LAST WEEK, US HEALTHCARE PROVIDER GETS BREACHED 3 TIMES AND THIRD-PARTY RANSOMWARE PARKS CANADIAN AGENCY FOR DAYS.
LAST WEEKS CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
Verity Medical Foundation: Healthcare provider based in San Jose, CA.
Exploit: Employee phishing scam.
Risk to Small Business: 2.333 = Severe: VMF recently notified its patients of another security breach it suffered on January 16th of this year, immediately following two similar phishing incidents. A hacker was able to compromise an employee’s Office 365 account for several hours and send phishing emails internally and externally to gather usernames and passwords. Although the organization maintains that there is no evidence of patient information being accessed, they will now face scrutiny by the media and patients, along with being forced to deploy mandatory training for employees.
Individual Risk: 2.571 = Severe: Aside from account usernames and passwords, protected health information including DOBs, patient identification numbers, phone numbers, addresses, health plans, treatments received, SSNs, and even insurance details may have been exposed. While the company believes that it was unlikely that the attacker was after the data, affected patients should enlist in identity monitoring and additional security measures.
Customers Impacted: 14,894 patients
How it Could Affect Your Business: The compounding effects of back-to-back breaches can amount to serious losses for organizations. Even worse, employee phishing attacks are entirely preventable through the implementation of security training and education. If breach occurs, businesses are forced to enroll their employees in such programs anyway, and likely at a higher cost. By then, however, the damage will have already been done.
Earl Enterprises: Hospitality industry giant that owns Buca Di Beppo, Planet Hollywood, Earl of Sandwich, and other restaurant brands
Exploit: Malware installation on point-of-sale (POS) systems
Risk to Small Business: 2 = Severe: In a press release published last Friday, the company announced that hackers had planted malware on POS systems, affecting over 100 restaurants between May 23, 2018, and March 18, 2019. After noticing a mysteriously large card dump in February, cybersecurity researchers realized that this incident is related to a database that is already available for sale on the Dark Web. In addition to dealing with customer churn and brand degradation, the company will now have to do its best to protect the users whose card information is up for grabs on the Dark Web.
Individual Risk: 2.428 = Severe: Credit and debit card numbers, expiration dates, and cardholder names were exposed in the incident and will eventually be sold to the highest bidder on the Dark Web. Anyone who dined at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, or Tequila Taqueria should consider cancelling their cards, monitoring their financial reports, and changing their passwords.
How it Could Affect Your Business: In the wake of a breach, understanding how fraudsters plan on using stolen data is crucial to risk mitigation. If Earl Enterprises had worked with security providers capable of monitoring the Dark Web, the company would have been able to identify the threat earlier and act accordingly.
How it Could Affect Your Business:Vendors that serve as third-party service providers for large firms should be wary of upcoming attacks. As hackers shift their focus towards the smallest vulnerabilities within an organization, they will certainly consider targeting the third-party companies that manage their data. To avoid future compromises, companies should work with a security solution that employs a Dark Web monitoring tool which can be crucial in determining if stolen information is trading hands between.
Exploit: IT System breach.
How it Could Affect Your Business: Just because a company has been hacked before does not mean that it won’t be targeted again. In this case, it is quite possible that the fraudsters intended to extract valuable information from the Australian breach of Toyota in order to access their main offices. To keep systems airtight, companies must reevaluate what data is shared across working groups, departments, and offices, along with emphasizing the importance of adhering to cybersecurity best practices when it comes to their employees.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!