The Week in Breach: 07/03/19 – 07/09/19
This week, ransomware affects organizations of all shapes and sizes, third-party data breaches are back in the spotlight, and a Canadian mutual fund sidesteps hackers.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Finance & Insurance
Top Employee Count: 1 – 10 Employees
United States – Georgia’s Administrative Office of the Courts and Judicial Council of Georgia
Exploit: Ransomware
Georgia’s Administrative Office of the Courts and Judicial Council of Georgia: Digital information arm for the Georgia state court system
 |
Risk to Small Business: 2.333 = Severe: A malware attack infected the agency’s computer network with ransomware, encrypting their files and disrupting many of their services. Officials have yet to reveal the ransom amount, but it marks the second significant ransomware attack for a Georgian government agency in 15 months. Fortunately, the agency does not store personal information on the affected network, and servers were brought offline to prevent malware from spreading. The previous attack in 2018 cost $7.2 million, foreshadowing another expensive blow that can be measured in time and money. |
 |
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks wreak havoc on an organization’s operational and financial integrity. To make matters worse, they are increasingly becoming more common and costly. Nevertheless, many ransomware attacks are delivered through phishing emails, which can be thwarted through organizational cybersecurity training for employees. Given the exceedingly high recovery expense and cascading damages caused by a ransomware attack, such training is the most cost-effective way of protecting your company.
ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
United States – Alive Hospice
https://finance.yahoo.com/news/alive-hospice-notice-data-privacy-000000493.html
Exploit: Unauthorized email account access
Alive Hospice: Healthcare provider offering hospice and family support services
|
Risk to Small Business: 2 = Severe: On May 6th, hackers gained access to an employee’s email account containing personally identifiable information for patients at Alive Hospice. Although the company quickly reset the account password, the intruder was able to view significant amounts of sensitive data. In this case, a single email account was able to compromise newsworthy amounts of patient data, while also interrupting business processes. Alive Hospice will incur the expense of credit and identity monitoring services, along with the less quantifiable reputational cost that accompanies a data breach. |
|
Individual Risk: 2 = Severe: Although there is no indication that hackers have misused any company data, they did have access to patients’ names, contact information, dates of birth, social security numbers, driver’s license numbers, credit/debit card numbers, medical history information, treatment and prescription information, physician information, medical record number, Medicaid/Medicare numbers, health insurance information, and other in-house account details. Therefore, those impacted by the breach should enroll in the free credit and identity monitoring services being offered by Alive Hospice while remaining vigilant about monitoring their accounts for suspicious activity. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Personally identifiable information (PII) can quickly make its way to the Dark Web, where it can do considerable damage to those affected by a breach. Therefore, understanding what happens to compromised patient data is a significant part of any data breach recovery effort.
ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web/.
United States – U.S. Virgin Islands Police Department
Exploit: Ransomware
U.S. Virgin Islands Police Department: Law enforcement agency serving the United States Virgin Islands
|
Risk to Small Business: 1.666 = Severe: An April ransomware attack on the island’s police computer network encrypted all files stored on the department’s servers. The impacted data included information related to internal affairs and citizen complaints, and the “Blue Team” and “IAPRO” programs were unavailable for several weeks. In addition, backups for some systems were also corrupted, requiring the department to install new versions of the affected software. Not only is the department struggling to provide services to its constituents, but it will also face a significant repair cost that is growing by the day. |
 |
Individual Risk: 2.571 = Moderate: Hackers did encrypt information related to citizen complaints, which could include sensitive personal information. However, there is no indication that this information was viewed or stolen during the ransomware attack. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business:The true price tag on a data breach can be deceptive, as recovery costs must be added to the opportunity cost of interrupted business processes and reputational damages. Organizations must be capable of knowing if personal information is accessed in an attack and need internal protocols to protect infrastructure and mitigate damage as much as possible.
ID Agent to the Rescue: SpotLight ID™ allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.
United States – Maryland Department of Labor
https://baltimore.cbslocal.com/2019/07/05/maryland-department-of-labor-database-breached/
Exploit: Unauthorized database access
Maryland Department of Labor: Local government agency serving the state of Maryland
|
Risk to Small Business: 2.222 = Severe: Hackers gained access to two agency databases that contained personally identifiable information. The breach, which occurred in April, involved data from those who received unemployment benefits in 2012 or pursued a general equivalency diploma in 2009, 2010, or 2014. It’s unclear why the agency waited several months to notify those impacted by the breach, but this cybersecurity incident underscores a troubling trend in government agencies in general and Maryland in particular. The agency will now be responsible for paying victims for two years of credit monitoring services, while also spending precious funds on recovery efforts. |
|
Individual Risk: 2.222 = Severe: A damage assessment conducted by a third-party forensics team concluded that no personal information was downloaded in the attack. However, hackers did have access to a deluge of personal data, including names, social security numbers, birth dates, city or county of residence, graduation dates, and record numbers. Those impacted by the breach are encouraged to closely monitor their credentials and to enroll in the credit monitoring services being offered by the agency. |
Customers Impacted: 78,000
How it Could Affect Your Customers’ Business: It’s no secret that data breaches, especially those that compromise sensitive personal information, are always harmful. However, organizations can work to repair the damage by supporting those impacted with protection. By continuously monitoring the Dark Web, where stolen credentials are quickly bought and sold, businesses can grow and retain their customer base while generating loyalty.
ID Agent to the Rescue: Did you know that SpotLight ID is 100% US-based and more comprehensive than LifeLock® and others? Discover more about the personal identity protection solution here: https://www.idagent.com/identity-monitoring-programs.
United States – Mercy Health
https://www.gazettextra.com/news/crime/mercy-reports-some-patients-info-might-have-been-accessed/article_50e3d29c-c66e-520c-9bac-cd4c537412d6.html
Exploit: Email security breach
Mercy Health: Catholic healthcare ministry serving Ohio and Kentucky
|
Risk to Small Business: 2 = Severe Risk: A compromised email account at a third-party vendor in 2018 ultimately resulted in compromised personal information for Mercy Health patients. The third-party vendor, OS Inc., was involved in a similar data breach last year and was responsible for updating information for Medicare beneficiaries and billing for certain services. The incident reflects the complicated cybersecurity threats facing institutions working with third parties, specifically as it relates to managing personally identifiable information. |
|
Individual Risk: 2.285 = Severe Risk: Hackers did not gain access to financial or medical information, but they were able to view significant amounts of personally identifiable information, including names, dates of birth, dates of service, patient identification numbers, Social Security numbers, and medical record numbers. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Working with contractors and third parties is often a requirement in today’s digital ecosystem. However, those partnerships can create vulnerabilities that organizations need to address before allowing third parties to access their data. Therefore, robust cybersecurity protocols should be a prerequisite for any business relationship that includes that exchange of sensitive personal information.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
United States – American Land Title Company (ALTA)
https://www.bleepingcomputer.com/news/security/industry-breach-alert-published-by-us-national-trade-association-alta/
Exploit: Phishing attack
American Land Title Company (ALTA): National trade association representing various real estate entities
|
Risk to Small Business: 1.888 = Severe Risk: A so-called ethical hacker contacted ALTA regarding 600 data entries accessed by its members using a phishing campaign. The compromised data may have included highly sensitive company data from ALTA organizations. This is the second phishing scam targeting ALTA members this year when a similar scam that originated within the organization was sent to member companies. |
|
Individual Risk: 2.285 = Severe Risk: While the data accessed pertains to the companies involved, it could also include personal information, including domain identification, IP addresses, usernames, and passwords. ALTA organizations should encourage employees to monitor their accounts for suspicious activity and to ensure that they use unique, strong passwords for all accounts, especially those containing personally identifiable information. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing scams are unleashed with speed and precision, and they can quickly compromise your organization’s data. Fortunately, they are also entirely defensible with comprehensive awareness training. Knowing if your organization’s credentials are compromised before a data breach occurs can prevent a security incident before it harms your company and your customers.
ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.
Canada – The Boyd Group Income Fund
https://finance.yahoo.com/news/boyd-group-income-fund-reports-214500293.html
Exploit: Ransomware
The Boyd Group Income Fund: Unincorporated, open-ended mutual fund trust
|
Risk to Small Business: 2.555 = Moderate: An internal notification system detected a ransomware attack on June 27th, causing the company to shut down some of its services. Many of the company’s offices were able to continue operations uninterrupted. However, some locations were temporarily disabled, causing them to lose sales during that period. Fortunately, the company previously established a ransomware response policy that dictated immediate actions and prevented the malware from spreading further into their network. The Boyd Group believes that these protocols will minimize the financial impact on their business while helping them recover quickly. Of course, they will still be receiving multiple invoices from cybersecurity experts who are analyzing their network and security protocols. |
|
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The Boyd Group’s response plan will certainly mitigate some of the damage from this data breach. For one, the company attained ransomware insurance that will help them recoup any financial loss resulting from the attack. Additionally, their planned response minimized the malware’s ability to compromise their network. Even so, there are always costs associated with full recovery, meaning that a proactive defense is still the most critical component of a data breach security system.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
United Kingdom – St. John Ambulance
https://www.theinquirer.net/inquirer/news/3078418/st-john-ambulance-ransomware-attack
Exploit: Ransomware
St. John Ambulance: Non-profit providing first aid and emergency medical service training
|
Risk to Small Business: 2.444 = Severe: On July 2, the non-profit organization was affected by a ransomware attack that temporarily blocked St. John Ambulance from accessing training systems and customer data. The charity’s IT department was able to restore data from backups, claiming that normal operations were reestablished in less than thirty minutes. This scenario underscores the importance of installing proactive cybersecurity measures, which enabled St. John Ambulance to avoid paying a ransom to recover their content. |
|
Individual Risk: 2.285 = Severe: The personal information of everyone who opened an account or booked and attended a training course until February 2019 may have been compromised. Although St. John Ambulance expressed confidence that the information was not shared outside of the organization, hackers did gain access to names, course credentials, certificate information, invoicing details, and other course-related content. The company uses a third-party payment processing agent to execute transactions, so no payment information was compromised in the breach. Nevertheless, those impacted should carefully monitor their accounts for unusual activity. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Having the technological capabilities to recover from a ransomware attack should be a top priority for any organization. More importantly, every company needs the capability to verify that sensitive data accessed during a ransomware attack doesn’t make its way onto the Dark Web. Since many ransomware attacks begin with malware delivered through phishing emails, comprehensive awareness training can stop these types of attacks from occurring in the first place.
ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Company Cut Off from Government Contracts After Data Breach
Last month, Perceptics, a maker of license plate readers used by the U.S. Customs and Border Patrol (CPB), endured a significant data breach that resulted in 65,000 files published to the Dark Web.
As a result, the company has been placed on a veritable government black-list, suspending Perceptics from procuring government contracts. Although the suspension is technically limited to the CPB, the notice, which cites “evidence of conduct indicating a lack of business honesty or integrity,” could shun the company from doing business with other government agencies.
Before the suspension, Perceptics had a 30-year working relationship with CPB, and their dissolution indicates the weight of unimpeachable cybersecurity standards for companies handling sensitive personal information on behalf of the government.
What’s more, Perceptics will still face administrative proceedings that will determine the company’s fate as it pertains to future work with the U.S. Government.
The incident is a warning to all companies: cybersecurity is an obligation, not just a suggestion. Data breaches place people’s data at risk but are increasingly becoming capable of compromising an organization’s financial stability. Rather than leaving it up to chance, coordinate with a trusted third-party to ensure that your cybersecurity posture is ready to meet the moment.
What We’re Listening to:
Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
A Note for Your Customers:
A Divide in Ransomware Response Ethics
Local governments and municipalities are frequently targeted with ransomware attacks by cyber criminals who view government agencies as soft targets with potentially significant rewards. While leaders are unified in their abhorrence of this behavior, disparities exist when aligning on response plans.
Some governments choose to pay the ransom, seeing it as the least expensive option available. Of course, this behavior makes other governments more vulnerable to a similar attack because it indicates that authorities are willing to pay criminals to restore access to their systems.
In contrast, some local governments refuse to pay, a principled stance that can be more expensive in the long run. For instance, Baltimore authorities refused to pay a $75,000 ransom to regain access to its network, but full system restoration is estimated to cost $10 million, and other ancillary disruptions may cost $8 million more.
The message is clear and simple: all organizations need to do everything they can to prevent a ransomware attack in the first place. Contingency plans like backups and cyber insurance are critical for responding to an attack, but employee awareness training and threat analysis services offered by cybersecurity experts can prevent ransomware attacks before placing your company in the precarious position of deciding on ransom payments.
https://www.nytimes.com/2019/07/05/technology/cities-ransomware.html
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!