This week: Check out a weird twist a cyberattack took on a school system, get all the details of a ransomware attack at Seiko. From insurance to medical, and even a library, cyber attacks were rampant this past week.
Check out how CloudSmart IT’s Cybersecurity offerings can help protect your sensitive data.
American Family Insurance
https://www.scmagazine.com/brief/cyberattack-related-outages-reported-by-american-family-insurance
Exploit: Hacking
American Family Insurance: Insurer
Risk to Business: 2.227 = Severe
Insurance giant American Family Insurance has admitted that it experienced a cyberattack last week that has disrupted some of its systems. The company said that it detected an intrusion and shut down systems for safety. Customers have reported being unable to pay bills or file claims online. They are instead directed to contact American Family Insurance via phone instead. The incident is under investigation.
How It Could Affect Your Customers’ Business: Companies like this often hold large quantities of valuable data making them attractive targets.
Westchester Medical Center Health Network (WMCHealth)
https://healthitsecurity.com/news/cyberattack-on-ny-hospitals-forces-ambulance-diversions
Exploit: Hacking
Westchester Medical Center Health Network (WMCHealth): Healthcare System
Risk to Business: 1.211 = Extreme
Hospitals associated with the Westchester Medical Center Health Network (WMCHealth) in New York were forced to temporarily divert ambulances to other hospitals and shut down their IT systems in response to a cyberattack last week. The impacted hospitals are HealthAlliance Hospital and Margaretville Hospital, both members of the HealthAlliance of the Hudson Valley. WMCHealth had confirmed the cyberattack on October 21. Both HealthAlliance Hospital and Margaretville Hospital remained open but were forced to divert patients.
How It Could Affect Your Customers’ Business: Medical centers cannot afford disruptions like this that can impact patient care.
Clark County School District (CCSD)
Exploit: Ransomware
Clark County School District (CCSD): Education System
Risk to Business: 1.603 = Severe
The fifth-largest school system in the U.S. Clark County School District is in hot water after suffering a massive data breach as the result of a ransomware attack. October 5, 2023, Clark County School District said that it became aware of a cybersecurity incident impacting its email environment on October 5. In a strange twist, parents of CCSD students received emails from the perpetrators, who identified themselves as SingularityMD, informing them that their child’s data had been compromised. The letters included PDF files with stolen data, including student photos, email addresses and student ID numbers. The school system confirmed that it experienced a data breach, saying that some student data had been snatched by hackers in the incident.
How It Could Affect Your Customers’ Business: Contacting parents directly after a ransomware attack on a school is an alarming development.
Stanford University
https://www.databreaches.net/stanford-university-investigating-cybersecurity-incident/
Exploit: Ransomware
Stanford University: Institution of Higher Learning
Risk to Business: 2.740 = Moderate
The Akira ransomware group has claimed responsibility for a cyberattack on Stanford University within the network of the school’s Department of Public Safety. The threat actors claimed to have stolen 430 GB of data. The university was quick to reassure the public that the attack did not impact the campus police’s ability to respond to emergencies. No specifics were available about the types of data stolen or any ransom demand at press time.
How It Could Affect Your Customers’ Business: Educational institutions at every level have been experiencing elevated cyberthreat levels.
TransForm
Exploit: Hacking
TransForm: Healthcare IT Services Provider
Risk to Business: 1.673 = Severe
Healthcare specialty IT service provider TransForm experienced a cyberattack that disrupted operations at five Canadian hospitals last week. The impacted healthcare facilities included Windsor Regional Hospital, Hotel Dieu Grace, Chatham-Kent Health Alliance, Erie Shores Healthcare and Hospice of Windsor-Essex. Patients were instructed to defer their scheduled appointments as a result of the incident. The company said that there has been no evidence so far that any patient data compromise.
How it Could Affect Your Customers’ Business: Supply chain and third-party risk have ballooned for businesses and it can have devastating results for a company’s customers and partners.
Toronto Public Library
https://www.itworldcanada.com/article/toronto-public-library-hit-by-cyber-attack/550985
Exploit: Hacking
Toronto Public Library: Library System
Risk to Business: 1.612 = Severe
The Toronto Public Library, the largest library system in Canada, has fallen victim to a cyberattack. All of the library system’s 100 locations remained open, but the publicly available computers and printing services at every branch were rendered unavailable. Users’ online accounts and the library’s digital collections were also knocked out. Library officials said that the attack began last Saturday. Officials said the library system is working with third-party forensics experts to investigate the attack.
How it Could Affect Your Customers’ Business: Cyberattacks are growing more frequent for institutions in every sector, not just businesses.
Chile – Grupo GTD
Exploit: Ransomware
Grupo GTD: Telecommunications Company
Risk to Business: 2.002 = Severe
Grupo GTD has experienced a cyberattack that has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services. The attack occurred on October 2, and it impacted numerous services, including its data centers, its OTT television system, internet access and Voice-over-IP (VoIP) services. Grupo GTD also said that some public services experienced website outages. The incident is under investigation.
How it Could Affect Your Customers’ Business: Major operational disruptions like this one are disastrous for companies and can have lasting repercussions.
Japan – Seiko
Exploit: Ransomware
D-Link: Network Hardware Manufacturer
Risk to Business: 2.716 = Moderate
Major Japanese watchmaker Seiko has admitted that the company suffered a data breach caused by a ransomware attack by the ALPHV/Black Cat ransomware group. The company confirmed that nearly 60,000 items of personal data had been snatched from the systems of several of its business units. Some of the stolen data belonged to consumers who bought from Seiko Watch Corporation. Another tranche belonged to business partners of Seiko Watch Corporation, Seiko Group Corporation and Seiko Instruments Incorporated. Some employee data and job seeker data from employees of Seiko Group Corporation was also stolen.
How it Could Affect Your Customers’ Business: Customers are not bullish on companies that fail to protect their personal data.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.