The Week in Breach: Scary cyberattacks afoot – healthcare being actively targeted

Make sure to add us or contact us for the latest news

The Week in Breach: Featured – FBI Warns Healthcare Industry of Ransomware Attacks

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued the alert late yesterday stating there is an “increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The key findings include:

  • CISA, FBI, and HHS assess malicious cyber actors are targeting the HPH Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.
  • These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.

“This news is unfortunately not surprising. As the global pandemic worsens in the U.S. and across the world, the vulnerability of healthcare providers is something that should be taken very seriously, ” said Ryan Weeks, CISO at Datto. “This is not the first time during the pandemic that threat actors have taken advantage of critical healthcare service providers for their own financial gain, but it has the potential to be the largest attack of its type. MSPs and healthcare providers need to audit their security posture and urgently implement stronger countermeasures to limit potential damage.”

Here is an example of how easy it is to slip into an organization.

The attack began on the afternoon of Tuesday. September 22. Multiple employees of the targeted company had received highly-targeted phishing emails:

From: Alex Collins [spoofed external email address]

To: [targeted individual]

Subject: Re: [target surname] about debit

Please call me back till 2 PM, i will be in [company name] office till 2 PM.

[Target surname], because of [company name]head office request #96-9/23 [linked to remote file], i will process additional 3,582 from your payroll account.

[Target first name], call me back when you will be available to confirm that all is correct.

Here is a copy of your statement in PDF[linked to remote file].

Alex Collins

[Company name] outsource specialist

The link, served up through the mail delivery service Sendgrid, redirected to a malicious document hosted on docs.google.com. The email was tagged with external sender warnings by the company’s mail software. And multiple instances of the malicious attachment were detected and blocked.

But one employee clicked on the link in the email that afternoon. The user opened the document and enabled its content, allowing the document to execute print_document.exe—a malicious executable identified as Buer Loader.

Read more here about how Sophos Managed Threat Response Team mitigated a recent Ryuk Ransomware attack that came in as a phishing email. 

The Week in Breach News – United States


United States –  Maxex

https://www.inforisktoday.com/blogs/home-loan-trading-platform-exposes-mortgage-documentation-p-2959

Exploit: Unsecured Database

MAXEX: Loan Trading

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.772 = Severe

Georgia-based home loan trader MAXEX had a data disaster this week as an estimated 9GB of data leaked from a suspected insecure server. Some of the data is from backend software development for its loan-trading platform. But a substantial portion included confidential banking documents, system login credentials, emails, the company’s data breach incident response policy, and cybersecurity readiness reports. The breach also exposed complete mortgage documentation for at least 23 individuals in New Jersey and Pennsylvania. The incident investigation is ongoing.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.011 = Severe

Financial information for clients was leaked, opening customers up to identity theft concerns. Some impacted clients had no idea that MAXEX currently had their loan, creating complications for informing customers who may be affected. Consumers should check to see who is servicing their mortgage and take precautions against identity theft and spear phishing if that provider is MAXEX.

Customers Impacted: Unknown

How it Could Affect Your  Business: Sloppy security can mean that if you do have an incident like a data breach, you might not even know where to start looking for the cause, putting your business at risk for an expensive investigation in addition to a data disaster.

IntegraMSP to the Rescue: Streamline your secure identity and access management with Passly. Single-sign on LaunchPads reduce access points, reducing risk. LEARN MORE>>


United States – Made in Oregon

https://www.infosecurity-magazine.com/news/oregon-retailer-suffers-sustained/

Exploit: Unauthorized Database Access

Made in Oregon: Specialty Gift Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.669 = Severe

Customers of gift retailer Made in Oregon got a little something extra when they purchased their treats – a side order of fraud. For more than 6 months, cybercriminals gained access to its e-commerce site, stealing payment information for transactions that occurred between the first week of February 2020 and the last week of August 2020.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.669 = Severe

Customers who made an online purchase from Made in Oregon may have had their name, billing address, shipping address, email address, and credit card information compromised. The company has sent out notices to people who could be impacted, warning of identity theft and spear phishing dangers.

Customers Impacted: 7,800

How it Could Affect Your Business Information that is stolen in incidents like this often ends up on the Dark Web in a data dump or information market where it powers cybercrime for years to come.

IntegraMSP to the Rescue: Guard against damage from credentials that end up in Dark Web data dumps with Dark Web ID. Keep your business credentials safe with our perfect blend of human and machine intelligence monitoring the Dark Web 24/7/365 to warn you of trouble. LEARN MORE>>


United States – Pfizer

https://pharmafield.co.uk/pharma_news/pfizer-suffers-huge-data-breach-on-unsecured-cloud-storage/

Exploit: Unsecured Database

Pfizer: Drugmaker

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.401 = Extreme

In a monster week for pharma hacking, Pfizer leads the pack with a substantial data breach that it brought on itself. In a huge blunder, unsecured and unencrypted data containing logs, transcripts, and details of patient helpline conversations was leaked from a misconfigured Google Cloud storage bucket. The exposed data included detailed information regarding hundreds of conversations between Pfizer’s automated customer support software and patients using drugs including Lyrica, Chantix, Viagra, Ibrance, and Aromasin.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.412 = Extreme

The exposed call or chat transcripts had extensive PII and medical data for patients including full names, addresses, phone numbers, and details of health and medical conditions. The transcripts also contained detailed information about treatments, patient experiences, and questions related to products manufactured and sold by Pfizer.

Customers Impacted: Unknown

How it Could Affect Your Business: Leaving this kind of information laying around is a hacker’s dream, and a security nightmare for your business as not only the recovery costs but the regulatory penalties for exposing this kind of data adds up.

IntegraMSP to the Rescue: Maintaining compliance with many data privacy regulations requires multifactor authentication, just one of the suite of security boosting features that are included with Passly. LEARN MORE>>


United States – City of Shafter

https://bakersfieldnow.com/news/local/city-of-shafter-hit-by-ransomware-attack

Exploit: Ransomware

City of Shafter: Municipal Government

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.714 = Severe

Cyberattacks against city governments and municipal services have been climbing worldwide, and Shafter, CA just joined the list after a ransomware attack took it’s systems offline for several days. The attack impaired the operations and delivery of city services, a common hallmark of recent municipal cybercrime.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: 20,000

How it Could Affect Your Business: Ransomware has been a menace to municipal governments large and small. Just last week, the Hackney Borough Council in London was rocked by ransomware, and the risk is growing for governments as incidents pile up.

IntegraMSP to the Rescue: Spotting and stopping phishing attacks is key to guarding your business against ransomware. BullPhish ID transforms staffers from a company’s biggest attack surface to it’s biggest asset with dynamic phishing resistance training. LEARN MORE>>

The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.