Data Breach, Cyber Alert Monday: Last week, medical information continued to be an easy target for hackers and phishing scams became increasingly difficult to defend.
LAST WEEK'S HACKS, ATTACKS, DATA BREACHES AND MORE...
Broome County: Local government in the Binghamton, New York metropolitan area
Exploit: Credential harvesting phishing email
Risk to Small Business: 2 = Severe: A phishing email compromised the email and PeopleSoft accounts of several county employees, ultimately exposing sensitive personal information and impacting the county’s payroll system. The county became aware of the breach on January 2nd, when hackers attempted to change an employee’s direct deposit information. In this case, a simple security vulnerability now requires the county to absorb the costs of post-breach management, a fee that is considerably higher than proactively training employees and implementing safeguards. Such a recommendation seems like a no-brainer, especially when analyzing the modest budgets of many local government systems.
Individual Risk: 2.571 = Moderate: The breach compromised data from 13 different agencies and third-party affiliates, including names, dates of birth, contact details, social security numbers, financial information, credit card information, medical record numbers, patient identification numbers, diagnosis and treatment, and health insurance credentials. Anyone affiliated with the impacted departments should immediately seek identity and credit monitoring services. Moreover, since the hackers attempted to alter an employee’s direct deposit information, those impacted should monitor their records for abnormalities.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing scams are quickly becoming normative for local governments and SMBs. In this case, a single phishing scam had cascading consequences for a local government, which is now tasked with repairing its technological infrastructure while undergoing the arduous process of restoring the constituents’ confidence in their data stewardship. Since phishing scams are entirely preventable, partnering with a third-party training solution is a veritable must-have in today’s digital environment.
Quest Diagnostics: Clinical laboratory company with operations in the United States, the United Kingdom, Mexico, and Brazil.
Risk to Small Business: 1.556 = Severe: A collection firm partnering with Quest Diagnostics encountered a data breach that directly impacted nearly 12 million of the lab’s patients. In response, Quest is partnering with a third-party cybersecurity organization to ensure proper breach notification standards are followed. Even though the event precipitated at a separate organization, Quest Diagnostics will bear the financial and reputational burden of a data breach that has compromised the most sensitive information in people’s lives: the type that is related to their health.
Individual Risk: 2.286 = Severe: The scope of this incident is astounding, and it includes patient information, financial data, social security numbers, along with other medical data. While test results were not included in the breach, this extensive trove of valuable information can quickly make its way to the Dark Web, and those impacted by the breach should attain the services necessary to know what happens to their information after it’s compromised
Customers Impacted: 11.9 million
How it Could Affect Your Business: Caring for customers in the wake of a data breach should be any company’s top priority. Although Quest Diagnostics is working diligently to notify those impacted by the breach, much more is required to adequately make reparations. Since sensitive personal information has a significant market on the Dark Web, providing services to help customers understand what happens to their data is an excellent place to start.
Lewes Board of Public Works: Public works department in Lewes, Delaware
Exploit: Software vulnerability
Risk to Small Business: 1.666 = Severe: The Department of Homeland Security notified the Lewes Board of Public Works that a software vulnerability allowed hackers to copy customer information from their network. The board responded by isolating their customer information system and developing improvements to prevent a similar attack in the future. It’s unclear why the board’s own cybersecurity apparatus didn’t identify the threat, requiring a federal agency to intervene and communicate knowledge of the breach. Now, the board is faced with repairing its reputation while ensuring that their customers can successfully protect their personal data and financial information.
Individual Risk: 2.429 = Severe: Hackers gained access to customers’ personal information including their names, email addresses, payment card information, bank account details, account numbers, and more. Those impacted by the breach are encouraged to monitor their credit card and banking statements for possible misuse and to reset their account passwords.
Customers Impacted: Unknown
How it Could Affect Your Business: Customers shouldn’t be expected to navigate a data breach on their own. Despite their public communication, the Lewes Board of Public Works hasn’t offered any services to support customers impacted by the breach. By providing adequate assistance or showing initiative through awareness and training, companies can ensure that their customers can recover from a breach. In a world that is becoming increasingly cyber-vigilant, this can have the dual benefit of restoring brand reputation and trust in the wake of a cybersecurity incident.
Opko Health: Medical testing company focused on diagnostics and pharmaceuticals
Exploit: Unauthorized network access
Risk to Small Business: 1.666 = Severe:: A data breach at the company’s former collections vendor has compromised personal information for hundreds of thousands of the company’s customers. The lab recently switched its collections services to another provider and requested that the compromised collections agency stop pursuing requests on its customers. Despite the fact that the breach originated with a third-party provider, Opko Health is now responsible for restoring order and supporting their customers in the aftermath of the breach
Individual Risk: 2.288 = Severe: This particular incident is incredible in its scope and duration. Unauthorized activity occurred between August 1, 2018 and March 30, 2019, and hackers gained access to customers’ names, credit card numbers, bank account information, email addresses, addresses, phone numbers, and account information.
Customers Impacted: 422,600
How it Could Affect Your Business: Even when data breaches don’t originate on-site, a holistic response plan is critical. Not only do companies need to reevaluate the cybersecurity priorities of their trusted partners, but they must train their employees to avoid such an incident from ever occurring. Working with a qualified MSP that leverages identity monitoring solutions can help mitigate the damage of a data breach.
In Other News:
Phishing Scams Are Getting More Sophisticated
Phishing scams, already a significant headache for companies of all sizes, are becoming more complicated. A recent study found that nearly half of all phishing attacks are polymorphic, meaning that they can implement slight but significant changes to multichannel formats and become more difficult to detect or prevent.
For instance, polymorphic phishing scams will use different email addresses, content, subject lines, sender names, or other features. Therefore, recipients are forced to fend off various versions of the same attack.
Phishing scams, which are frequently used to deliver malicious malware and ransomware, rely on users’ ambivalence to be successful, and they are defendable with proper training and preparation like Kobargo Technology Partners training. With polymorphic phishing scams on the rise, yesterday’s technical safeguards are being bypassed through sophistication, and the importance of cybersecurity awareness continues to grow in magnitude.
A note from Kobargo:
Unpatched Vulnerabilities Are a Top Threat
Today’s cybersecurity landscape is incredibly daunting, and IT administrators have a tough job on their hands. One of their most significant tasks, according to a recent study, is patching security vulnerabilities and getting their employees to update their software.
Different organizations take unique approaches to this problem, including scanning for vulnerabilities, running simulations, and collaborating with MSPs to identify and solve for possible pain points, but the challenge is ubiquitous throughout all sectors and among companies of all sizes.
Taken together, more than 1/4 of organizations endured a data breach because of an unpatched vulnerability, highlighting their need for technical support in this area.
To put it simply, it’s challenging enough to account for the multifaceted cybersecurity challenges facing organizations every day; don’t let solved problems be the reason for failure. Get the support you need from trusted MSPs to ensure that your defensive posture is as strong as possible.