DATA BREACH, CYBER ALERT MONDAY:
Last week, data breaches threatened future government contracts, PII was exposed online, and cybersecurity incidents were projected to reach an all-time high.
United States - Carle Foundation Hospital
Exploit: Phishing attack
Carle Foundation Hospital: Regional, not-for-profit healthcare provider
Risk to Small Business: 2.111 = Severe: Three company employees fell victim to a phishing scam that gave hackers access to their email accounts containing patient data. Although the hospital immediately secured the accounts, the easily preventable incident will expose Carle Foundation Hospital to intense regulatory scrutiny and cascading costs related to the breach.
Individual Risk: 2.428 = Severe: The compromised email accounts belonged to three physicians, and they included data from patients that received cardiology or surgery services at Carle. The data includes patient names, medical record numbers, dates of birth, and clinical information. Fortunately, patients’ Social Security numbers and financial data were not included in the breach. However, personal data is a widely accepted currency on the Dark Web, since personally identifiable information(PII) can be used to facilitate additional cybercrimes. Therefore, those impacted by the breach need to closely monitor their accounts for usual activity while being mindful of other malicious uses of that information.
Customers Impacted: Unkown
How it Could Affect Your Business: Data breaches bring a host of complications to any company, including reputational damage and ancillary recovery costs. Altogether, it can cause significant financial distress to any organization. Neutralizing defensible threats, like phishing scams, is a simple and affordable solution that can play a prominent role in protecting your company's reputation and bottom line.
United States - Miracle Systems
Exploit: Malware attack
Miracle Systems: IT services provider for government contracts
Risk to Small Business: 1.555 = Severe: Using stolen credentials, hackers gained access to several databases that store company data related to the US military. The breach, which occurred on three separate occasions between November 2018 and July 2019, was enabled by a malware attack that was distributed via a malicious email attachment. Although the stolen data was years old, the company was closely scrutinized by the Secret Service, and company leaders estimate that they’ve lost as much as $1 million because of the breach. Of course, this doesn’t include the opportunity costs associated with a loss in trust and business with the government.
Individual Risk: 2.428 = Severe: Several email account credentials were stolen during the breach, and their accessibility was broadly advertised on the Dark Web. Although the company believes that this information is outdated, all employees should reset their password and follow best practices for creating unique credentials.
How it Could Affect Your Business: For many companies, protecting their data should be an extension of protecting their bottom line. The Miracle Systems breach is a reminder of the steep price that many companies pay in lost revenue and reputational damage that can have far-reaching consequences for their financial viability and future business model.
United States - Restaurant Depot
Exploit: Spear phishing attack
Restaurant Depot: Commercial food service wholesaler
Risk to Small Business: 1.666 = Severe: Restaurant Depot’s customers are receiving phishing emails requesting payment for invoices, purportedly from the company. In response, customers began lashing out on social media, and the company was forced to issue a statement on its website discrediting the email content. The emails are personalized so cybercriminals likely purchased company data from a Dark Web marketplace, which could suggest the possibility of an even more expansive data breach at Restaurant Depot.
Individual Risk: 2.142 = Severe: Any recipient who paid a fraudulent invoice has compromised their personally identifiable information and their payment data. However, even for those that delete the message, it’s likely that their information was obtained through a different data breach, and they should closely examine their credentials for other potential misuses. In some cases, credit or identity monitoring services might be required to ensure their data’s long-term integrity.
Customers Impacted: Unkown
How it Could Affect Your Business: Having your company co-opted as a tool for cybercriminals is bad for business, and companies that are victimized in this way face an expensive, up-hill battle to restore their customer’s confidence. Preemptively knowing if your employee or customer data is compromised can help prevent this scenario by giving your business an opportunity to respond before hackers wreak havoc on your system.
In Other News:
2019 on Pace to Set Data Breach Record
Anecdotally, many people realize that data breaches are increasingly prevalent and problematic.
Those presumptions are being confirmed by hard data as a new data breach report reveals that 2019 is poised to be the most destructive year yet when it comes to data integrity.
The 2019 Midyear Quickview Data Breach Report found that the number of data breaches that exposed records increased by 54% in the first half of the year. Concurrently, the number of records exposed in these breaches increased 52%.
The business sector is responsible for the vast majority of these compromised records, with nearly 85% originating with companies that collect and store user data.
This reality underscores the challenge of doing business in the digital age. On one hand, big data is the lifeblood of the internet economy, and companies can lose a significant competitive edge if they decline to collect customer information. However, when that data is compromised, it costs companies significant sums that can offset many of the advantages generated by this type of data collection.
A Note From Kobargo..
Data Breaches Threaten Companies' Financial Viability
Throughout 2019, new research is illuminating the extensive financial consequences of a data breach. Not only are direct costs increasing, but consumers are making sure that business feel financial pain for failing to protect their information.
According to a report by PCI Pal, consumers are prioritizing data security by spending money at companies with demonstrated track records of data security and integrity and declining to shop at companies that have comprised consumer data.
Specifically, 44% of UK customers, 83% of US consumers, 43% of Australian shoppers, and 58% Canadian users claimed that they will stop or reduce spending at companies that experience a data breach.
Moreover, such patterns can inflict future consequences, as consumers will search the competitive landscape for new products and services, making it increasingly difficult for compromised companies to win back old customers.
Since keeping your existing customer base is significantly more affordable than finding new clients, prioritizing data security should be at the top of every company’s to-do list. When internal resources can’t cover the entire responsibility, seek assistance from qualified collaborators (like us!) that can assess your cybersecurity posture while partnering with you to provide the resources necessary to keep customer data safe.