The Week in Breach: 04/28/21-05/04/21 | CloudSmart IT

The Week in Breach: 04/28/21-05/04/21

 
 

This week is a very public-sector-oriented Week in Breach. Ransomware woes have made a home in five North American locales (complete with a new gang on the scene), trouble rained on everyone’s parade at Swiss Cloud, and we’ll explore the idea of cybercrime as a public health threat.


United States – Metropolitan Police Department of the District of Columbia

https://www.washingtonpost.com/local/public-safety/hacking-group-that-targeted-dc-police-briefly-posts-internal-police-files/2021/04/29/db18c98c-a8f2-11eb-8c1a-56f0cb4ff3b5_story.html

Exploit: Ransomware

Metropolitan Police Department of the District of Columbia: Law Enforcement Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

The Babuk Locker ransomware gang snatched data from the DC Metropolitan Police. The sample the cybercrime group posted, included 576 pages of personnel files including full names, Social Security numbers, phone numbers, financial and housing records, job histories and polygraph assessments for current and former officers. That data was briefly visible on the gang’s site, but taken down after a short period. No word on whether the gang was paid or the exact contents of the stolen files. In total, the Babuk Locker gang claims it downloaded more than 250 GB of data from DC Police servers.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.166= Severe

Current and former employees of the Metro Police may be in danger for spear phishing, identity theft or blackmail and should remain alert for fraud attempts.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Data theft like this is the bread and butter of cybercrime. This data is especially desirable because it contains information about law enforcement. When storing this kind of information, ensuring that you’re using multifactor authentication is essential as is antiphishing security to guard against ransomware.


United States – Illinois Office of the Attorney General

https://therecord.media/ransomware-gang-leaks-court-and-prisoner-files-from-illinois-attorney-general-office/ 

Exploit: Ransomware

Illinois Office of the Attorney General: State Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.807= Severe

The DopplePaymer ransomware gang has leaked a large collection of files from the Illinois Office of the Attorney General after the agency declined to pay the ransom that they gang demaded. The cybercrimnals released information from court cases orchestrated by the Illinois OAG, including some private documents that do not appear in public records. the data also contains personally identifiable information about state prisoners, notes of their grievances, and case information.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.177= Severe

In the documents posted so far there is some personal data for prisoners, but the full extent of the breach is not clear. formerly incarcerated people may be at risk of blackmail or spear phishing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business More than 50% of businesses were impacted by ransomware in the last 12 months. by taking sensible precautions like antiphishing software, secure identity and access management and updated security awareness training, companies can avoid this menace.


United States – Pennsylvania Department of Health

https://6abc.com/covid-19-contact-tracing-coronavirus-pennsylvania-pa-data-breach-insight-global/10560542/

Exploit: Third Party Data Breach

Pennsylvania Department of Health: State Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.803 = Severe

The Pennsylvania Department of Health received an unpleasant shock when it learned that the third-party firm it had employed to process contact tracing data had made data handling mistakes, potentially opening thousands of residents of the Keystone State up to trouble. The contractor, Atlanta-based Insight Global reported that several employees violated security protocols to create unauthorized documents outside of the secure data system that the state’s contract required using the data collected.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.277 = Severe

Some of the records in question associated names with phone numbers, emails, genders, ages, sexual orientations and COVID-19 diagnoses and exposure status. They did not include financial account information, addresses or Social Security numbers. A daytime hotline is available for anyone concerned they might have been involved at 855-535-1787. Free credit monitoring and identity protection services will be offered.

Customers Impacted: 72,000

How it Could Affect Your Customers’ Business: No business is an island. That’s why it pays to take precautions against potential intrusions and data theft that results from a service provider’s cybersecurity failure.


United States – Wyoming Department of Health

https://www.infosecurity-magazine.com/news/data-breach-impacts-1-in-4/ 

Exploit: Unsecured Data

Wyoming Department of Health: State Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.303 = Severe

Wyoming’s Department of Health (WDH) has announced the accidental exposure of personal health information belonging to more than a quarter of the state’s population on GitHub.com. The data breach occurred when an estimated 53 files containing laboratory test results were mishandled by a worker. Data in the leaked files included test results for flu and COVID-19 performed for Wyoming. One file containing breath alcohol test results was also exposed.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.676 = Severe

Along with the test results were patients’ names, ID numbers, addresses, dates of birth and dates of when tests had been carried out. WDH has begun the process of notifying impacted individuals and victims will be offered a year of free identity theft protection.

Customers Impacted: 164,021 Wyoming residents and others 

How it Could Affect Your Customers’ Business: Taking care of business includes taking care of training to prevent slip-ups like this that will ultimately cost the state million after remediation and fines.


Canada – The Resort Municipality of Whistler 

https://www.bleepingcomputer.com/news/security/whistler-resort-municipality-hit-by-new-ransomware-operation

Exploit: Ransomware

The Resort Municipality of Whistler: Municipal Government 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.867 = Severe

The Resort Municipality of Whistler (RMOW) has temporarily suspended all online and some in-person services in the wake of a ransomware attack purprtedly carried out by an unamed new ransomware gang. The group leaked some data on it’s unfinshed dark web site and claims to have stolen 800 GB of data. RMOW states that they are currently working with cybersecurity experts and the Royal Canadian Mounted Police (RCMP) to investigate further.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware has been an increasingly popular tool for cybercriminals to use against targets in the education sector. Preventing it from hitting systems is just as important as protecting data.


United Kingdom – Merseyrail

https://www.bleepingcomputer.com/news/security/uk-rail-network-merseyrail-likely-hit-by-lockbit-ransomware/

Exploit: Ransomware

Merseyrail: Train Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.672 = Severe

Merseyrail, a UK rail network that provides train service through 68 stations in the Liverpool area, has been hit with a suspected ransomware attack. Reporters have been contacted by the LockBit ransomware gang claiming responsibility. The gang supposedly accessed the rail company’s systems through a compromised administrator email account. The cybercriminals claim to have personal information about the railway’s employees and business data. The incident is under investigation.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware, especially targeted ransomware, is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen about disrupting business operations and holding them hostage until they’re paid.


Switzerland – Swiss Cloud

https://securityaffairs.co/wordpress/117433/cyber-crime/swiss-cloud-ransomware-attack.html

Exploit: Ransomware

Swiss Cloud: Cloud Hosting Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.217 = Severe

Cloud hosting provider Swiss Cloud was hit by a ransomware attack that brought down the company’s server infrastructure. The company is currently working to restore operations from its backups with the help of experts from HPE and Microsoft. The impacted servers are expected to be restored by next week. The disruption has impacted server availability for more than 6,500 customers.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the modern cybercriminal’s weapon of choice. Make sure your clients are taking every possible precaution, because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.


Australia – UnitingCare Queensland 

 https://www.zdnet.com/article/unitingcare-queensland-security-incident-takes-some-systems-offline/

Exploit: Hacking

UnitingCare Queensland: Healthcare Support Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.112 = Severe

UnitingCare Queensland has confirmed it has been impacted by a cybersecurity incident that has caused some of its systems to become inaccessible as remediation efforts begin. The organization supplies eldercare, disability support, in-home health care and crisis response services. The company does not expect significant disruptions in care as a result of the incident which is under investigation.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Malware and ransomware have been the plague of increasingly beleaguered healthcare targets. Every organization in the sector should step up phishing resistance training to reduce the chance of falling prey to an attack.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.




Is Cybercrime a Public Health Menace?


Healthcare organizations worldwide have seen an onslaught of cyberattacks in the last 12 months as cybercriminals seek to profit from an overburdened yet essential resource. In the midst of the global pandemic, heartless cybercriminals chose to slam healthcare and healthcare-related organizations with ransomware, phishing, hacking and other dangerous and disruptive cyberattacks. That means that cybercrime isn’t just an expensive inconvenience – it’s a public health menace.

Ransomware incidents had a huge impact on the healthcare sector in 2020 – attacks against healthcare organizations have jumped about 45% since early November. Many of those attacks didn’t just snatch data from hospitals. Some ransomware attacks caused significant patient care disruptions, forcing staffers to rely on old-fashioned pencil and paper records in the midst of the world’s worst health crisis in generations.

Data breaches at healthcare organizations have also soared by an estimated 55% in 2020, with huge spikes in Q4. These breaches affected more than 26 million people. That’s a big contributor to the flood of personally identifiable information that made its way to the dark web last year, increasing every company’s risk for dangers like a credential compromise.

Protect your business from the increased risk of ransomware and credential compromise that healthcare and even healthcare-adjacent businesses are facing today. You’ll get the most value for your money by adding secure identity and access management using a dynamic solution like Passly. It includes multifactor authentication, one tool that provides strong protection against 99% of password-based cybercrime, like a phished password. You’ll have peace of mind knowing that you’ve made a strong move for your business.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.