The Week in Breach: 10/09/19 – 10/15/19 | CloudSmart IT

The Week in Breach: 10/09/19 – 10/15/19

This week, hackers hijack a shoe company’s email list, patients are upset about healthcare data breaches, and Twitter comes under fire for data misuse.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: 
Top Industry: 
Education & Research
Top Employee Count: 
501+ Employees 

United States – UAB Medicine

Exploit: Phishing attack
UAB Medicine: Academic medical center based in Birmingham, Alabama

twib-severeRisk to Small Business: 1.666 = Severe: A phishing attack tricked several employees into providing their email credentials to hackers, which subsequently exposed the protected health information for thousands of patients. The email purported to originate from a hospital executive, asking employees to participate in a fake business survey. Executives believe that hackers were trying to access the healthcare provider’s payroll system, but they were prevented from reaching this information. Regardless, the August 7th breach will have significant impact on the patients whose data was compromised and on UAB Medicine, as they will bear the cost of credit monitoring and identity theft protection services as well as the increased regulatory scrutiny because of the nature of the information involved.
correct severe gaugeIndividual Risk: 2.571 = Moderate: Hackers had access to patients’ protected health information, including names, medical record numbers, dates of birth, dates of service, location of service, and other medical-related information. Some patients also had their Social Security numbers compromised. UAB Medicine is encouraging anyone impacted by the breach to closely monitor their accounts and benefit statements for fraudulent activity. In addition, they should enroll in the year of free credit and identity monitoring services provided by UAB Medicine.

Customers Impacted: 19,557
How it Could Affect Your Customers’ Business: Despite your best efforts, phishing attacks will likely make their way into your employees’ inboxes at some point. Fortunately, comprehensive awareness training can empower employees to sidestep ongoing efforts at gaining access to your network and compromising your data. Given the growing costs associated with a data breach, the ROI on cybersecurity best practices is remarkably clear, and should be required for every employee with an email account.

United States – Magnolia Pediatrics

Exploit: Ransomware
Magnolia Pediatrics: Full service pediatric medical provider

twib-severeRisk to Small Business: 1.555 = Severe: A ransomware attack on the clinic’s IT company allowed hackers to access Magnolia Pediatrics’ network and encrypt it with ransomware. The company paid an undisclosed fee and received a decryption code to retrieve their information. Now, the practice has reset all user passwords, and they installed new firewalls and spam filters to protect against similar threats in the future. Of course, such retroactive measures cannot undo the costs associated with ransom payments, bad press, and negative publicity that could encourage patients to take their business elsewhere.
twib-severeIndividual Risk: 2.428 = Severe: Hackers encrypted patient data, including names, dates of birth, Social Security numbers, addresses, phone numbers, insurance information, and medical records. Magnolia Pediatrics doesn’t believe that any patient data was misused in the breach, but they are encouraging all users to monitor their credit card statements for unusual activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Whether companies choose to pay a ransom or restore their IT infrastructure, ransomware attacks are undoubtedly expensive. With additional financial repercussions that can last indefinitely, every company has thousands of reasons to protect their networks from damaging malware. Taking preventative steps before a breach occurs can save time, money, and personnel resources, making defensive maneuvers the cost-effective, advantageous approach to addressing the threat of ransomware.

United States – TOMS

Exploit: Unauthorized database access
TOMS: Designer and producer of shoes, eyewear, coffee, apparel, and handbags

twib-severeRisk to Small Business: 2.333 = Severe: In an unusual cybersecurity incident, a hacker hijacked the mailing list for TOMS and sent a message encouraging customers to log off their devices and enjoy the outdoors. The message was not malicious in nature, but the hacker admitted that he accessed the platform for a significant time period before sending the email. The hacker also ridiculed bad actors, describing their actions in obscene language sent to TOMS customers. Fortunately, the hacker didn’t disrupt any other elements of TOMS’ IT infrastructure, but his actions highlight the company’s weak cybersecurity standards, which could negatively impact the company on many fronts.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s customers value cybersecurity as highly as any other component of a company. This incident broadly publicized the company’s shortcomings, inviting media and customer scrutiny and serving as a warning for other companies to protect their IT environment at every level. This time, the breach was merely embarrassing, but the next one could be devastating.

United States – Methodist Hospitals

Exploit: Phishing attack
Methodist Hospitals: Community-based healthcare system located in Gary, Indiana

twib-extremeRisk to Small Business: 1.222 = Extreme: A successful phishing attack against two employees compromised the private health data for thousands of patients. The incident occurred in June, but the healthcare provider didn’t finish investigating the breach until August. It’s unclear why the company waited two months before making the breach public. Regardless, Methodist Hospitals will face intense regulatory scrutiny due to the nature of information involved.
twib-severe Individual Risk: 2.142 = Severe: The compromised data was accessed on June 12th or between July 1st and July 8th. It included patient names, addresses, health insurance information, Social Security numbers, government ID information, passport numbers, financial account numbers, payment card information, electronic signatures, usernames, and passwords. This incredibly expansive data set has great value on the Dark Web, as it can be used to perpetuate additional cybercrimes. Therefore, those impacted by the breach should take every precaution to protect their data, including contacting their financial institutions and enrolling in credit and identity monitoring services

Customers Impacted: 68,039
How it Could Affect Your Customers’ Business: Today’s digital landscape is replete with threats, but companies are not defenseless. Phishing scams require employees to actively compromise their credentials, and comprehensive awareness training can equip team members to identify and report fraudulent communications, effectively rendering them useless and creating a safe environment for your customers’ data.

Canada – PAL Airlines

Exploit: Unauthorized database access
PAL Airlines: Economy airlines serving multiple locations

twib-severeRisk to Small Business: 1.777 = Severe: A single employee email account was compromised, giving hackers access to sensitive customer and employee data. In response, the company is working with the federal authorities to determine the exact cause and scope of the incident. In the meantime, the airline is making efforts to contact customers, a necessary next step but one that is also unlikely to reduce the blowback resulting from lax cybersecurity standards.
correct severe gaugeIndividual Risk: 2.571 = Moderate: Although hackers only accessed limited amounts of personal information, they did have access to customer and employee names, dates of birth, and credit card information. This data can quickly spread on hacker forums and Dark Web marketplaces, so those impacted by the breach should notify their financial institutions of the breach while also monitoring their accounts for unusual or fraudulent activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers and regulatory bodies are increasingly unwilling to overlook companies that can’t protect their data. Therefore, even relatively small data breaches can have an outsized bottom-line impact that can far outlast the actual data loss event. In today’s digital landscape, minimizing risk exposure and ensuring appropriate defenses is a critical component of any successful business.

Canada – TransUnion

Exploit: Unauthorized database access
TransUnion: Consumer credit reporting agency

twib-severeRisk to Small Business: 2.111 = Severe: Using compromised user credentials, hackers accessed the personal information of Canadian TransUnion customers. The breach, which occurred between June 2019 and July 2019 and detected in August, shines a spotlight on the company’s delayed breach response and notification process. Although the company’s IT infrastructure wasn’t at fault, their inability to account for a holistic vulnerability that allowed hackers using stolen credentials to access their customers’ information, will bring negative media scrutiny and public attention to the company.
correct severe gaugeIndividual Risk: 2.857 = Moderate: TransUnion did not release a specific overview of the compromised data; however, the sensitive nature of their business means that personally identifiable information was likely included in the event. Notably, the company acknowledged that credit report data was exposed in the breach. This can include individuals’ names, dates of birth, current and former addresses, information on existing card and loan obligations, social insurance numbers, and other sensitive data.

Customers Impacted: 37,000
How it Could Affect Your Customers’ Business: The deluge of data breaches in the past several years have made login credentials widely available to bad actors. Therefore, today’s companies should be proactive about identifying compromised credentials and taking intentional steps to limit accessibility using this information.

United Kingdom – Norfolk and Norwich University Hospital

Exploit: Accidental data exposure
Norfolk and Norwich University Hospital: Healthcare provider issuing services in Norfolk, England

twib-severeRisk to Small Business: 2 = Severe: A clerical error stemming from the hospital’s IT infrastructure resulted in eleven people receiving letters containing personal information from other patients. The breach was identified when a patient returned one of the letters to the hospital. Administrators are reaching out to those affected, but their efforts haven’t satiated the victims’ concerns. Instead, they are taking to the media to express their displeasure with the healthcare provider’s data security standards.

Individual Risk: No personal information was compromised in the breach.

correct severe gaugeIndividual Risk: 2.571 = Moderate: The letters contained patients’ names, addresses, dates of birth, and reason for attendance. Because of the small scope of data exposure, patients’ carry little risk of identity theft or other related crimes, but they should be mindful that their information was accessible by unintended third parties.

Customers Impacted: 11
How it Could Affect Your Customers’ Business: Data exposure is a big deal to today’s consumers, and, regardless of the breach methodology, they will hold companies accountable. In this case, patients spoke directly with the media, expressing their displeasure with Norfolk and Norwich University Hospital’s data security protocols. This negative publicity can have far-reaching consequences that can reach much further than the initial damage of the data breach.

Netherlands –

Exploit: Unauthorized database access Adult entertainment website

twib-severeRisk to Small Business: 1.888 = Severe: Hackers accessed a database for the adult website, attaining the personal details for thousands of users. Making matters worse, the bad actor is actively trying to sell this information on the Dark Web. While the sensitive nature of the information is somewhat unique, the incident underscores the robust market for personal details that can be used for everything from extortion schemes to spear phishing attacks.
correct severe gaugeIndividual Risk: 2.714 = Moderate: Personally identifiable information, including email addresses, user names, IP addresses, and scrambled passwords were compromised. Those impacted by the breach should be especially leery of sextortion attempts that seek a cryptocurrency ransom in exchange for concealing embarrassing personal details from publication.

Customers Impacted: 250,000
How it Could Affect Your Customers’ Business: Consumers trust digital platforms to protect their personal information, and failure to do so can be detrimental to any business’s success. Simply put, any relevant business plan needs to include an intentional approach to data security that actively protects users’ information, and companies that can’t achieve these objectives are unlikely to remain competitive as consumers take their business elsewhere and regulatory consequences eat away at their profits.

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.