Week in Breach 5/10/-5/16/23

Risk to Business: 1.362 = Extreme

A ransomware attack on pharmacy services company PharMerica has resulted in the exposure of confidential medical data for over 5.8 million patients. The Play ransomware group perpetrated the attack, which took place on March 12th, 2023. The gang was able to snatch the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people. The ransomware gang claimed to have stolen 4.7 TB of data during their attack on PharMerica including at least 1.6 million unique records of personal information, and it has already published the stolen data.

Risk to Business: 1.692 = Severe

NextGen Healthcare, a maker of electronic health recordkeeping solutions, has disclosed that it has experienced a data breach. An estimated one million individuals have been impacted by this incident. NextGen said that it noticed suspicious activity in its network on March 30, and an internal investigation determined that bad actors had access to the company’s data from March 29 and April 14, 2023. Stolen patient data includes a patient’s name, address, birth date and Social Security number. In its data breach filing, NextGen Healthcare told the Maine Attorney General’s office that the attackers accessed its database using stolen client credentials.

Risk to Business: 2.139 = Severe

Foodservice supply giant Sysco has announced that it has experienced a data breach that may have exposed customer and supplier data in the U.S. and Canada, as well as personal information belonging to U.S. employees. Sysco sent a letter to employees that revealed that the company detected an intrusion on March 5, however, the company believes bad actors had access to data as early as January 14, 2023. The company said that the hackers swiped company data, including internal operations files, customer data and personal data. Employees had their personal data compromised, with bad actors stealing their personal information provided to Sysco for payroll purposes, including name, social security number and bank account numbers.

Risk to Business: 2.119 = Severe

The U.S. Department of Transportation (DOT) has experienced a data breach that has resulted in the exposure of personal data for an estimated 237,000 current and former federal employees. The agency said that the data breach impacts individuals that are enrolled in the US Department of Transportation’s (DOT) transit benefit program (TRANServe), a program that handles commuter transit benefits for federal agencies. Access to that program is currently offline. The breach impacted 114,000 current employees and 123,000 former employees. The employee information compromised as a result of the breach may include the name of TRANServe transit benefit recipients, their agency, work email address, work phone number, work address, home address, SmarTrip card number (used to ride the Washington, D.C. Metro) and/or TRANServe Card number.

Risk to Business: 2.781 = Moderate

The National Gallery of Canada has been forced to shut down its IT systems for the last two weeks in response to a ransomware attack. The gallery said that it discovered the attack on April 23. The museum reassured customers and members and that no customer data was stolen in the incident, admitting that some operational data had been lost. The National Gallery of Canada has remained open throughout the incident with limited technology and the attack is currently under investigation.

Risk to Business: 2.866 = Moderate

The Black Basta ransomware gang is behind a successful ransomware attack on Swiss technology giant ABB. The attack took place on May 7, with sources reporting that it hit the company’s Windows Active Directory, affecting hundreds of devices. ABB severed VPN connections with customers to prevent the spread of the attack. ABB has confirmed the attack but refused to offer details. No word on any ransom demand was available at press time.

Risk to Business: 1.883 = Severe

Tech company TechnologyOne is the latest Australian company to get hit by a ransomware attack. The software maker announced that it had been successfully attacked last Wednesday, with reports pointing to ransomware. The company said that bad actors gained access to its back-office systems. TechnologyOne was quick to reassure customers that “TechnologyOne’s customer-facing SaaS platform is not connected to the Microsoft 365 system, and therefore, has not been impacted.” The incident remains under investigation.

Risk to Business: 2.786 = Moderate

Ambulance Victoria is in hot water after the discovery that it had exposed the results of confidential drug and alcohol tests for more than 600 employees. Officials told members of the Victorian Ambulance Union in an email that confidential spreadsheets containing the test results of pre-employment drug and alcohol testing of graduate paramedics in 2017 and 2018 had been available on the staff intranet until the union alerted Ambulance Victoria to the problem last week. The exposed information included the full names of graduate paramedics, when they were tested, whether the result was positive or negative, and, if positive, the substance that had been detected. Ambulance Victoria blamed the data exposure on an “inadvertent process issue” and noted that it is under investigation. The Victorian Ambulance Union also said that is considering legal action.

Risk to Business: 2.786 = Moderate

A cloud misconfiguration is to blame for a data security incident at Japanese motor company Toyota that exposed information about two million vehicles. The automaker has apologized for the incident that affected users of the onboard T-Connect driver assistance and emergency contact system for Toyota and Lexus G-Link technology. The company said that the data collected by those systems was improperly stored, resulting in the data being publicly available from November 2013 until the snafu was discovered last month. The exposed information included in-vehicle terminal IDs, chassis numbers and vehicle locations.