Please fill in the form below to subscribe to our blog

The Week in Breach: 11/06/19 – 11/12/19

November 13, 2019

This week, healthcare data is targeted by cyber criminals, lax account security compromises PII, and Australian cybersecurity specialists are on the verge of burnout.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
Finance & Insurance
Top Employee Count:
1 – 10 Employees 


United States – InterMed
https://www.newscentermaine.com/article/news/crime/maine-health-provider-hit-by-an-email-security-breach-30000-patients-health-information-exposed/97-c8a8aa5f-fa87-45ba-999c-122fea7a76c8

Exploit: Compromised email account
InterMed: Maine-based physician group

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: Hackers gained access to four employee email accounts that contained patients’ protected health information. The first employee account was accessed on September 6th, and the subsequent accounts were available between September 7th and September 10th. Although InterMed did not report the specific vulnerability that led to the breach, credential stuffing and phishing attacks were likely the culprit. The company’s slow response time and the sensitive nature of the compromised data will result in regulatory scrutiny that will amplify the post-breach impact.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe: Patients’ protected health data was compromised in the breach. This includes names, dates of birth, health insurance information, and clinical data. In addition, some Social Security numbers were exposed to hackers. This information has a ready market on the Dark Web, and those impacted by the breach should take every precaution to protect their identity.

Customers Impacted: 30,000
How it Could Affect Your Customers’ Business: Data breaches are becoming increasingly costly, so sufficiently addressing defensible threats should be a top priority for every organization. Employee email accounts are often a top target for hackers who use phishing campaigns and credential stuffing attacks to gain access to their account data. Comprehensive awareness training and Dark Web services that provide advanced notification when credentials are compromised can position companies to protect this easy access point from bad actors.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/dark-web/#contact.

United States – Brooklyn Hospital Center
https://www.fiercehealthcare.com/tech/ransomware-attack-at-brooklyn-hospital-center-results-permanent-loss-some-patient-data

Exploit: Ransomware
Brooklyn Hospital Center: Full-service community teaching hospital

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: A ransomware attack struck Brooklyn Hospital Center, making some patient data inaccessible while deleting other information entirely. The ransomware originated with unusual network activity in July, but it wasn’t until September that the hospital determined that certain data would never be recoverable. However, it’s unclear why it took another month to notify the public of the disabled or missing data. As healthcare providers both big and small face the threat of ransomware attack, this lengthy reporting delay can compound the problem as it ushers in the opportunity for more hostile consumer blowback.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.285 = Severe: Brooklyn Hospital Center declined to identify the specific data compromised in the breach, but healthcare providers are often a target for cybercriminals because of the sensitive nature of this information. Therefore, anyone impacted by the breach should take the necessary steps to ensure their data’s security, including enrolling in identity monitoring services and closely evaluating their accounts for unusual or suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident is a reminder that ransomware attacks can have ominous outcomes for any organization. While some are cut and dry transactions, others can be more damaging, resulting in permanent data loss or information exposure. Once your company’s data is in the hands of bad actors, there is no script for determining what happens next. With that in mind, preventing ransomware attacks proactively with proper cybersecurity measures must be a top priority for businesses of every shape, size, and sector.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

United States – Utah Valley Eye Clinic
https://threatpost.com/eye-clinic-breach-reveals-data-of-20000-patients/149878/

Exploit: Unauthorized database access
Utah Valley Eye Clinic: Utah-based eye clinic

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.333 = Severe: A cybersecurity vulnerability at a third-party affiliate compromised personal data for thousands of the clinic’s customers. The incident resulted in patients receiving fraudulent emails indicating that they received a payment from PayPal. The breach was only recently discovered, originally occurring on June 18, 2018, so patient data has been exposed for a significant duration. As a result, the company will likely face legal penalties and lost revenue due to exposed protected health information (PHI).
1.51 – 2.49 = Severe Risk

Individual Risk: 2.142 = Severe: The clinic confirmed that patient email addresses were compromised in the breach, but it also conceded that other personally identifiable information, including names, addresses, dates of birth, and phone numbers, may have been exposed. The prolonged time to detection means that this information has been available for misuse, and they should be especially vigilant to evaluate online communications and credentials for suspicious or unusual activity.

Customers Impacted: 20,000
How it Could Affect Your Customers’ Business: Third-party partnerships are becoming increasingly important in today’s business environment, yet also capable of inviting potential cybersecurity vulnerabilities. It’s estimated that more than 60% of data breaches involve a third-party exposure. Consequently, cybersecurity should be a top priority when considering partnerships, information sharing, or other collaborative opportunities.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Canada – TD Canada Trust
https://globalnews.ca/news/6126894/a-couple-who-banks-with-td-canada-trust-loses-hundreds-of-dollars-during-e-transfer-not-once-but-twice/

Exploit: Unauthorized database access
TD Canada Trust: Financial services provider

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe TD Canada Trust believes that weak security questions provided hackers with an easy way to access user accounts and redirect online money transfers. Although the complaints are currently limited to two accounts within the same family, compromised user credentials can be a serious problem for both companies and consumers. In this case, frustrated clients took to the media to complain about their experience, harming TD Canada Trust’s customer relationships and brand reputation.
1.51 – 2.49 = Severe Risk Individual Risk: 2.142 = Severe: Although it is unclear what personal information is compromised, it’s certain that hackers had access to users’ login credentials and security questions. Therefore, other personal information including names, addresses, and financial data could be compromised. In that case, disrupted payment transfers could be the least of the company’s problems. Those impacted by the event should notify their financial institutions about the compromise, and should update credentials with strong, unique passwords and better security questions.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: TD Canada Trust views this cyber incident as an avoidable intrusion since hackers relied on weak login credentials to access a user’s account. Faced with an already complex threat landscape, ensuring that employees and customers do their part to secure data should be an obvious priority for every business. At the same time, having the ability to identify compromised credentials before they are used maliciously allows for preemptive action to prevent a data breach.


ID Agent to the Rescue: With AuthAnvil™, you can prioritize your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

Canada – Pipestone Kin-Ability Centre 
https://www.cbc.ca/news/canada/saskatchewan/kin-ability-cyber-attack-sask-1.5349230

Exploit: Unauthorized network access
Pipestone Kin-Ability Centre: Non-profit serving adults with mental and physical disabilities

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: A flaw in the non-profit’s network security allowed hackers to access the company’s financial system, eventually siphoning off more than $400,000. The funds were earmarked for general operations and wages. Administrators immediately identified the unauthorized activity, but their reactive security measures will cause significant losses. The organization is working to identify the culprit, but their efforts are unlikely to fully restore the company’s resources.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident underscores the importance of a forward-thinking readiness posture when addressing today’s cybersecurity risks. Any company relying exclusively on reactive measures will lose time, money, credibility, and customers. However, by preparing for the most prescient threats before they occur, companies can help ensure that their IT infrastructure remains secure.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United Kingdom – LendingCrowd
https://www.p2pfinancenews.co.uk/2019/11/04/lendingcrowd-reports-data-breach/

Exploit: Unauthorized database access
LendingCrowd: Online peer-to-peer lending company

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: LendingCrowd notified users of a data breach that impacted a subset of the company’s investors. Company officials noted that their platform hasn’t been breached, which could indicate successful credential stuffing attacks or other account-specific vulnerabilities. The company has contacted those impacted by the breach and regulatory bodies, but LendingCrowd will now deal with the litany of negative consequences that accompany a breach of any size.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: LendingCrowd failed to disclose the specific data involved in the breach, but since it impacted P2P lenders, it’s likely to include personally identifiable information such as names, addresses, and certain financial data. This information has incredible value on the Dark Web where it can quickly spread, putting users at risk for additional cybercrimes. Therefore, anyone impacted by the breach should enroll in credit and identity monitoring services to oversee and ensure their data’s long-term integrity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Every business faces numerous cybersecurity threats, but many can be avoided by following cybersecurity best practices. In this case, LendingCrowd is asking all users to enable two-factor authentication to protect their account integrity. These simple steps can make a profound difference in your cybersecurity readiness posture.

ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

United Kingdom – James Fisher and Sons PLC
https://www.cnbc.com/2019/11/05/reuters-america-update-1-marine-firm-james-fisher-reports-cyber-breach.html

Exploit: Unauthorized database access
James Fisher and Sons PLC: Marine services provider

2.5 – 3 = Moderate Risk Risk to Small Business: 3 = Moderate: An unauthorized third-party gained access to the company’s computer system, forcing JFS to bring their systems offline to prevent intruders from further infiltrating their network. In some sense, the company was lucky. Personal information wasn’t compromised in the breach, but cybersecurity events of any kind can still have serious repercussions for any company. In this case, the company’s shares dropped by nearly 6% after the breach, and JFS will incur the cost of cybersecurity specialists who are working to secure their network retroactively.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Shareholders recognize that a data breach will inevitably impact a company’s bottom line and sell offs have become a common response to many cybersecurity incidents. This only accelerates and amplifies brand erosion. When coupled with consumers’ wariness surrounding cybersecurity breaches, it’s clear that the financial impact of a data breach can be extensive and long-lasting.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

Spain – Everis
https://www.bleepingcomputer.com/news/security/ransomware-attacks-hit-everis-and-spains-largest-radio-network/

Exploit: Ransomware
Everis: Managed service provider

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.666 = Severe: A ransomware attack forced Everis to disconnect their network, cutting off services to employees and customers alike. The attack encrypted many of the company’s files, and it caused a frantic response from IT administrators who warned employees to keep their computers turned off to avoid infection. The hackers left a ransom note that includes a contact address, and they demanded $835,923 to provide a decryption key. In the meantime, the company’s services are entirely inaccessible, and employees are unable to complete work, signaling impending financial implications for the company.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are incredibly costly. Not only are companies tasked with either paying a pricey ransom or acquiring IT support to restore their information, but the brand erosion, opportunity cost, and reduction in productivity all compound the costs. Since there is no cheap way to recover from such an attack, establishing a robust defensive posture is the only advantageous way forward.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:

Italian Precision Engineering Companies Hit with Spear Phishing Campaign 

Italian precision engineering companies are the latest victims of spear phishing attacks that trick employees into compromising personally identifiable information, login credentials, or other sensitive data. 

The attacks are arriving in employees’ inboxes disguised as authentic-looking inquiries from potential customers. The emails appear with a seemingly innocuous Microsoft Excel spreadsheet that actually contains a fileless trojan capable of capturing users’ credentials.

The Excel spreadsheet is filled with lists of spare parts, real catalog codes, and other ordering information, making the attacks especially difficult to identify. In addition, the emails are being sent under the guise of international textile producers, a viable client for precision engineering companies.

Currently, only a fraction of antivirus software detects credential stealing malware, which underscores the importance of cybersecurity best practices for protecting company data. Holistic employee awareness training equips employees to spot phishing scams and trains them to follow cybersecurity best practices with a simple, streamlined solution.

https://www.bleepingcomputer.com/news/security/phishing-campaign-targets-precision-engineering-company/


Google Has Access to Personal Health Information of Millions of US Patients 

Recently Google partnered with Ascension – one of the largest health systems in America – but did so quietly. This partnership allows Google access to all of Ascension’s patients’ data. Ascension operates 150 hospital 21 states.

The effort was code named “Project Nightingale,” and has allowed some Google employees access to data including names, birth dates, addresses, family members, allergies, immunizations, radiology scans, hospitalization records, lab tests, medications, medical conditions, and even some billing records.

The current agreement does not appear to be a violation of HIPAA (Health Insurance Portability and Accountability Act). Google has been looking to expand their health information efforts, including plans to acquire Fitbit. However, Google has responded to the news of the partnership to say the data will not be used other than to assist Ascension medical providers.

https://www.nytimes.com/2019/11/11/business/google-ascension-health-data.html


What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A Note for Your Customers:

Australian Cybersecurity Personnel Are On the Verge of Burnout 

For companies around the world, the threat of a data breach is becoming ever-present. This reality is especially pronounced in Australia, where cybersecurity professionals are reporting fatigue and burnout as they battle the litany of threats facing their companies. According to the 2019 Asia Pacific CISO Benchmark Study, the burnout rate among Australian organizations is more than double the global average of 30%. 

In total, 69% of Australian organizations are receiving more than 100,000 cybersecurity alerts every day, significantly higher than the global average. At the same time, the survey, which polled 2,000 information-security professionals, found that Australian organizations were slower to respond to data breaches than companies in other countries. Such behavior compounds costs, as 84% of Australian businesses that experienced a data breach admitted that the expenses exceeded $1 million, a significantly higher sum than other countries in the region.

SMBs are already struggling to hire sufficient cybersecurity personnel, so supporting IT professionals is a critical component of any company’s cybersecurity initiatives. Fortunately, they don’t have to do it alone. The supportive services of an MSP can augment capabilities, lightening the load on in-house cybersecurity professionals.

https://www.cso.com.au/article/668151/surging-breach-alert-identity-burdens-fatiguing-security-practitioners-australia-more-than-anywhere-else/

 


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!