The Week in Breach: 06/26/19 – 07/02/19

July 03, 2019

Happy US Independence Day! This week, a healthcare insurer discovers breach after almost a decade, internet scams cost Australians millions, and a new report indicates that UK businesses are slow to adopt cybersecurity defenses.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Medical & Healthcare
Top Employee Count: 11 – 50 Employees

United States – Borough of Westwood
https://thepressgroup.net/borough-of-westwood-confirms-2018-hack-urges-vigilance/

Exploit: Malware attack
Borough of Westwood: Local government organization serving Bergen County, New Jersey

Risk to Small Business: 2.222 = Severe: Unusual network activity in December 2018 alerted county officials that hackers gained access to the county’s network. These bad actors introduced malware into their system, which placed the personal data of residents at risk. Although the county is confident that information on the network hasn’t been viewed, accessed, or downloaded by hackers, they obtained third-party cybersecurity services to assess the damage and remove the malware from their system. However, it’s unclear why county officials waited six months to notify the public of the incident.

Individual Risk: 2.142 = Severe: Authorities are confident that personal information has not been viewed in this attack. However, the network did store personally identifiable information, including names, social security numbers, driver’s license numbers, and bank account details. The county is in the process of notifying people who could be impacted by the breach, but anyone who provided data to the county’s website should be vigilant about monitoring and reviewing their account statements for suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: As news headlines continually demonstrate, local governments are becoming a top target for hackers and cybercriminals. Therefore, it’s critical that these institutions make every effort to secure their IT infrastructure before a cybersecurity incident occurs. In this case, a six-month delay in reporting the data breach would make it difficult for victims to identify data misuse, meaning that the lack of damages resembles more of a stroke of luck than an intentional strategy. Instead of relying on good will, organizations must establish a strong defensive posture that prevents a data breach from occurring in the first place.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Franciscan Health
https://www.nwitimes.com/news/local/lake/patients-data-breached-franciscan-health-investigation-finds/article_6b66987e-1bd7-565f-94f4-82f972411cec.html

Exploit: Unauthorized network access
Franciscan Health: Healthcare system offering services in Indiana and Illinois

Risk to Small Business: 1.777 = Severe: A rogue employee accessed extensive medical records pertaining to physicians, diagnosis, lab results, medications, and other treatment-related information. Although the employee worked in the company’s quality research department, he had no business-related reason for accessing this private health data. Fortunately, the company quickly identified the privacy breach and took action against the employee. However, they will now have to contend with the cost of providing identity theft protection services to those impacted by the breach, along with the less quantifiable reputational losses that accompany a data breach.

Individual Risk: 1.8571 = Severe: Currently, there is no indication that the rogue employee downloaded or shared any personally identifiable information. However, the employee did have access to sensitive data, including patients’ names, email addresses, dates of birth, phone numbers, gender, race, partial social security numbers, and medical record numbers. Those impacted by the breach should review and monitor their financial accounts and their benefits statements for suspicious activity.

Customers Impacted: 2,200
How it Could Affect Your Customers’ Business: A company’s workforce can be one of the most significant sources of cybersecurity risk, but any organization has the ability to transform their staff into the strong defense against a data breach. With the right awareness training, employees can learn to spot cybersecurity threats proactively by learning industry-wide best practices. As the costs associated with data breaches continue to grow incredibly steep, such training is becoming a relative bargain.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

United States – City of Sun Prairie
https://www.channel3000.com/news/city-of-sun-prairie-warns-of-data-breach-that-may-have-included-social-security-numbers/1089852746

Exploit: Employee email account breach
City of Sun Prairie: Local government municipality serving Sun Prairie, Wisconsin

Risk to Small Business: 2 = Severe: When hackers gained access to employee accounts for nearly three months, they were able to view personal information about the city’s residents. Even though the city hired a third-party forensics firm to investigate the matter, they were unable to determine what information was captured in the breach. The lengthy communications delay and uncertainty surrounding the data accessed reveals that the government agency was fundamentally unprepared for a cyber attack. Although the city is now taking steps to update their cybersecurity protocols in the wake of this data breach, a clear opportunity was missed to secure their network before it was infiltrated by bad actors.

Individual Risk: 1.857 = Severe: The compromised email accounts contained personally identifiable information for residents of Sun Prairie, including social security numbers, account login ID and passwords, driver’s license and state identification numbers, bank account numbers, medical information, and payment card information. City officials are unable to identify specific accounts that were accessed, which means that anyone doing business with Sun Prairie should obtain credit and identity monitoring services to ensure that their personal information is safe.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Hackers have many ways to access employee email accounts, but organizations can take steps to prevent some of these methods from being successful. For instance, proper training about phishing attacks can stop many bad actors in their tracks. At the same time, knowing if your employees’ email accounts are compromised can help sidestep breaches from happening in the first place.

ID Agent to the Rescue: Dark Web ID™ alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

United States – Marin Community Clinics
https://www.govtech.com/security/Marin-County-Calif-Community-Clinics-Hit-by-Ransomware.html

Exploit: Ransomware
Marin Community Clinics: Multi-clinic network providing primary and specialty care services

Risk to Small Business: 1.777 = Severe: A ransomware virus encrypted the healthcare provider’s computer systems, significantly curtailing their operations. Based on the advice of their software provider, the company paid the ransom to recover their files. The organization is continuing to restore files from backups, and they expect to lose some patient data in the process. In the meantime, Marin Community Clinics are using paper records to continue providing care until the network can be restored.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In today’s digital environment, every organization must have a ransomware preparedness plan that considers the current and future state of the company’s IT infrastructure. In the case of Marin County Clinics, an associated healthcare provider was also victimized by ransomware, and they also paid to recover their files. Considering the ongoing debate among cybersecurity experts about the efficacy of paying a ransomware, it could make the company more vulnerable to additional attacks. Of course, the first step to any ransomware preparedness plan is a strong defensive position. Since malware is often delivered through phishing emails, robust employee training can position any organization or agency to repel at attack.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

United States – PCM
https://krebsonsecurity.com/2019/06/breach-at-cloud-solution-provider-pcm-inc/

Exploit: Unauthorized email and network access
PCM: Direct marketing company offering technology products and services

Risk to Small Business: 1.888 = Severe Risk: Using stolen administrative credentials for PCM’s Office 365 client accounts, hackers gained access to client data. It’s speculated that hackers intended to use this information to conduct gift card fraud. Upon discovering the breach, PCM closed off access to these accounts, limiting the reach of the intrusion. Despite the relatively minor scope of the data breach, recovering from a cybersecurity incident is no small matter. The company will now need to bear the cost of auditing their IT infrastructure as they work to repair the reputational damage that accompanies such an event.

Individual Risk: 2 = Severe Risk: It’s believed that hackers were pursuing information usable to perpetrate gift card scams, which could include stealing personal information. The company has notified those impacted by the breach, and these individuals should be especially vigilant about monitoring their accounts for unusual activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In many ways, PCM got lucky. Although hackers were mostly unsuccessful at obtaining client data, they were able to access systems with a trove of valuable information. Additionally, they were able to accomplish this by simply obtaining administrator credentials, which can be widely available on the Dark Web or through phishing scams. Knowing if this information is available is a critical and often overlooked component of any company’s security posture.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

United States – Summa Health
https://www.ohio.com/news/20190628/summa-health-has-potential-data-breach-of-more-than-500-patient-records-other-sensitive-information

Exploit: Phishing scam
Summa Health: Non-profit healthcare system serving Northeast Ohio

Risk to Small Business: 1.666 = Severe Risk: When employees opened a phishing email and entered credentials into a false form, hackers gained access to protected health information. The healthcare provider disclosed two breaches, one occurring in August 2018 and another in March 2019. It’s unclear why the company didn’t become aware of the breach until May 1st, or why it took almost a month to notify victims of the breach. Their slow response could make it more difficult for victims to identify instances of identity or financial fraud, and also shines a spotlight on the healthcare provider’s data security standards.

Individual Risk: 1.857 = Severe Risk: Hackers accessed significant amounts of personally identifiable information in the breach, including names, dates of birth, medical records, patient account numbers, treatment information, health insurance information, social security numbers, and driver’s license numbers. Those impacted by the breach are encouraged to enroll in credit and identity monitoring services. In addition, they should carefully and continually review their account information, reporting any unusual activity and unauthorized changes as soon as possible.

Customers Impacted: 500
How it Could Affect Your Customers’ Business: Phishing scams are entirely preventable, and any organization handling personally identifiable information needs to ensure that their employees are equipped to identify and report these increasingly prevalent threats. Exposed personal details usually find their way to the Dark Web, where bad actors can leverage them for a variety of nefarious purposes. It’s critical that companies are prepared with cybersecurity awareness and identity protection.

ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more:: https://www.idagent.com/identity-monitoring-programs.

United States – Dominion National
https://www.bleepingcomputer.com/news/security/dominion-national-discovers-breach-9-years-after-it-happened/

Exploit: Unauthorized network access
Dominion National: Health insurer providing dental and vision benefits

Risk to Small Business: 1.333 = Extreme Risk: An internal notification alerted company officials of a data breach that occurred in 2010. When hackers breached the insurance provider’s network, they gained access to the sensitive information of beneficiaries. In response, the company cleaned its servers to eradicate any unauthorized users from the platform. While it’s common for data breaches to go undetected, ten years is certainly a long time to recognize a vulnerability. As a result, Dominion National will face increased media scrutiny over its cybersecurity capabilities, along with the high cost of updating their security standards and helping their customers recover from the incident.

Individual Risk: 1.857 = Severe Risk: Although the company hasn’t released specifics on the scope of the incident, the unusual exposure length makes it possible for the damage to be extensive. Those impacted may have had their names, addresses, dates of birth, email addresses, social security numbers, taxpayer IDs, bank details, and other insurance-related details compromised. Dominion National has offered identity monitoring and recovery services to those impacted by the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A data breach is an embarrassing and costly episode for any company, especially when it takes nearly a decade to discover the incident. The first step to recovery is supporting those impacted by the breach, which certainly includes helping them verify the integrity of their information. By addressing their customers first, organizations begin rebuilding their tarnished reputation at a time when they will already incur ancillary expenses that stem from a cybersecurity incident.

ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started her: https://www.idagent.com/identity-monitoring-programs.

Taiwan – Ministry of Civil Service
https://www.taiwannews.com.tw/en/news/3731444

Exploit: Employee breach
Ministry of Civil Service: Government agency responsible for overseeing pay, entitlements, performance, evaluation, insurance, retirement, and pension programs

Risk to Small Business: 1.555 = Severe: Hackers gained access to the government agency’s network, where they retrieved vast amounts of personal information stored with the agency. Another government agency notified the Ministry of Civil Service about the breach on June 22, noting that the stolen data was already published on various foreign websites. The agency took the proper actions in response to the breach, but the information for hundreds of thousands of workers was already published online, which means that the damage is already done. Now, the Ministry of Civil Service is responsible for helping their employees recover from this devastating event.

Individual Risk: 2 = Severe: The agency has already notified those impacted by the breach, which included the theft of their names, ID numbers, national identification card numbers, agency information, job designation, and other professional material. This data will quickly make its way to the Dark Web, so these employees should take every precaution to ensure that their information is safe.

Customers Impacted: 243,376
How it Could Affect Your Customers’ Business: Timely and effective responses to a data breach are critical to help people recover, but these actions don’t undo the damage on those impacted. Therefore, every organization needs a plan to support their customers in the event of an attack, which can include helping them understand what happens to their information after it’s stolen.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

In Other News:

Internet Scams Have Cost Australians Millions

Just halfway through 2019, Australians have already lost more than $6 million to internet scams, marking a 33% year-over-year increase.

The report by Scamwatch, an agency run by the Australian Competition and Consumer Commission, reveals that scams intending to attain people’s personal information are becoming more effective and more lucrative.

Australians have lost $2.3 million more in 2019 compared to last year, and the number of reported scams remained relatively steady. What’s more, 4.1% of reported scams resulted in financial loss.

Although phishing scams received the most complaints – nearly 10,000 – they resulted in the lowest amount of loss among the various scam iterations, which reflects both the rapid rate of phishing scams and peoples’ ability to defend themselves against these attacks.

At the same time, it’s evident that more training is required in order to effectively ward off these adaptive and continual threats.

https://www.arnnet.com.au/article/663263/australians-lost-6-million-to-scams-in-2019/

What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e

A Note for Your Customers:

Awareness Tops Readiness in UK Cybersecurity Preparedness

UK organizations are well-aware of their cybersecurity threat landscape. Unfortunately, that has not enhanced their ability to improve their defensive posture. According to a recent survey, only 42% of organizations are confident in their data security, 10% fewer than companies in other countries.

While 90% of survey respondents indicated that adopting cybersecurity best practices is more important than increasing profits, less than 60% of these companies have a formal security policy, a number that has not changed since last year.

Indifference may not be the only factor in their lack of preparation. Many companies cite budgetary and personnel constraints as a significant barrier to improving cybersecurity posture.

Even so, the cost of a data breach is more expensive than ever before. The survey found that organizations will dedicate 12% of their revenue to recovering from a data breach, an all-time high. With companies like ours equipped to fortify your cybersecurity defenses, now is the perfect time to prepare your company for today’s evolving threat landscape.

https://www.scmagazineuk.com/uk-cyber-security-preparedness-lags-behind-awareness/article/1589030

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

Categories

Tags

The Week in Breach: 06/26/19 – 07/02/19