to researchers at Blackberry, healthcare sector businesses are the most likely to pay ransoms, making them extremely attractive targets. The information gained in healthcare data breaches is also exceptionally desirable and valuable. During the race to develop a COVID-19 vaccine, the pressure was on pharmaceutical companies, with three major contenders breached in one week at the peak of the pressure. Two specific outcomes for healthcare-related cyberattacks have made an especially strong case for healthcare cybercrime constituting a public health crisis.


Phishing

Don’t get caught by phishing! Learn more about types of attacks and how to avoid them in The Phish Files. READ THIS BOOK>>

Ransomware

Ransomware attacks against every target soared in 2020, and healthcare was no exception. Attacks against healthcare organizations dramatically increased in Q4 2020, with a month-over-month increase of about 45% in early November. That followed an alarming 71% spike in October. Researchers noted that on average, businesses and organizations faced an average of 440 ransomware attacks per week in October 2020 – and by the end of November 2020 that number climbed to 626 — nearly 90 attacks every single day.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) didn’t wait to make a pronouncement about the status of ransomware attacks on healthcare targets. CISA, FBI, and HHS joined together in a rare joint warning the healthcare sector on October 28, 2020, to be on high alert for a new flood of attacks and continuing pressure, including potential activity by nation-state threat actors. Private security experts agree that it was the right call. At the time, the alert specifically called out TrickBot ransomware, but the suggested precautions would offer healthcare organizations strong protection against most other types of ransomware as well.


Care Continuum Impacts

The most feared result of potential cyberattacks against healthcare targets is a disruption in care. Many hospital systems experienced IT outages as a result of cyberattacks that caused serious problems. In some cases, hospitals were forced to resort to old-fashioned written records during these outages, or they experienced an inability to access important test results, scans, x-rays, and other important patient information. Universal Health Services (UHS), a nationwide hospital and health facility operator in the US, experienced a massive IT network outage in late September 2020. The company was forced to disconnect its IT system after identifying a malware attack. The outage lasted for eight days in the middle of a pandemic wave, creating more stress for already overburdened medical; staffers in its facilities. In hundreds of UHS healthcare facilities across the US, healthcare workers were forced to resort to cumbersome downtime protocols and paper records during the outage.

It wasn’t just hospitals who have felt the pinch. Just last week, scores of US hospitals were impacted by a security breach at a specialist provider of equipment for cancer treatments. Supply chain and third-party risk have been a nightmare for every industry in the last 12 months. Swedish oncology and radiology system provider Elekta’s announcement of a data security incident, purported to be ransomware, was a heavy blow to 42 hospitals that were reliant on its first-generation cloud-based storage system. This led to an inability for providers to access the precise notes and details of radiotherapy treatments for patients. Yale-New Haven Health in Connecticut was forced to take its radiation equipment offline for over a week, resulting in many of the hospital’s cancer patients being transferred to other providers with little notice. Care disruptions are an unfortunate reality for many hospitals, and that makes cybercrime like this a public health emergency.


Passwords

Is your data really password-protected? Learn the truth in Building Better Passwords. GET THIS BOOK>>

Strengthen Protection Now to Avoid Disaster Later

It is essential that your clients in the healthcare sector and related industries take this escalation of threat very seriously. By putting strong, sensible protections in place, especially against phishing, you and your clients can have peace of mind knowing that you’ve put powerful protection in place to keep systems and data safe.

  • Secure identity and access management are a must-have. If you can only afford to add or upgrade one solution this year make it secure identity and access management with Passly. You’ll get a tremendous bang for the buck with 99% protection against password-based cybercrime thanks to multifactor authentication, which also makes a phished password useless) and more essential tools to keep bad guys out and data in.
  • Fight phishing to fight ransomware. Over 90% of employees in a recent survey were unable to identify a sophisticated phishing attack. The best way to stop ransomware is to stop phishing attacks from reaching an employee inbox. The best way to do that is to add Graphus to your security plan. It spots and stops 40% more phishing emails than competitors.
  • Create a strong security culture. Mishandling of data and improper access caused 21% of healthcare breaches in 2020. Sloppy cybersecurity practices are a slippery slope to disaster. Security awareness training that includes phishing resistance can reduce the chance of an organization suffering a damaging cybersecurity incident like data mishandling or phishing by up to 70%. Choose a solution like BullPhish ID to provide that training, featuring customizable content to reflect real industry threats delivered through a portal that makes training painless for everyone.

Note To Our Customers

Is Cybercrime a Public Health Menace?


Healthcare organizations worldwide have seen an onslaught of cyberattacks in the last 12 months as cybercriminals seek to profit from an overburdened yet essential resource. In the midst of the global pandemic, heartless cybercriminals chose to slam healthcare and healthcare-related organizations with ransomware, phishing, hacking, and other dangerous and disruptive cyberattacks. That means that cybercrime isn’t just an expensive inconvenience – it’s a public health menace.

Ransomware incidents had a huge impact on the healthcare sector in 2020 – attacks against healthcare organizations have jumped about 45% since early November. Many of those attacks didn’t just snatch data from hospitals. Some ransomware attacks caused significant patient care disruptions, forcing staffers to rely on old-fashioned pencil and paper records in the midst of the world’s worst health crisis in generations.

Data breaches at healthcare organizations have also soared by an estimated 55% in 2020, with huge spikes in Q4. These breaches affected more than 26 million people. That’s a big contributor to the flood of personally identifiable information that made its way to the dark web last year, increasing every company’s risk for dangers like a credential compromise.

Protect your business from the increased risk of ransomware and credential compromise that healthcare and even healthcare-adjacent businesses are facing today. You’ll get the most value for your money by adding secure identity and access management using a dynamic solution like Passly. It includes multifactor authentication, one tool that provides strong protection against 99% of password-based cybercrime, like a phished password. You’ll have peace of mind knowing that you’ve made a strong move for your business.

If you only do one thing to improve your company’s cybersecurity posture this year, make it adding powerful protection against cybercrime with secure identity and access management with Passly.

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW