The Week in Breach: Featured Threat
The BlackBaud Breach Just Keeps Getting Worse, Illustrating the Dangers of Third Party Threats
The fallout from the huge breach at fundraising and non-profit services provider BlackBaud is continuing to land, impacting colleges, foundations, trusts, and other organizations throughout the US, Canada, and the UK.
The breach exposed the donor and fundraising program details of non-profits of every size, but it’s spawned an unexpected new wrinkle – the exposure of data that it had collected and maintained for hospitals around the US, a circumstance that could have major repercussions.
Shockwaves stated traveling through the medical community as the first reports of patient information compromised as a result of the BlackBaud breach began to come to light. It’s estimated that more than 1 million records were exposed. Here’s a list of just a few of the impacted institutions:
- Children’s Hospital of Minnesota (Minneapolis, MN)
- Trinity Health of New England (Boston, MA)
- Virginia Commonwealth University Hospital ( Richmond, VA)
- Our Lady of the Lake Regional Medical Center (Baton Rouge, LA)
- The Christ Hospital Health Network in Cincinnati.
- UMass Memorial Medical Center (Worcester, MA).
- Vidant Health in (Greenville, NC)
- Texas Children’s Hospital (Houston, TX)
- ChristianaCare in (Newark, DE)
- Trinity Health in Livonia, MI)
- Montefiore Medical Center (New York, NY)
- Catholic Medical Center (Manchester, NH)
- Memorial Sloan Kettering Cancer Center (New York, NY)
- Atrium Health (Charlotte, NC)
- Catholic Health (Buffalo, NY)
- MultiCare Health System (Tacoma, WA)
- Northern Light Health Foundation (Brewer, ME)
- NorthShore University Health System (Evanston, IL)
- Northwestern Memorial HealthCare (Chicago)
- Saint Luke’s Health System (Kansas City, MO)
- Spectrum Health (Grand Rapids, MI)
- UF Health (Gainesville, FL)
- UK HealthCare (Lexington, KY)
- UT Health San Antonio(San Antonio, TX
- Inova Health System (Falls Church, VA)
Protecting your company from danger created by a third party vendor is crucial to building a strong cybersecurity strategy. No business is an island – we all do business with partners, vendors, service providers, and other entities. and those folks will do business with other entities.
While we can strive to choose the best partners by carefully reviewing the security postures of other companies, variables like insider threats, and cybercrime as a service ensure that no company is guaranteed “safe”. Adding protections on your end to mitigate potential compromise is the only way to protect your business from third party risk danger.
to ‘LEVEL UP’ Your Security
United States – Artech Information Systems
Artech Information Systems: Staffing Firm
Risk to Business: 1.602 = Extreme
Artech Information Systems, one of the largest IT staffing companies in the US, just announced that they’d had a data breach exposing personal, financial, and health information of some of its clients. The company was informed by security researchers that the REvil gang advertised 337MB of stolen data in January, but Artech first sent out breach notifications at the beginning of September, despite completing its investigation at the end of June, leaving clients exposed to risk for 8 months.
Individual Risk: 2.424 = Severe
The stolen files contained PII including names, Social Security numbers, medical information, health insurance information, financial information, payment card information, driver’s license/state identification numbers, government-issued identification numbers, passport numbers, visa numbers, electronic/digital signatures, usernames, and passwords. information. Affected clients have been notified and told to monitor their bank statements for suspicious activity and be on the lookout for fraud and identity theft. The firm is offering free credit monitoring and identity protection to all affected customers.
Customers Impacted: 10,000+
How it Could Affect Your Business: Ransomware is a terrifying specter, but it can be ameliorated. What can’t is a failure to even tell your clients that they’re at risk for 8 months or more.
IntegraMSP to the Rescue: Ransomware is usually delivered as the result of a phishing attack. LEARN HOW WE CAN HELP>>
United States – Department of Veterans Affairs
Exploit: Unauthorized Access (Credential Compromise)
Department of Veterans Affairs: Federal Agency
Risk to Business: 1.667 = Severe
The Department of Veterans Affairs (VA) informed affected users on Monday of a data breach that resulted in the exposure of 46,000 veterans’ personal information. The incident stemmed from unauthorized users accessing an application within the Financial Service Center (FSC) to steal payment away from community health care providers. In a statement, the VA said malicious actors used “social engineering techniques” and exploited “authentication protocols” to gain access to the system. Recent additional information that has come to light indicates that 17,000 community care providers may also have been affected.
Individual Risk: 1.806 = Severe
No information has been provided about the exact nature of the compromised information. The VA has directed those who suspect that they may have been impacted to email or mail questions to the VA
Customers Impacted: 46,000 veterans and 17,000 medical care providers
How it Could Affect Your Business Social engineering attacks, typically in the form of password theft or phishing, can devastate a business, especially if it results in the compromise of a privileged account.
IntegraMSP to the Rescue: BullPhish ID enables you to undertake phishing resistance training campaigns quickly and painlessly with “set it and forget it” campaign management and plug-and-play training kits. LEARN MORE>>
United States – Activision Blizzard
Exploit: Credential Stuffing
Activision Blizzard: Video Game Developer
Risk to Business: 1.995 = Severe
Cybersecurity researchers have uncovered the files for more than 500,000 accounts for the company’s Call of Duty franchise with login data compromised. The eSports site Dexerto reported that a data breach occurred on September 20 and that the credentials to access these accounts have been leaked publicly. Activision Blizzard is denying the incident, but many gaming and cybersecurity news outlets have reported evidence of the incident, including directly affected user records
Individual Risk: 1.965 = Severe
Call of Duty account holders should monitor their account for unauthorized activity. No information has been reported on whether or not financial information or PII was included in this breach. Players should also be alert to potential spear phishing using this information.
Customers Impacted: Unknown
How it Could Affect Your Business: Failing to acknowledge a data breach that’s widely reported and confirmed is not the way to start repairing your company’s reputation or your clients’ trust after an incident.
IntegraMSP to the Rescue: Credential stuffing attacks are fueled by Dark Web data. Guard your company against credential stuffing attacks powered the information available in huge Dark Web data dumps by monitoring your company’s credentials for compromise with Dark Web ID. LEARN MORE>>
United States – Newhall School District (Valencia, CA)
Newhall School District: School System
Risk to Business: 2.351 = Severe
A cyberattack against the Newhall School District in Valencia, CA affected all distance learning across 10 schools, shutting down remote learning for 6,000 elementary school students. Newhall’s servers have been shut down and teachers are attempting to keep students learning while the incident is investigated and systems are restored with pencil and paper assignments.
Individual Risk: No information was reported as compromised in this incident
Customers Impacted: 6,000 students
How it Could Affect Your Business: Attacks on education have been skyrocketing, and failure to update security awareness and phishing resistance to keep up opens schools to this massive threat.
IntegraMSP to the Rescue: Protect your clients from ransomware with the 1 -2 punch of updated training with BullPhish ID and automated phishing protection from Graphus, your perfectly integrated anti-phishing guardians. LEARN MORE>>
USA – University Hospital New Jersey
University Hospital New Jersey: Healthcare Provider
Risk to Business: 2.391 = Severe
The SunCrypt ransomware operation has leaked data allegedly stolen from University Hospital New Jersey (UHNJ) in a ransomware attack. The attackers have leaked 1.6 GB ff the 240 GB of data containing over 48,000 documents. The documents contain patient information release authorization forms, copies of driving licenses, Social Security Numbers (SSNs), date of birth (DOB), and records about the Board of Directors.
Individual Risk: 2.027 = Severe
People who have received medical treatment at the hospital may have had their PII compromised, and should be alert for spear phishing attempts, identity theft, or blackmail attempts tied to this information
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is often the unwelcome gift that comes with a phishing email. By failing to train staffers to resist phishing attacks, companies leave themselves open for ransomware infections.
IntegraMSP to the Rescue: Automate your company’s defense against phishing and put layers of protection between a phishing email and your data fast. SEE HOW IT WORKS>>
The Week in Breach Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.