Last week, ransomware costs companies on multiple fronts, phishing scams have extensive data security consequences, and companies fail to adequately evaluate their third-party data sharing standards.
United States – DeBella’s Subs
Exploit: Malware attack
DeBella’s Subs: Rochester-based restaurant chain
Risk to Small Business: 2 = Severe: Credential stealing malware was discovered in the restaurant chain’s information systems almost a year after the initial incident. However, the company acknowledged that the breach investigation was completed well before the company notified the public, a misstep that will undoubtedly mar the recovery process. The company is taking steps to ensure that this type of attack won’t be successful in the future, but that won’t help the hundreds of thousands impacted by this data breach.
Individual Risk: 2.428 = Severe: Customers’ personal and financial data may have been compromised in the breach. This includes names, payment card numbers, expiration dates, and CVV numbers. The breach is limited to customers in Connecticut, Indiana, Michigan, Ohio, New York, and Pennsylvania between March 22, 2018, and December 28, 2018. Although the damage resulting from the data exposure may already be inflicted, those impacted should still take necessary precautions such as contacting their financial institutions and reviewing card histories to check for unauthorized charges.
Customers Impacted: 305,000
How it Could Affect Your Customers’ Business: Reputation management and restoration is a critical component of an effective data breach response plan. Although it’s more difficult to quantify than direct financial losses, the reputational damage can be extremely problematic for any company and even place their ability to recover in jeopardy. Instead, providing timely communications and a comprehensive overview of what happens to customer data after it’s stolen can help companies demonstrate that they are serious about data security, helping restore customer confidence along the way.
United States – Magellan Rx Management
Exploit: Phishing scam
Magellan Rx Management: Full-service pharmacy benefit manager
Risk to Small Business: 1.777 = Severe: An employee fell for a phishing scam that provided hackers with access to his account, which contained health plan member data. The breach occurred back on May 28th, and it wasn’t identified until July 5th. However, it’s unclear why the company waited until November before disclosing the breach to the public. Officials haven’t found any evidence that the data was misused, but the lengthy response time makes it more difficult for those impacted by the breach to secure their information before it’s used for nefarious purposes.
Individual Risk: 2 = Severe: The breach included member information, including names, dates of birth, health plan member ID numbers, health plan names, providers, diagnoses, and other healthcare-related information. This information is often used to facilitate additional cybercrimes like spear-phishing attacks, so those impacted by the breach should be critical of digital communications, especially those requesting personal information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Despite advanced security practices and other defensive efforts, phishing scams will inevitably make their way into employees’ inboxes. Fortunately, such messages can be rendered harmless, unless they are acted upon by an employee. Every business can enhance its defensive posture by providing comprehensive awareness training to keep employees abreast of the latest threats and the best practices for protecting company data.
Netherlands – Vistaprint
Exploit: Exposed database
Vistaprint: Small business marketing product provider
Risk to Small Business: 1.888 = Severe: Vistaprint left an unencrypted database exposed, allowing anyone to access information related to customer service calls, chats, and emails. After the company was publicly alerted to the oversight on Twitter, they brought the database offline. The database has been exposed since November 5th, giving cybercriminals extensive access to sensitive customer data. At the very least, the episode was embarrassing for Vistaprint, which was exposed in a public forum and forced to issue a public notification of their poor data management standards. This hard-to-quantify reputational damage can be an impediment to businesses operating in competitive, digital spaces where customers are increasingly unwilling to do business with companies that can’t protect their data.
Individual Risk: 2.285 = Severe: In addition to information related to users’ customer service interactions, the data breach compromised personally identifiable information, including names, email addresses, phone numbers. The company can’t guarantee that this information wasn’t accessed by bad actors. Since personally, identifiable information has a robust market on the Dark Web, those impacted by the breach should closely monitor their online accounts for suspicious activity, and some users may want to enroll in identity monitoring services.
Customers Impacted: 51,000
How it Could Affect Your Customers’ Business: Today’s customers are increasingly unwilling to do business with companies that can’t protect their personal data. That reality makes an unforced error, like an exposed database, especially egregious. In today’s tech-centered business environment, expansion and advanced features can’t be implemented at the expense of data security, a reality that privacy regulators and ordinary consumers are ready to enforce.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Australian Companies Have Dangerous Data Sharing Practices
Third-party partnerships have become a normative, even necessary, component of doing business in 2019. Unfortunately, for many companies, these potentially beneficial relationships are often a liability when it comes to data security. According to a recent study by Security in Depth, 84% of Australian companies had not completed a formal review of their data-sharing practices with third-party partnerships, a staggering amount of negligence in today’s digital environment.
For instance, nearly 60% of those surveyed acknowledged that they had experienced a third-party data breach in the past 12 months, a 3% increase from the previous year. These figures reveal a growing chasm between the known threat landscape and the steps that companies are willing to take to protect their valuable company and customer data.
Indeed, today’s threat landscape is expansive, but companies can mitigate many of the most prescient threats by partnering with MSPs that can offer best practices for securing third-party vulnerabilities. As the cost of a data breach quickly escalates, business leaders have millions of reasons to focus on cybersecurity as a business priority.
A Note From Kobargo
Netherlands Warns of Global Ransomware Attacks
As this week’s newsletter reveals, ransomware attacks are impacting businesses of every size in every sector. This malware, which restricts access to a company’s IT infrastructure, is often totally debilitating, resulting in opportunity and productivity costs that accompany the already high price associated with ransomware recovery.
Now a report from the National Cyber Security Center in the Netherlands is shedding some light on just how expansive this malady really is. The report found that 1,800 companies around the world are currently impacted by ransomware, a staggering number that officials believe underrepresents the real sum since many ransomware incidents go unreported.
What’s more, the report found that cybercriminals often rely on a single network intruder to plant the malware. These credentials can cost as much as $20,000 on the Dark Web, but they are readily available, and businesses need to know if their information is available on underground marketplaces to protect their IT from infiltration. Ransomware attacks have proven to be a low-risk, high-reward endeavor for many cybercriminals, which means that these attacks are unlikely to abate any time soon. Instead, SMBs should turn their attention towards maintaining a robust defensive posture capable of ensuring that their company name isn’t added to the growing list of companies impacted by ransomware.
Contact Kobargo Technology Partners to schedule a free consultation today!
Last week, compromised email accounts expose IT infrastructure, a Disney+ data breach exposed credentials to the Dark Web, and cybersecurity incidents are expected to rise this Holiday season.
United States – Select Health Network
Exploit: Unauthorized email account access
Select Health Network: Indiana-based collection of healthcare providers
Risk to Small Business: 1.444 = Extreme: An employee’s compromised email account credentials were used to access sensitive data for thousands of patients. The data was accessed between May 22 and June 13, and it’s unclear why it took the company so long to identify the breach and to report it to patients. Regardless, a small vulnerability will likely result in a sizeable blowback in the form of regulatory scrutiny, brand erosion, and potential financial repercussions.
Individual Risk: 2.142 = Severe: Hackers had access to patient data, including names, addresses, dates of birth, member identification numbers, treatment information, health insurance details, medical history information, and medical record numbers. In addition, some patients’ Social Security numbers were accessible. Those impacted by the breach should know that their credentials could have already been misused, and they should take steps to evaluate their data integrity while also ensuring long-term security.
Customers Impacted: 3,582
How it Could Affect Your Customers’ Business: Small security lapses can have serious consequences, as evidenced by the expansive breach resulting from one compromised employee account. However, companies have an obligation to support their customers after a breach and identifying what happened to their data after it was stolen is a good place to start. Taking the right course of action to support customers after a breach can go a long way towards repairing the reputational damage that can have far-reaching repercussions.
United States – Solara Medical Supplies
Exploit: Compromised email account
Solara Medical Supplies: Supplier of diabetes-related treatment products
Risk to Small Business: 1.444 = Extreme: An unauthorized third-party gained access to several employee accounts containing patient and employee data. The breach was first discovered on June 20th, and the compromised data was exposed between April 2nd and June 20th. In response, the company reset account passwords, and Solara is updating its policies to ensure that a similar scenario doesn’t occur again in the future. Unfortunately, such maneuvers won’t help patients whose data was already stolen in the breach. Moreover, the company’s lengthy response time will certainly invite increased regulatory scrutiny while giving consumers fodder for criticism during the recovery effort.
Individual Risk: 2.142 = Severe: Personal information, including names, addresses, dates of birth, Social Security numbers, employee identification numbers, medical information, health insurance information, financial information, credit/debit card numbers, password information, Medicare/Medicaid numbers, and billing information were all at risk. This comprehensive data set can quickly be distributed on the Dark Web, where it can be used to execute even more egregious cybercrimes. Those impacted by the breach should take every precaution to ensure that their data isn’t being misused.
Customers Impacted: 82,577
How it Could Affect Your Customers’ Business: Preventing a data breach begins with accounting for your vulnerabilities. One of the easiest yet most important cybersecurity initiatives that businesses should undertake is tightening up security around company email accounts. Whether your business fortifies credentials with strong, unique passwords and two-factor authentication or it integrates active monitoring protocols to evaluate data movement, password protection is quickly becoming a “can’t miss” component of any data security strategy.
New Zealand – Disney+
Exploit: Compromised user accounts
Disney+: Media streaming service
Risk to Small Business: 1.888 = Severe: Thousands of Disney+ customers had their login credentials stolen and distributed on the Dark Web. While the data breach isn’t limited to Australian users, it coincided with the Australian launch of the streaming service, which means that the brand’s reputation was damaged before users had an opportunity to judge the service based on its merits. In a crowded marketplace, brand erosion can quickly degrade competitiveness, and these negative headlines will not help Disney’s competition against Netflix and other streaming services.
Individual Risk: 2.142 = Severe: It’s unclear how hackers gained access to user accounts. Some customers admitted to reusing passwords that could have been compromised in other attacks, but some used unique passwords. It’s possible that users had credential-stealing malware installed on their computers or that they responded to a phishing attack. Regardless, account details include their most sensitive personal information, and they should take every precaution to ensure that their data remains secure. At the same time, users should double-check the originality of every account password, as it’s an easy way to thwart many hacking attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even as the cost of a data breach continues to rise exponentially, quantifiable costs aren’t the only expense that companies should consider. Brand erosion is a real problem, as customers are increasingly willing to walk away from platforms and services that can’t protect their data. No matter how you look at it, having thousands of people complaining about your service online is a terrible day for business, and could have long-term costs for the service’s viability.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Cybersecurity Instances Expected to Rise this Holiday Season
It’s the unwanted gift that keeps on giving. A breach inflicts serious financial and reputational damage on any victim, and new data suggests that such attacks will be on the rise during the holiday season. Hackers have zeroed in on vulnerabilities in websites that collect and store customers’ PII or payment information, ready to be exploited by increased web traffic and distracted IT staff.
The study found that the average website relies on 31 third-party integrations, each providing a unique opportunity to find vulnerabilities that can compromise users’ information. Indeed, third-party partnerships can often be a weak point in companies’ IT development.
However, rather than waiting to be the next victim, SMBs should take the time now to evaluate their cybersecurity posture and ensure that they are ready to address and defend the most prescient threats for their business. For some, this holiday season will be spent wishing they were more prepared to protect their IT, while others will be thankful that they already did.
A Note From Kobargo
Cybercriminals Targeting Office 365 Admin Credentials with Phishing Attacks
Office 365 is often used as a starting point for many phishing scams because of its popularity in the business community. Now cybercriminals are upping their game, using information readily available on the internet to target business administrators with phishing scams in hopes of attaining the Office 365 login credentials.
In launching such targeted attacks, hackers hope to gain access to IT infrastructure using credentials that can provide full access. In addition, admin accounts can often be used to infiltrate other user accounts, or hackers can use admin accounts to create new accounts that can be further used to distribute phishing campaigns.
Ultimately, it underscores the importance of training all employees about the risk of phishing attacks and of keeping them abreast of the latest trends and tactics. Since hackers are nimble with their tactics, businesses need to be dynamic in their training, always ready to stymie their efforts.
Contact Kobargo Technology Partners to schedule a free consultation today!
Last week, ransomware erodes profitability, healthcare providers struggle to protect PII, and data breaches officially reach an all-time high.
United States – SmartASP.NET
Exploit: Ransomware attack
SmartASP.NET: Web hosting platform
Risk to Small Business: 2 = Severe: Hackers encrypted the web hosting platform’s data, crippling both its IT infrastructure and customer data. After the attack, the company’s phones and website were both inaccessible, and SmartASP.NET was forced to notify customers that their data was encrypted. In addition to encrypting customer-facing infrastructure, a common target for ransomware attacks, the attack locked up significant amounts of back end data and delayed recovery efforts considerably.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks inevitably have significant financial repercussions, and this is only compounded by the reputational damage that follows such a newsworthy incident. However, hackers need an avenue to deploy this malware, and companies can protect themselves by ensuring that their defensive posture is sufficient to repel today’s most prescient threats.
United States – Florida Blue
Exploit: Phishing attack
Florida Blue: Health insurance provider
Risk to Small Business: 2.2 = Severe: A phishing attack at one of Florida Blue’s third-party vendors successfully duped an employee into compromising patients’ personally identifiable information (PII). The event included less than 1% of Florida Blue’s members, but it shines a spotlight on the underlying cybersecurity vulnerabilities within third-party partnerships. Now, because of an event outside of their immediate control, Florida Blue will face intense regulatory scrutiny and suffer from less-quantifiable reputational damage in the wake of the breach.
Individual Risk: 2 = Severe: Patients’ PII was exposed in the breach, including names, dates of birth, and prescription information. Florida Blue is offering free credit monitoring and identity theft protection for anyone impacted by the breach. Although Florida Blue doesn’t believe that patient data has been misused, these services will provide long-term oversight to ensure that patients’ credentials remain secure.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In today’s digital environment, cybersecurity needs to be a central component of any third-party partnership. Unprotected companies place your data at risk, potentially undermining your best efforts to secure infrastructure. In contrast, strong cybersecurity standards can serve as a competitive advantage, allowing companies to market their strong defensive posture as a reason to subscribe to their services.
United States – Boardriders
Exploit: Ransomware
Boardriders: Action sports retailer
Risk to Small Business: 2.222 = Severe A ransomware attack crippled Boardriders’ operations, forcing several of their online stores to close and preventing employees from accessing any of the company’s IT. The event occurred during the last week of October, leaving the business with nearly two weeks of lost sales, productivity, and inventory. Until the ransomware was cleared from the network, employees were asked not to even turn on their computers. This productivity loss is one of the many hidden costs of ransomware attacks that are becoming increasingly prevalent as hackers look to extract large, single-payment sums from their victims.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The costs of a ransomware attack are enormous. Whether companies pay the ransom or restore a system from backups, the immediate expense can cripple a business, and the long-term repercussions are a serious deterrent to profitability. In this case, Boardriders offered consumers deep discounts to entice them to return to the store, and their inventory and productivity losses will further erode profitability.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Data Breaches Reach New Highs
2019 has been a notorious year for data breaches, a reality that is playing out in front-page headlines and major industry studies. According to Risk Based Security’s Q3 2019 Data Breach Report, it’s the worst ever recorded in history.
The year’s third quarter saw a year-over-year increase of 112% in the total records exposed. Unfortunately, this isn’t all attributable to the high-volume data breaches at major corporations. This year, SMBs, government agencies, and educational institutions are also seeing an uptick in cybersecurity incidents, together creating a 33.3% increase in the total number of breaches for the year.
Notably, many of these data breaches were avoidable. From misconfigured databases to phishing attacks, businesses have many options at their disposal for proactively protecting their most sensitive information. There is no indication that this recent data breach trend is likely to abate anytime soon, so businesses of every size have plenty of reasons to ensure that negligence isn’t the cause of yet another data catastrophe.
A Note From Kobargo.
New Threat Actor Impersonates Government Agencies
Cybersecurity researchers are warning consumers of a new threat actor impersonating government email accounts in the US and EU. To date, researchers have discovered hoax emails from the US Postal Service, the German Federal Ministry of Finance, and the Italian Revenue Agency. The emails are delivering malicious payloads containing ransomware to a variety of recipients.
While researchers found that cybercriminals are targeting a broad audience with their messages, they concluded that most are heavily skewed toward businesses, which offer higher payouts and more robust data sets when attacks are successful.
Fortunately, malicious emails rely on user response, so businesses can protect themselves by training their employees to spot fraudulent emails. This particular attack might be new, but the strategy is well-established, and today’s employees need to be aware of the threats that are potentially lurking in their inboxes.
Contact Kobargo Technology Partners to schedule a free consultation today!
Cybercriminals don’t take a holiday. In fact, the coming holidays are the busy season for hackers to wreak digital mischief. Black Friday and shopping online go hand in hand during today’s mostly online purchasing behaviors. Whether it’s Black Friday or Cyber Monday, many malicious threats can take advantage of your network’s security and therefore your personal data.
From a personal perspective, staying alert with your own personal data is always a good thing to keep in mind when doing your online shopping, however, as business owners we must also protect ourselves and our employees during the holidays. Before your employees start sorting through all of the online deals for tech-themed gear or the next popular item for the kids, you might want to improve your network and their cybersecurity awareness. Take a few precautionary measures in the next few weeks to keep your company’s network safe.
Keep Software Up to Date
The new year is right around the corner, and although you may be thinking “New Year, New Network Security” it’s never a good idea to put off ways to bolster your defenses. Before taking off for a holiday break, take the precautions you need and install any updates you might have been putting off. Don’t wait until the new year to keep a clean house. Organizations that don’t install the latest updates leave themselves vulnerable to cyber attacks.
Set Up Firewalls
Give a hacker a way in and they will take it, no questions asked. There are different ways for your business to stay safe and the most efficient is to set up a firewall. Firewalls work by protecting your internal networks from threats, which is why we recommend installing them not only on your servers, but on all office laptops, computers, and mobile devices too. This should keep your data safe and make a real difference in your security, but you will have to be proactive and keep them up to date – an alert that must be passed on to your employees.
Educate Your Employees on Cyber Safety
Although you may have the most sophisticated security that you can buy, top dollar security is no match for the bottom of the rung foolishness from employees. Be threat protective and educate your employees on the advantages of your security and how they can truly affect the system – positively and negatively. Having all of this technology at your disposal is no good if your team may put your business at risk by clicking infected pop-ups or falling for phishing scams. Teach your employees the safest ways to use the internet, and you’ll be at an advantage when the holiday shopping begins.
Strengthen Wireless Network Passwords
A few individuals on your team may not be as technologically savvy as you would like and may not know what an open network is. Around the holidays it’s even more important to secure your wireless network with extremely strong passwords that the average person has no hope of guessing. These should naturally protect your network with the strength of the passwords including both letters and numbers. However, some employees may find it harder to keep up with the difficulty of the password. Instead of jotting open passwords down on a sticky note in plain view, we would suggest you encourage your team to make a password a phrase. Something that is memorable but includes a length that may trip up potential threats. Also, train your employees to make frequent password changes to keep the team strong.
Despite our best efforts, cyber-attacks and data breaches do happen. Before heading out for the holidays, make sure that you and your employees are doing what they can to be alerted to suspicious sites during their online shopping that may put your business, and your data, at risk.
The bottom line: you should never take cybersecurity for granted, no matter the season. During the holidays, it pays to be even more vigilant and never let your guard down. Before you purchase too many items this season, contact Kobargo to schedule an assessment of your system’s security, and ask about any gadgets on your holiday gift list. In fact, it may be best to just casually remind everyone that online shopping isn’t meant for browsing at work, but as we know it’ll most likely happen anyway.
Kobargo Technology Partners delivers managed IT solutions and is a leader in authentication and security, to protect your data and brand from cybercriminals. Leverage our 50 years of experience to protect, manage, and support your network, data, and users. Visit us to learn more, about what we can do for you!
Last week, healthcare data targeted by cybercriminals, lax security compromises PII, and Google has access to personal health information of millions.
United States – InterMed
Exploit: Compromised email account
InterMed: Maine-based physician group
Risk to Small Business: 1.777 = Severe: Hackers gained access to four employee email accounts that contained patients’ protected health information. The first employee account was accessed on September 6th, and the subsequent accounts were available between September 7th and September 10th. Although InterMed did not report the specific vulnerability that led to the breach, credential stuffing and phishing attacks were likely the culprits. The company’s slow response time and the sensitive nature of the compromised data will result in regulatory scrutiny that will amplify the post-breach impact.
Individual Risk: 2.428 = Severe: Patients’ protected health data was compromised in the breach. This includes names, dates of birth, health insurance information, and clinical data. In addition, some Social Security numbers were exposed to hackers. This information has a ready market on the Dark Web, and those impacted by the breach should take every precaution to protect their identity.
Customers Impacted: 30,000
How it Could Affect Your Customers’ Business: Data breaches are becoming increasingly costly, so sufficiently addressing defensible threats should be a top priority for every organization. Employee email accounts are often a top target for hackers who use phishing campaigns and credential stuffing attacks to gain access to their account data. Comprehensive awareness training and Dark Web services that provide advanced notification when credentials are compromised can position companies to protect this easy access point from bad actors.
United States – Brooklyn Hospital Center
Exploit: Ransomware
Brooklyn Hospital Center: Full-service community teaching hospital
Risk to Small Business: 2.111 = Severe: A ransomware attack struck Brooklyn Hospital Center, making some patient data inaccessible while deleting other information entirely. The ransomware originated with unusual network activity in July, but it wasn’t until September that the hospital determined that certain data would never be recoverable. However, it’s unclear why it took another month to notify the public of the disabled or missing data. As healthcare providers both big and small face the threat of ransomware attack, this lengthy reporting delay can compound the problem as it ushers in the opportunity for more hostile consumer blowback.
Individual Risk: 2.285 = Severe: Brooklyn Hospital Center declined to identify the specific data compromised in the breach, but healthcare providers are often a target for cybercriminals because of the sensitive nature of this information. Therefore, anyone impacted by the breach should take the necessary steps to ensure their data security, including enrolling in identity monitoring services and closely evaluating their accounts for unusual or suspicious activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident is a reminder that ransomware attacks can have ominous outcomes for any organization. While some are cut and dry transactions, others can be more damaging, resulting in permanent data loss or information exposure. Once your company’s data is in the hands of bad actors, there is no script for determining what happens next. With that in mind, preventing ransomware attacks proactively with proper cybersecurity measures must be a top priority for businesses of every shape, size, and sector.
United States – Utah Valley Eye Clinic
Exploit: Unauthorized database access
Utah Valley Eye Clinic: Utah-based eye clinic
Risk to Small Business: 2.333 = Severe: A cybersecurity vulnerability at a third-party affiliate compromised personal data for thousands of the clinic’s customers. The incident resulted in patients receiving fraudulent emails indicating that they received a payment from PayPal. The breach was only recently discovered, originally occurring on June 18, 2018, so patient data has been exposed for a significant duration. As a result, the company will likely face legal penalties and lost revenue due to exposed protected health information (PHI).
Individual Risk: 2.142 = Severe: The clinic confirmed that patient email addresses were compromised in the breach, but it also conceded that other personally identifiable information, including names, addresses, dates of birth, and phone numbers, may have been exposed. The prolonged time to the detection means that this information has been available for misuse, and they should be especially vigilant to evaluate online communications and credentials for suspicious or unusual activity.
Customers Impacted: 20,000
How it Could Affect Your Customers’ Business: Third-party partnerships are becoming increasingly important in today’s business environment, yet also capable of inviting potential cybersecurity vulnerabilities. It’s estimated that more than 60% of data breaches involve third-party exposure. Consequently, cybersecurity should be a top priority when considering partnerships, information sharing, or other collaborative opportunities.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Google Has Access to Personal Health Information of Millions of US Patients
Recently Google partnered with Ascension – one of the largest health systems in America – but did so quietly. This partnership allows Google access to all of Ascension’s patients’ data. Ascension operates 150 hospitals in 21 states.
The effort was code-named “Project Nightingale,” and has allowed some Google employees access to data including names, birth dates, addresses, family members, allergies, immunizations, radiology scans, hospitalization records, lab tests, medications, medical conditions, and even some billing records.
The current agreement does not appear to be a violation of HIPAA (Health Insurance Portability and Accountability Act). Google has been looking to expand its health information efforts, including plans to acquire Fitbit. However, Google has responded to the news of the partnership to say the data will not be used other than to assist Ascension medical providers.
A Note From Kobargo.
Australian Cybersecurity Personnel Are On the Verge of Burnout
For companies around the world, the threat of a data breach is becoming ever-present. This reality is especially pronounced in Australia, where cybersecurity professionals are reporting fatigue and burnout as they battle the litany of threats facing their companies. According to the 2019 Asia Pacific CISO Benchmark Study, the burnout rate among Australian organizations is more than double the global average of 30%.
In total, 69% of Australian organizations are receiving more than 100,000 cybersecurity alerts every day, significantly higher than the global average. At the same time, the survey, which polled 2,000 information-security professionals, found that Australian organizations were slower to respond to data breaches than companies in other countries. Such behavior compounds costs, as 84% of Australian businesses that experienced a data breach admitted that the expenses exceeded $1 million, a significantly higher sum than other countries in the region.
SMBs are already struggling to hire sufficient cybersecurity personnel, so supporting IT professionals is a critical component of any company’s cybersecurity initiatives. Fortunately, they don’t have to do it alone. The supportive services of an MSP can augment capabilities, lightening the load on in-house cybersecurity professionals.
Contact Kobargo Technology Partners to schedule a free consultation today!