The Week in Breach News: 06/08/22 – 06/14/22

Risk to Business: 2.827 = Moderate

Tenafly Public Schools was forced to cancel student final exams and resort to low-tech teaching methods to finish out the school year after ransomware had encrypted data on some computers in the district’s network. A Tenafly Public School District spokesperson said that administrators first identified the security incident Thursday and discovered that it involved the encryption of data by ransomware on some computers in the district’s network. The spokesperson went on to explain that the district’s technology department responded by isolating devices, shutting down the districtwide computer system, launching an investigation and hiring outside cybersecurity experts. No word on whether or not a ransom was or will be paid.

Risk to Business: 1.801 = Severe

Private Client Services, LLC (“PCS”) has disclosed a data breach that the company is blaming on an unauthorized party gaining access to sensitive consumer information through a compromised employee email account. The company sent data breach letters to 22,554 impacted people on May 27, 2022.

Risk to Business: 1.822 = Severe

According to PCS, the breach resulted in the names, Social Security numbers, driver’s license numbers and state identification numbers being compromised. 

Risk to Business: 1.976 = Severe

Aesto Health has announced it recently experienced a cyberattack that caused disruption to certain internal IT systems. The Alabama-based company disclosed that it had experienced a security breach that was detected on March 8, 2022. Aesto Health has brought in a third-party computer forensics company to assist with the investigation. They’ve also determined that an unauthorized individual had access to the affected systems from December 25, 2021, to March 8, 2022.

Risk to Business: 1.915 = Severe

A review of the affected files confirmed they contained patients’ protected health information, including names, dates of birth, physician names, and report findings related to radiology imaging at Osceola Medical Center (OMC) in Wisconsin. No Social Security numbers or financial information were viewed or stolen, and OMC systems and electronic medical records were unaffected.   

Risk to Business: 1.872 = Severe

OnDeck has disclosed that the company experienced a data breach after an unauthorized party gained access to the company’s computer network and transferred sensitive data to a private cloud storage account. OnDeck says that it first detected suspicious activity on March 10 and immediately shut down access to all affected devices. But three days later, OnDeck determined that the attackers had copied sensitive data to a private cloud storage account. On March 17, OnDeck’s team of investigators gained control over the cloud storage account, recovered the data, and shut down access, but there’s no word on what the threat actor might have done with the data.   

Risk to Business: 1.721 = Severe

The customer data that was compromised may include names, Social Security numbers, tax ID numbers, driver’s license numbers, passport numbers, financial account/payment card account numbers, and medical or health insurance information.

Risk to Business: 2.317 = Severe

The Canadian Department of National Defense (DND) confirmed earlier this week that a defense contractor, CMC Electronics, has alerted the government that it had experienced a cyberattack, suspected to be ransomware, in May. The company says that there is no indication to date that those responsible for the cyberattack have stolen any sensitive military information. The attack was allegedly carried out by the BlackCat ransomware group.

Risk to Business: 2.033= Severe

The cybercrime group Vice Society ransomware group has claimed responsibility for the recent ransomware attack on the city of Palermo in Italy last Friday. The incident has caused a large-scale outage for city services that impacts 1.3 million people. Most internet-reliant services remain unavailable and are expected to be down for days. Vice Society claimed they were behind the attack on Palermo in a post on their dark web data leak site, threatening to publish all stolen documents if not paid. No word on the ransom amount or if the city plans to pay.  

Risk to Business: 1.780 = Severe

Handa Hospital in Tsurugi, Tokushima Prefecture, Japan has announced that it has been the victim of a ransomware attack. Investigators say that the October 2021 cyberattack occurred after a company that was involved in providing an electronic medical record system for the hospital had disabled anti-virus software on the hospital’s computers. Investigators laid out the chain of events and it is a lesson in security woes. Before the cyberattack occurred, the service provider configured the Windows settings of about 200 computers connected to the electronic medical record system to disable functions including anti-virus software and regular Windows updates because they made the electronic medical record system unstable. Investigators also determined that other circumstances contributed to the problem. Windows was never updated on the computers at the hospital and the hospitals’ VPN had never been updated. The investigation ultimately determined that the cybercriminals exploited defects in the hospital’s VPN device and made an unauthorized intrusion to have the ransomware infect the hospital’s system.