The Week in Breach: 05/15/19 - 05/21/19

This week, hackers continue to phish for patient data from US healthcare providers, a British police website goes down, and Australians see a spike in credential stuffing attacks.


Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: 
Domain (99%)
Top Industry:
High-Tech & IT
Top Employee Count: 
11 - 50 Employees 


 

United States - Equitas Health
https://www.databreaches.net/equitas-health-notifies-569-members-after-discovering-two-employee-email-accounts-had-been-compromised/

Exploit: Employee email account breach
Equitas Health: Regional, a not-for-profit healthcare provider based in Ohio

twib-extreme Risk to Small Business: 1.333 = Extreme: Company officials discovered abnormal email activity on two enterprise email accounts belonging to employees, ultimately concluding that a hacker was successful in accessing personally identifiable information (PII) and patient records. The organization hired a third-party forensics firm to better understand the breach, and they are reaching out to affected individuals. Although the organization took immediate steps to contain the incident, it will now face the tangible costs of offering free identity monitoring services to patients, along with the less quantifiable losses in reputational damage.
twib-severe

Individual Risk: 2 = Severe: While it appears that the scope of the attack is limited, the breadth of compromised information is extensive. It includes patient names, dates of birth, patient account and medical record numbers, prescription information, medical history, procedure information, physician names, diagnoses, health insurance information, social security numbers, and driver’s license numbers.

Customers Impacted: 569 affiliated members
How it Could Affect Your Customers’ Business: This data breach demonstrates the potentially expansive consequences of a single vulnerability. Since healthcare companies are legally required to protect their patients’ data, they need to conduct regular security audits and employee training that can prevent this type of breach. At the same time, Equitas explicitly serves protected classes and marginalized patient groups, making this episode especially egregious. Therefore, it’s critical to continuously monitor protected information in order to understand what happens to patient data after it’s compromised.

ID Agent to the Rescue:  Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID™ compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Oregon State Hospital
https://healthitsecurity.com/news/phishing-attack-on-oregon-state-hospital-prompts-early-notification

Exploit: Spear phishing attack
Oregon State Hospital: Public psychiatric hospital based in Salem, Oregon
twib-severe Risk to Small Business: 1.555 = Severe: An employee clicked on a phishing email, which allowed hackers to gain access to the employee’s email account. Fortunately, IT administrators were able to identify the breach just 40 minutes after it occurred, limiting the exposure of patient information. Although the investigation isn’t complete, the company did reveal that an undetermined amount of patient information was exposed during the breach.
twib-severe Individual Risk: 2 = Severe: The phishing scam compromised names, dates of birth, medical record numbers, diagnoses, and treatment care plans. Although the company plans to notify impacted individuals in 4 to 6 weeks, anyone with records as the hospital should monitor their credentials for potential misuse.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing scams are entirely avoidable, and any data breach that results from a phishing scam is a self-inflicted wound for the company’s reputation. In addition to deploying robust security software, companies should conduct regular training to avoid unnecessary data breaches. MSPs should consider partnering with third-party cybersecurity services that provide robust employee training to avoid phishing scams.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States - Pacers Sports & Entertainment
https://www.zdnet.com/article/indiana-pacers-disclose-security-breach/ 

Exploit: Employee email phishing campaign
Pacers Sports & Entertainment: The parent company of the Indiana Pacers, a professional basketball team in the NBA

twib-severe Risk to Small Business: 1.555 = Severe: A phishing campaign against Pacers Sports & Entertainment (PSE) resulted in hackers gaining access to several employee accounts that contained sensitive personal information between October 15 and December 4 of last year.  However, the company first learned of the incident almost six months ago, which begs the question: why are they just beginning to notify customers now? Along with the damaging outcomes of a customer and employee breach, the organization will now face media scrutiny and resulting customer attrition.
twib-severe Individual Risk: 1.857 = Severe: PSE did not differentiate if the compromised data belonged to employees or customers, but it does include names, addresses, dates of birth, password numbers, health insurance information, driver’s license numbers, social security numbers, debit/credit card numbers, digital signatures, usernames, and account passwords.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: It’s clear that PSE did not fully appreciate the scope of the data breach. Although the company has not received any reports of personal data misuse, the compromised information can be used to orchestrate fraud in the near future. Along with harming the reputation of their company, PSE will have to answer to the press and customers in the wake of the breach.


ID Agent to the Rescue: Dark Web ID™ alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach
 

United States - Southeastern Council on Alcohol and Drug Dependence

https://healthitsecurity.com/news/ransomware-attack-on-connecticut-provider-impacts-25148-patients

Exploit: Ransomware
The Southeastern Council on Alcoholism and Drug Dependence: Non-profit organization based in Norwich, Connecticut offering alcohol and substance abuse treatment
twib-severe Risk to Small Business: 1.777 = Severe: The healthcare provider lost control of more than 25,000 patient records when a ransomware attack was discovered in its network. While they have procured cybersecurity assistance to deal with the issue, the company has been unable to eradicate the ransomware or secure patient records.
twib-severe Individual Risk: 1.857 = Severe: The data breach compromised PII including patient names, addresses, social security numbers, medical history, and treatment information. Although affected individuals are being offered free credit monitoring services, they are encouraged to remain vigilant about potential financial or identity fraud.

Customers Impacted: 25,148
How it Could Affect Your Customers’ Business: It is incredibly important for companies, especially those already dealing with a vulnerable client base, to ensure the integrity of their financials and identity after a data breach. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee data.


ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, MSPs’ clients can proactively protect employees and customers while enhancing their overall cybersecurity awareness with Spotlight ID™: https://www.idagent.com/identity-monitoring-programs.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

United States - Ada County Highway District
https://www.govtech.com/security/FBI-DHS-Investigate-Malware-Attack-in-Ada-County-Idaho.html 

Exploit: Ransomware
Ada County Highway District: Independent government agency operating in Garden City, Idaho

twib-severe Risk to Small Business: 2 = Severe: A ransomware attack injected into the agency’s system through malicious malware restricted access to the computer networks for nearly 30 hours. While the agency hasn’t found evidence that the hackers accessed the department’s database, they can’t conclusively rule out a more extensive breach. The agency has declined to pay the undisclosed ransom demanded by the hackers.
twib-severe Individual Risk: 2 = Severe: There is no indication that hackers accessed any individual data during the attack. However, since the agency can’t conclusively rule out access to their database, those with information at the agency should monitor their personal information for signs of fraud or misuse.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:  Ransomware attacks are growing in frequency and sophistication, making it mandatory that companies of all sizes develop a comprehensive plan for responding to the threat and ensuring that services remain operational during an attack. These contingencies can be the difference between a temporary disruption and a major debacle. Moreover, since many ransomware attacks start with phishing emails, employee training and security contingencies are a must-have protocol in today’s digital environment.


ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

United States - Medical Oncology Hematology Consultants
https://healthitsecurity.com/news/newark-cancer-provider-reports-patient-data-breach-from-june-2018 

Exploit: Phishing Scam
Medical Oncology Hematology Consultants: Healthcare network offering cancer treatment solutions

twib-severe Risk to Small Business: 1.555 = Severe: When an untrained employee inadvertently clicked on a phishing email, hackers gained access to the employee’s account, which contained sensitive data on an unknown number of patients. Although the data breach took place in June 2018, the healthcare network just reported the incident to the public, a problematic delay when personally identifiable information is involved. While the company has taken measures to secure their network, their delayed response and the preventable nature of the attack is a reminder that the greatest security risk to a company can be its own employees.
twib-severe Individual Risk: 1.857 = Severe: Although just a single email account was compromised, it contained patient data including names, social security numbers, government-issued IDs, financial data, dates of birth, and medical records.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The consequences of a data breach are amplified when companies are slow to respond. In the wake of a data loss event, companies have a responsibility to quickly react by both communicating with their customers and by repairing the technical vulnerability. Even though the company took important steps to shore up their cybersecurity by integrating things like malware blocking tools, suspicious email reporting, email encryption, and two-factor authentication, their slow response time is bad for business and bad for their customers.  Not only do companies need to be proactive about prioritizing cybersecurity best practices before a breach occurs, but they must develop a strategy for communicating with their customers in a timely fashion.


ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


UK - British Transport Police 
https://www.bbc.com/news/uk-england-48281494 

Exploit: Website hack
British Transport Police: National special police force charged with protecting the light-rail systems in England, Scotland, and Wales
twib-severe Risk to Small Business:  2.222 = Severe: A hack on the agency’s website, which is hosted by an external supplier, compromised the “latest news” section of its page. To continue providing timely updates to the public, officials redirected users to a Tumblr blog run by the police force. This informational website is not connected to the agency’s crime management or control systems, and operational capabilities were not diminished in any way.
twib-severe Individual Risk: 2.142 = Severe: The agency indicated that a “small number” of staff details were made accessible during the breach, but they did not elaborate on the nature or scope of that information. Employees affiliated with the website should be vigilant about identity monitoring and credential use, as that information is the most likely to be compromised in such a breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Having a response plan is an integral part of any cybersecurity initiative. Whether it’s backup information systems or other external solutions – like redirecting users to other controlled platforms – companies need to be able to remain effective in the wake of a website hack. At the same time, they should audit their security landscape to ensure that they are issuing the best defenses to address the most pertinent threats.

ID Agent to the Rescue:  Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

 

Singapore - Red Cross

https://www.theonlinecitizen.com/2019/05/16/singapore-red-cross-website-hacked-details-of-over-4000-potential-blood-donors-leaked/

Exploit: Unprotected website access
Singapore Red Cross: Humanitarian organization supporting blood drive initiatives, disaster relief, and emergency assistance
twib-severe

Risk to Small Business: 2 = Severe: A weak administrator password gave hackers access to the agency’s web form that allows potential blood donors to indicate their interest by supplying personal information, including blood type. The agency manually schedules donors using the provided information. In the wake of the attack, the organization brought the website offline and procured a third-party investigative firm to further examine the breach.

twib-severe Individual Risk: 2 = Severe: Users who provided information to the Singapore Red Cross entered their names, contact number, email address, and blood type. Those impacted should procure identity monitoring services while also being mindful of their data’s potential misuse on the Dark Web.

Customers Impacted: 4,297
How it Could Affect Your Customers’ Business: The Singapore Red Cross had security software in place to prevent an incident like this, but human negligence allowed hackers to access the website anyway. It underscores the importance of security training since a company’s own employees can often be their more significant risk.

ID Agent to the Rescue:  Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/.


Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News:


65,000 Data Breaches Reported Under GDPR 

From the onset, it was clear that Europe’s expansive privacy law, the GDPR, would have drastic effects on the way companies approach data security and customer privacy. Now, the first report by the European Data Protection Board, an independent oversight committee established as part of GDPR, helps us understand the overall impact thus far.

According to its first annual report, European authorities have received almost 65,000 data breach notifications in the first nine months that the law was in effect.

Even worse, these data breaches each came with a hefty price tag. Regulations imposed $63 million in regulatory fines, demonstrating the importance of cybersecurity not just as a PR priority, but also as a matter of fiscal responsibility.

The result, according to UK intelligence authorities, is that companies are taking unprecedented measures to protect their digital infrastructure, and they are crafting response plans to ensure that they prepared to address a data breach if it occurs. In summary, the future of cybersecurity will require an evolution in what is expected of businesses when it comes to protecting customer and employee data, along with continuous advancement in the capabilities of security providers
.

https://www.databreachtoday.com/gdpr-europe-counts-65000-data-breach-notifications-so-far-a-12489 


What We’re Listening To:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A note for your customers:

Australia Sees a Spike in Credential Stuffing Attacks

If you’ve ever wondered what happens to the deluge of data stolen during a cybersecurity breach, Australia’s sudden spike in credential stuffing attacks will certainly provide some clarity.

According to a recent cybersecurity report, Australians are now the fifth highest target for credential stuffing attacks, an incredible metric given their modest population.

This form of cybercrime involves hackers using previously stolen information like usernames, email addresses, or passwords in an attempt to gain access on other platforms. Since people often use the same username and password combinations, it’s often possible to apply stolen credentials across multiple accounts.

The report found a robust market for stolen credentials that are often sold in bulk on the Dark Web. Businesses are encouraged to deploy the latest security standards, like two-factor authentication, to help prevent these attacks. Moreover, it underscores the cascading consequences of a data breach, and it highlights the importance of keeping a pulse on customer and employee information. Hint: that’s our bread and butter. Ask your MSP how you can partner with ID Agent and engage Dark Web monitoring services like ours.


https://www.natlawreview.com/article/privacy-awareness-week-online-privacy-credential-stuffing-attacks-are-rise-australia


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

comments
0