Last week, ransomware erodes productivity, a malware attack permanently destroys patient data, and a new study reveals the extent of data breaches in the UK.  

United States – TV Eyes 

Exploit: Ransomware
TV Eyes: Media monitoring service

Risk to Small Business: 2.222 = Severe: An unidentified ransomware strain has disabled the network’s core servers and engineering workstations. As a result, clients have been unable to access any information, which could have broad and long-lasting financial consequences for the media monitoring company. TV Eyes has declined to pay the ransom. Still, brand erosion and opportunity costs will make this an expensive attack at a critical time for the company, whose services are widely used by news outlets and PR agencies to access media content for reporting purposes.

Individual Risk: 2.875 = Moderate: At this time, no personal information was compromised in the breach. However, some PR professionals and media members had expressed fears that their data was compromised before hackers encrypted their files. Those impacted by the breach should update their account credentials while being especially critical of digital communications.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: In addition to academic and government institutions, cybercriminals are increasingly targeting businesses that store customer data. Many are now willing to compromise customer data if ransom demands aren’t met, a new reality that significantly increases the potential damage of a ransomware attack. Since ransomware attacks always require a vulnerability to gain network access, companies should regularly assess their defensive postures to ensure that they are prepared for this nefarious attack methodology.

---

United States – Electronic Warfare Associates (EWA)

Exploit: Ransomware
Electronic Warfare Associates (EWA): Electronic product and services company

Risk to Small Business: 2.111 = Severe: Cybercriminals encrypted the company’s web servers, leaving customer-facing signs of a cyberattack even several days after the event. In response, the company took down the affected servers, and it’s unclear how much of the company’s internal IT is impacted by the attack. More than a week after the attack was discovered by security researchers, EWA still hasn’t issued a statement to the public. This lack of transparency could complicate their recovery process, which already promises to be an arduous journey due to the complicated nature of their business.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks often come with cascading consequences that impact every part of a business. Not only does this attack vector come with high up-front expenses, but the reputational damage and opportunity cost can be even more damaging. Every company should assess its threat landscape to ensure that it can adequately defend against a devastating ransomware attack.

---

United States – Fondren Orthopedic Group 

Exploit: Malware attack
Fondren Orthopedic Group: Orthopedic healthcare services provider

Risk to Small Business: 1.555 = Severe: A malware attack destroyed a number of the medical provider’s patient records. The incident was first discovered in November 2019, but IT administrators only recently identified the permanent damage to their digital records. As a result, patients have to complete new patient information forms that include detailed medical histories. Given the sensitive and incredibly important nature of this information, this attack could negatively impact patient care, and it will undoubtedly invite regulatory oversight.

Individual Risk: 2.285 = Severe: Fondren Orthopedic Group noted that there is no evidence of patient information being compromised. However, the lost data includes patients’ names, addresses, phone numbers, treatment data, and healthcare information. It stands to reason that if hackers can erase patient data, then they can also use it for other nefarious purposes. Those impacted by the breach should carefully monitor their online accounts for unusual or suspicious activity, and they should scrutinize digital communications because compromised data is often redeployed in spear-phishing attacks.

Customers Impacted: 30,049

How it Could Affect Your Customers’ Business: After this devastating malware attack, Fondren Orthopedic Group announced an update to their cybersecurity practices, a move that is too little, too late for the thousands of patients impacted by the breach. There are many steps companies can take to mitigate the risk of a data breach, but those steps need to be taken before an incident occurs. Otherwise, these measures serve as vanity metrics as opposed to a defensive strategy.

---

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

More than Half of British Consumers Endured a Data Breach in 2019 

Globally, data breaches are increasing in both frequency and scope, a reality that is acutely felt by users in the United Kingdom. According to a new study, 58% of UK citizens experienced a data breach in the past twelve months. While today’s cyber threats are complicated and multifaceted, the study attributed the rise of increasingly complicated phishing attacks as a primary vector for data compromise.

Not too long ago, we reported on four phishing attack trends that were impacting the data security landscape, and it’s clear that those methodologies were astonishingly effective at compromising user data in the past year.

However, the report didn’t just identify the troubling trend. It recommends that users ditch their redundant, simplistic, and overly-personal passwords for strong, unique passwords across all of their accounts. Also, it encouraged users to adopt two-factor authentication as an effective way to prevent cybercriminals from gaining account access.

While business email compromise is enabling data breaches with stunning frequency, companies and consumers are not powerless. Contact ID Agent today to learn about our industry-leading tools for repelling phishing scams and protecting account integrity with two-factor authentication.

---

A Note From Kobargo

Phishing Scam Invokes Executive to Trick Employees 

An employee of Village Care Rehabilitation and Nursing Center (VCRN), a non-profit healthcare provider, fell for a complicated phishing scam that compromised patients’ protected health information. The fraudulent message was purportedly sent from a company executive, a scenario that inherently elicited the employee’s trust to provide authority for sharing data via email.

The episode is indicative of how phishing scams have evolved to become more personal and difficult to detect. With data breaches only becoming more expensive and consequential, every business should review and update its security awareness training to ensure that it accounts for the latest threats and trends.

In other words, identifying unsophisticated spear-phishing emails with a spam filter won’t be enough to combat today’s phishing scam trends. However, comprehensive employee awareness training, like that offered by ID Agent, can ensure that your company is protecting against phishing scams.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, a phishing scam compromised an entire healthcare network, malware impacted productivity, and ransomware attacks become costlier than ever.

United States – Tampa Bay Times 

Exploit: Ransomware
Tampa Bay Times: Local news organization

Risk to Small Business: 2.111 = Severe: Cybercriminals infected Hanna Andersson’s online store with payment skimming malware that collects customers’ personally identifiable information. The breach impacted customers shopping between September 16 and November 11, 2019. The company only identified the breach after being notified by law enforcement, and the consequences were exacerbated because Hanna Andersson failed to follow PCI standards for payment card encryption and CVV management. As a result, the company will likely face both customer blowback and regulatory scrutiny, neither of which will help the business thrive.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybercriminals are frequently turning to ransomware attacks to exploit companies that can’t or won’t protect their critical IT. These attacks are relatively easy to deploy, and, for organizations unprepared to defend themselves, they are uniquely expensive. With today’s threat landscape, it’s critical to regularly assess and update your defense posture to meet the moment.

---

United States – California Healthcare Network

Exploit: Phishing scam
California Healthcare Network: Hospital and urgent care center operator

Risk to Small Business: 1.888 = Severe: Employees fell for a phishing scam that compromised patients’ protected health information (PHI). The company first discovered the breach on June 19, 2019, when it secured accounts by resetting login credentials. However, an additional investigation revealed that patient data was compromised in the breach. The California Healthcare Network is notifying patients of the incident and updating the email security standards, but the real test is certainly still ahead. Healthcare data breaches are the most expensive of any sector, and the company will undoubtedly endure intense regulatory scrutiny because of the sensitive nature of the breach.

Individual Risk: 2.428 = Severe: Hackers had access to patient data contained in employee email accounts. California Health Network declined to provide specific data categories, but healthcare records often include patients’ most sensitive personal data. The access is limited between June 11, 2019, and June 18, 2019, but the information has now been available for more than six months, so those impacted by the breach will want to work quickly to secure their data. The California Healthcare Network is offering free credit monitoring services to all victims.

Customers Impacted: 199,548

How it Could Affect Your Customers’ Business: Most data breaches begin with a successful phishing scam. Every organization has a responsibility to train its employees in defensive best practices, which is a relative bargain compared to the high cost of a data breach. In doing so, organizations transform a known vulnerability into a valuable asset to their defensive posture.

---

Germany – City of Potsdam 

Exploit: Malware attack
City of Potsdam: Local municipality

Risk to Small Business: 2 = Severe: A malware attack forced the City of Potsdam to bring its network entirely offline to prevent further expansion and data exfiltration. As a result, government employees cannot send or receive an email, and most administrative functions are inaccessible. While emergency services remain unharmed, there will be a significant cost for the government, as worker productivity slows, sales opportunities are missed, and recovery efforts eat away at precious resources.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Data breaches continue to become more expensive, partly because the opportunity costs are so high. In the digital age, cyberattacks can render an organization useless, eroding their bottom line and dampening the future financial outlook. Unfortunately, many organizations can’t sustain that level of financial loss and are forced to close their doors. However, a strong defense posture can ensure that your business is ready to thrive amidst today’s evolving threat landscape.

---

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Recovering From a Ransomware Attack is More Expensive Than Ever 

2019 saw a steep rise in the number of ransomware attacks impacting vulnerable organizations. Unfortunately, recovering from these attacks is becoming more expensive than ever. According to a new report, the total recovery cost of a ransomware attack doubled in the last quarter of the year, reaching $84,116.

In some cases, the cost is increasing because cybercriminals demand higher ransoms, but other factors, including hardware replacement, lost revenue, and brand erosion, all contribute to this incredibly high sum.

In addition, the report detailed the latest escalation in ransomware attacks. Cybercriminals are not content with just encrypting data and demanding Bitcoin payments anymore. They are increasingly willing to release company data online, which can provide both a greater incentive for companies to pay the ransomware and add a secondary revenue stream for criminal operations. Taken together, it’s clear that today’s organizations need to reassess their defensive postures as it relates to this escalating threat.

Notably, ransomware always requires an access point and a foothold to encrypt company data. Closing off common loopholes like phishing emails and securing employee accounts with simple, effective tools like two-factor authentication can help ensure that your organization isn’t the next victim of an expensive ransomware attack.

---

A Note From Kobargo

Canada Plans to Update Its Data Privacy Laws 

Data privacy regulations are becoming par for the course in today’s dangerous digital landscape. In addition to Europe’s tone-setting General Data Protection Regulation, California’s Consumer Privacy Act and New York’s SHIELD Act bring robust privacy regulation to the US. Now, Canadian authorities are indicating that they are ready to update the country’s data privacy laws as well.

According to the country’s Privacy Commissioner, David Therrien, Canada wants to update its mechanisms for providing support to individuals and accountability for companies. Currently, two federal statutes regulate data privacy in Canada, and when the country updated their requirements in 2018, the number of reported breaches increased six-fold in the following year.

It’s likely that Canada will continue to update its guidelines, specifically in the area of enforcement. By implementing financial penalties for data security, Canada would more closely align its data privacy laws with other prominent regulations. Collectively, it’s clear that digital platforms no longer operate in a veritable Wild West. Instead, companies are going to need to learn how to achieve and demonstrate compliance with multifaceted privacy laws around the world.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, malware compromises online stores, accidents lead to expensive data breaches, and phishing scams top the UK’s threat list.  

United States – Hanna Andersson 

Exploit: Malware attack
Hanna Andersson: Children’s clothing maker

Risk to Small Business: 2.222 = Severe: Cybercriminals infected Hanna Andersson’s online store with payment skimming malware that collects customers’ personally identifiable information. The breach impacted customers shopping between September 16 and November 11, 2019. The company only identified the breach after being notified by law enforcement, and the consequences were exacerbated because Hanna Andersson failed to follow PCI standards for payment card encryption and CVV management. As a result, the company will likely face both customer blowback and regulatory scrutiny, neither of which will help the business thrive.

Individual Risk: 2.285 = Severe: Hackers obtained customers’ personal and financial data entered at checkout. This includes their names, shipping addresses, billing addresses, payment card numbers, CVV codes, and expiration dates. Unfortunately, it appears that some customers were already victimized by hackers, as law enforcement identified the breach because of fraudulent purchases made online using these credentials. Therefore, anyone impacted by the breach should immediately notify their financial institutions of the event. They also need to carefully review their account details for unusual or fraudulent activity. Credit and identity monitoring services can keep an eye on long-term misuse, ensuring that victims’ information remains secure even after the urgency of the matter has decreased.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Customers and companies are increasingly unwilling to partner with organizations that can’t secure their data. Consequently, avoidable data breaches are an especially egregious way to compromise a company’s long-term viability. Inevitably, mistakes will be made, but identifying those errors and making corrections before hackers can capitalize on the information is critical to any defensive posture.

---

United States – Health Quest

Exploit: Phishing scam
Health Quest: Network of hospitals and healthcare providers

Risk to Small Business: 1.666 = Severe: Health Quest is updating its data breach announcement from an event that initially occurred in July 2018 when several employees fell for a phishing attack that compromised patients protected health information (PHI). In the attack, employees provided their email account credentials to hackers who used their information to access patient data. The hospital sent breach notifications in May 2019, but the latest announcement expands the depth and scope of the breach. However, it’s unclear why it took the company nearly a year to issue the initial notification and another year to update their assessment. Healthcare breaches are the most expensive of any sector, and Health Quest will likely endure high recovery costs along with intense regulatory scrutiny.

Individual Risk: 2.142 = Severe: REMOVE

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: After the breach, Health Quest announced that it would implement two-factor authentication to secure employee accounts and is instituting employee awareness training to guard against future phishing attacks. Unfortunately, these efforts won’t recover any compromised data, and it won’t mitigate the damage from this breach. To protect data, these highly effective defense tactics need to be deployed before a breach occurs.

---

United States – The Center for Neurological and Neurodevelopment 

Exploit: Phishing scam
The Center for Neurological and Neurodevelopment (CNNH): Healthcare provider

Risk to Small Business: 1.777 = Severe: Hackers gained access to an employee account containing patients’ protected health information. The unauthorized access lasted for more than a month, occurring between October 7, 2019 and November 22, 2019. In response, CNNH secured the account and hired a third-party forensics team to investigate the breach. However, the diagnosis is unlikely to be positive, and the company likely faces an expensive road ahead.

Individual Risk: 2 = Severe: The data breach doesn’t include all CNNH patients, but hackers did have access to patient data contained in the employee email account. This could include patient names, addresses, dates of birth, health insurance information, medical/patient record numbers, and treatment information. CNNH encourages all victims to closely monitor their accounts and insurance statements to check for fraudulent activity and to notify their insurance providers if they discover false charges.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: CNNH secured the account by resetting its credentials and is updating company-wide email standards by enabling two-factor authentication and updating employee training initiatives. These simple data security measures should be standard at every company, and they have to be implemented before a breach occurs. With the cost and consequences of a breach continually increasing, companies can’t afford to wait until it’s too late to take steps to protect their data.

---

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Phishing Tops UK Cyber Threat Landscape 

Today’s companies face a litany of cybersecurity threats, but, according to the results of a new study, none are more prevalent than phishing attacks. The study, which surveyed UK ICO reports, found that there were 1,080 phishing-related beaches in 2019, a significant increase from 877 the year before. In total, phishing attacks caused 45% of all data breaches. While other notable causes like unauthorized access, ransomware, and brute force password attacks run rampant, none are even close to as prominent as phishing attacks.

This trend reflects cybercriminals’ desire to target employees and individuals who may not be prepared to identify and respond to the innocent-looking messages that frequently arrive in their inboxes. In response, companies can focus their defense initiatives to combat this trend. Employee awareness training is a proven way for companies to transform their employees from a potent risk to a proven line of defense against cybercrime.

To get help implementing comprehensive employee awareness training, contact ID Agent to learn more about how our simulated phishing attacks can equip your employees to respond to this prominent threat. 

---

A Note From Kobargo

Data Privacy Fines Reach $126 Million 

It’s been just over a year and a half since GDPR’s implementation, and the fines are starting to add up. According to the latest report, the expansive data privacy regulation has levied $126 million in penalties on companies throughout Europe. To some, the fines are relatively modest, a reminder that regulatory oversight can be slow to impact businesses’ bottom lines. However, others see the figure as an ominous reminder that data privacy failures won’t come without consequences. 

At the same time, Europe isn’t the only place imposing financial penalties on companies that can’t protect customer data. California’s Consumer Privacy Act and New York’s SHIELD Act both carry monetary penalties. In 2020, it’s clear that regulation is going to become more normative, not less, and businesses need to prepare. Contact ID Agent today to improve your defensive posture and avoid regulatory fines resulting from a breach.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, phishing scams cost millions, oversights compromise customer data, and Magecart targets Australian brushfire donors. 

United States – LimeLeads

Exploit: Unsecured database
LimeLeads: B2B lead generation service

Risk to Small Business: 2 = Severe: LimeLeads failed to secure an internal server, allowing a prominent threat actor to acquire and subsequently sell the company’s data on the Dark Web. The data breach could have significant implications for the company, whose business model centers around brokering company data for marketing initiatives. Security researchers found that the database was publicly exposed since at least July 27, 2019, meaning that the company had ample time to secure the database before bad actors became involved. Now they must grapple with crippling losses, including the less quantifiable brand erosion that accompanies a data breach.

Individual Risk: 2.428 = Severe: Company data has been for sale since October 2019, spanning across personally identifiable information such as their names, titles, email addresses, employer/company names, addresses, phone numbers, and even total revenue numbers. This information can be strategically deployed in spear-phishing attacks, so those impacted by the breach should be especially critical of online communications while also closely monitoring their accounts for suspicious or unusual information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Customers and companies are increasingly unwilling to partner with organizations that can’t secure their data. Consequently, avoidable data breaches are an especially egregious way to compromise a company’s long-term viability. Inevitably, mistakes will be made, but identifying those errors and making corrections before hackers can capitalize on the information is critical to any defensive posture.

---

United States – New Albany Airport

Exploit: Ransomware attack
New Albany Airport: New York-based airport authority

Risk to Small Business: 2.111 = Severe: A ransomware attack on one of the airport’s MSPs spread to its servers, encrypting backup files, administrative information, and other resources. Fortunately, the malware did not extend to the Albany International Airport or airline computers. However, the company was forced to pay a five-figure ransom to recover their information. The attack’s effectiveness was predicated on the organization’s outdated hardware and lax cybersecurity standards. In response, the New Albany Airport Authority terminated its contract with the MSP and is taking steps to upgrade its defensive posture.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This incident underscores the cascading consequences of a data breach. For the New Albany Airport Authority, they will bear the financial cost of recovery while their MSP will lose an important contract since they failed to protect their customers’ IT. From both directions, it’s clear that data security failure is a deal breaker in today’s digital environment.

---

United States – Manor Independent School District 

Exploit: Phishing scam
Manor Independent School District: Public school district

Risk to Small Business: 1.777 = Severe: Hackers successfully executed a phishing scam against employees, and they used the stolen credentials to siphon $2.3 million from the district. It took three separate transactions to acquire a significant sum, but their efforts were ultimately successful. The lost funds are just the start of an expensive process that will undoubtedly involve updating cybersecurity protocols, implementing employee awareness training, and upgrading IT infrastructure.

Individual Risk: 2.428 = Severe: While the phishing scam didn’t compromise the district’s data, those implicated in the scheme submitted their account credentials to cybercriminals. They will need to update their account information to ensure its long-term security. At the same time, they should closely monitor their other accounts for unusual or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: While some companies might be reticent to invest in employee awareness training, this incident demonstrates that the cost of a successful phishing scam far exceeds the expense of preventative measures. The district is working to recoup lost funds but is not likely to emerge unscathed. This news offers a cautionary tale for organizations of all shapes and sizes; preventative measures are only effective if they are implemented before a breach occurs.

---

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

Magecart Attack Targets Australian Bushfire Donations 

Australia’s bushfire natural disaster is one of the most profound in recent memories, inspiring donors from around the world to contribute resources to the cause. Unfortunately, a legitimate donations site was infected with a Magecart payment-card skimmer that stole donors’ personal information when making an online payment.

The breach was discovered by security researchers, who declined to identify the specific website impacted by the breach. Payment-card skimming malware is an increasing concern for e-commerce platforms, as it collects users’ most sensitive personal data. In addition, it undermines customer confidence in the online payment process, which could decrease their willingness to spend money online.

In this case, payment-card skimming could cost valuable resources in a dire situation. For all companies relying on e-commerce to drive revenue, it’s a reminder that customer confidence is a crucial component of successful online sales initiatives. 

---

A Note From Kobargo

Two-thirds of UK Healthcare Organizations Breached in 2019 

Healthcare companies store peoples’ most sensitive personal information, and data breaches in the industry are both increasingly prevalent and incredibly expensive. A compromised healthcare record is nearly twice as costly as that of the next highest sector. 

The consequences of this new reality are especially acute in the UK, where two-thirds of healthcare organizations experienced a data breach in 2019. According to a study by Vanson Bourne, nearly half of these incidents were malware-related. At the same time, other factors, including unauthorized data sharing, phishing scams, and noncompliance with data protection policies, also represented serious threats to healthcare data.

Notably, as the industry becomes increasingly tech-driven and comprised of third-party partnerships, these risks will continue to expand. In the year ahead, healthcare organizations around the world will need to reprioritize data security as an added element of quality patient care.

---

Contact Kobargo Technology Partners to schedule a free consultation today!

Last week, smart home technology targeted by hackers, a phishing scam breaches health information, and the UK has a rough year for data security. 

United States – Alomere Health 

Exploit: Phishing attack
Alomere Health: General medical and surgical hospital

Risk to Small Business: 1.777 = Severe: Two employees fell for a phishing scam that gave hackers access to patients’ protected health information. The first breach occurred between October 31, 2019, and November 1, 2019, while a second breach took place on November 6, 2019. In response, the company is updating its email security protocols, an effort that won’t restore the stolen data nor repair the company’s already-damaged reputation. In addition, Alomere Health could face regulatory penalties because of the nature and scope of the data breach.

Individual Risk: 2.285 = Severe: The compromised employee email accounts stored patient data, including names, addresses, dates of birth, medical record numbers, health insurance information, along with sensitive diagnosis and treatment details. In addition, some patients had their Social Security numbers and driver’s license numbers exposed. Alomere Health is offering free credit and identity monitoring services to those impacted by the breach, and anyone affected should enroll in these services. In addition, they should be especially critical of online communications, as the stolen data can be deployed in phishing scams that can collect additional personal data.

Customers Impacted: 49,351

How it Could Affect Your Customers’ Business: Phishing scams are the leading cause of data breaches, but they are also entirely avoidable. With the cost associated with a compromise continually escalating, training employees to identify and avoid phishing scams is a relatively low-cost initiative that can transform employees into a robust defense rather than an imminent vulnerability.

---

United States – Wyze 

Exploit: Unprotected database
Wyze: Low-budget home security company

Risk to Small Business: 2.222 = Severe: A cybersecurity company identified an exposed database containing the personal details of millions of Wyze users. The breach, which has not been confirmed by Wyze, is an unforced error that could have serious and financial and reputational implications. Smart home technology is often targeted by hackers due to its sensitive nature, and many consumers are already unwilling to work with companies that cannot protect their personal data, especially when it impacts their peace of mind and security.

Individual Risk: 2.428 = Severe: Users’ personal data, including email addresses, a list of cameras, camera names, Wi-Fi SSID, API tokens, and Alexa tokens, were all publicly available from the exposed database. Those impacted by the breach should reset their account passwords, enable two-factor authentication, and closely monitor their accounts for unusual activity.

Customers Impacted: 2,400,000

How it Could Affect Your Customers’ Business: Today’s consumers are beginning to make buying decisions based on a brand’s data security reputation. Especially in a sensitive sector like smart home technology, a strong cybersecurity posture is a prerequisite for long-term success. Unforced errors, such as leaving a database exposed, become especially egregious. Of course, mistakes do happen, and businesses need a response plan to contain the event and to identify the scope of the problem as quickly as possible.

---

United States – Children’s Choice Pediatrics 

Exploit: Ransomware
Children’s Choice Pediatrics: Pediatric healthcare provider

Risk to Small Business: 1.555 = Severe: A ransomware attack encrypted patient data and exposed patient records to hackers. The attack, which was discovered on October 27, 2019, encrypted the healthcare provider’s entire network. When records were restored, the provider discovered that some were irretrievably deleted. In response, Children’s Choice Pediatrics is upgrading its cybersecurity protocols to ensure that they don’t give a foothold to future ransomware attacks. However, the opportunity cost, reputational damage, and recovery expenses will continue to weigh down the practice now and for the foreseeable future.

Individual Risk: 2.285 = Severe: While hackers often encrypt company data to extract a ransom, many are turning to data theft as a means to exact additional money from a ransomware attack. In this case, some patients’ personally identifiable information may have been exposed to hackers. Those impacted by the breach should stay vigilant in monitoring their online accounts and scrutinizing digital communications as this data is often redeployed in phishing attacks that compromise additional data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Reactive cybersecurity measures can’t undo the damage of a data breach. With the holistic cost associated with exposure at an all-time high, companies have millions of reasons to embrace a robust defensive posture against cybercrime. Often, this means starting by securing accounts using best practices, like two-factor authentication, to keep intruders out.

---

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

UK Businesses Endured an Attack Every Minute in 2019 

For companies around the world, 2019 was a terrible year for data security. This is especially true for UK businesses, which endured a deluge of cybersecurity episodes equal to an attack every minute. Individually, it’s estimated that each business experienced 576,575 attempts to compromise company data in 2019, a 152% year-over-year increase.

The report, compiled by Beaming, a Hastings-based ISP, identified China as the origin for nearly ⅕ of the attacks. Hackers commonly pursued domain admin tools and IoT endpoints to gain access to company networks. In total, the report concluded that 2019 was the worst year on record for UK data breaches. Moreover, the report cautioned SMBs to take cybersecurity issues more seriously by recognizing the profound risk and implementing basic protection plans, including adopting two-factor authentication to secure web platforms.

---

A Note From Kobargo

ID Agent Speaks with The Cyber Wire Podcast 

This week, The Cyber Wire Podcast replayed my conversation in which I discussed the role of monitoring initiatives in helping victims recover from the 2015 data breach at the US Office of Personnel Management, which compromised 4.2 million government employees. 

The data breach is one of the most significant data breaches in history, and it serves as a harbinger for our current data landscape. Hackers effectively obtained a dossier on millions of Americans and monitoring the Dark Web for this information was an enormous, sprawling effort that provided security and peace-of-mind to those impacted by the breach.

Listen to the Cyber Wire Podcast to learn more about the team responsible for restoring and protecting the identities of more than four million government employees in the Office of Personnel Management. Today, this type of data disaster is much more common, and the risk of both companies and consumers has never been higher. At ID Agent, we provide the tools to help protect your customer and company data from falling into the wrong hands

---

Contact Kobargo Technology Partners to schedule a free consultation today!