I.T., Blog, Social Media Deidre Frith I.T., Blog, Social Media Deidre Frith

IT Breaches for July 2020

This month, healthcare data breaches keep climbing, Twitter apologizes for its breach and more. Read some of the incidents in the articles below:

CYBERSECURITY NEWS

Social Media, Healthcare and Higher Education struggle in cybersecurity

This month, healthcare data breaches keep climbing, Twitter apologizes for its breach and more. Read some of the incidents in the articles below:


Twitter-615x445.jpg

Industry: Social Media

Exploit: Accidental Data Sharing

Twitter sent a notification to business clients last week acknowledging a data breach that exposed the personal and billing information of some users. The breach occurred due to an issue that led to some users’ sensitive information being stored in the browser’s cache. Twitter explained that it recently became aware of this issue. Business users were warned that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter your account’s billing information may be at risk.

Twitter did not release an estimate of the accounts affected, but it did specify that only business customers were at risk, and only a percentage of business customers had any details exposed. The leaked information potentially included email addresses, users’ contact numbers, and the last four digits of credit card numbers used for Ads accounts. Twitter business customers should monitor potentially affected payment accounts.


76ad-article-200624-amt-body-text.jpg
 

Industry: Healthcare

Exploit: Internal Email Account Compromise

AMT Healthcare revealed this week that it had experienced a data breach affecting a large pool of customers in December 2019 that was discovered through suspicious activity on an employee email account. The California-based company recently completed an investigation into the incident and contacted those who were affected. Potentially compromised data includes patient names, Social Security numbers, medical record numbers, diagnosis information, health insurance policy information, medical history information, and driver’s license/state identification numbers.

Anyone that may be at risk of compromise was informed this week. Extremely sensitive data was compromised in this breach, and those affected should beware of the potential for fraud, identity theft, and spear phishing attempts that this stolen data creates. A filing of the account posted to the breach portal at the U.S. Department of Health and Human Services noted that potentially affected patients are being offered free credit monitoring services. 

When clients choose to do sensitive business with a company, they’re also trusting that company to guard their information. This imperative is even stronger for companies that collect health information. Not only does a data breach cost healthcare organizations patient confidence, but it also costs a fortune in HIPPA-related fines. 


Screen Shot 2020-07-01 at 5.18.06 PM.png
 

Industry: Higher Education

Exploit: Ransomware

The University of California San Francisco (UCSF) confirmed this week that it paid cybercriminals $1.14 million to decrypt data following a ransomware attack. Although UCSF was able to detect the incident quickly, it was not fast enough to allow cybersecurity teams to quarantine the affected servers, and a significant portion of its medical school and research data was encrypted. The ransom was demanded to free essential COVID-19 research data that was captured in an intrusion on June 1. Reports indicate that UCSF was one of four academic institutions targeted in a single week by the Netwalker ransomware group.  

Ransomware is a growing menace to every organization, and it’s not just sensitive business or financial data that Dark Web criminals are after. Research data has become an increasingly hot commodity. Paying ransoms to cybercriminals to decrypt research data sets a dangerous precedent. Collecting large sums will embolden other groups that can take down big fish to score big paydays.  




Read More
I.T., Blog Deidre Frith I.T., Blog Deidre Frith

A True Tale of Two Ransomware Attacks

Read a true tale about two different schools and how they each recovered from a ransomware attack. As you read, you’ll learn how an effective backup plan and a well-thought-out business continuity strategy is a critical part of your cyber security efforts. The similarities between the schools is that both ransomware attacks were thought to be started by the click of a phishing emails. The difference is in their disaster recovery plans.

RANSOMWARE PREVENTION

A TALE OF TWO SCHOOLS

Imagine a world where ransomware didn’t exist. Now, snap back to reality and read a tale about two different schools and how they each recovered from a ransomware attack. As you read, you’ll learn how an effective backup plan and a well-thought-out business continuity strategy is a critical part of your cyber security efforts. The similarities between the schools is that both ransomware attacks were thought to be started by the click of a phishing email. The difference is in their disaster recovery plans. 

images.jpeg

The Allegheny Intermediate Unit School System, Pennsylvania, U.S.A.

School A, The Allegheny Intermediate Unit school system, DID NOT have to engage with the criminals and were able to use the services of a third-party to get their critical data recovered quickly. When you read the wording on various articles related to this incident, it appears that the school system quickly engaged with their cyber insurance carrier.  Their insurance carrier mobilized resources quickly to identify and remediate the attack and then restored from existing backs of critical data. THIS is how the process is supposed to work.

images-3.png

The University of Maastricht, The Netherlands

School B, The University of Maastricht, did not have an adequate plan in place and had to completely shut down information systems and pay the ransom in order to decrypt their computers and servers. The timeline on this attack is interesting; the original compromise occurred a little over two months before their networks were ransomed. Had they had an extra layer of defense like the RealTime Cyber Defense package, they could have potentially caught the attack during this phase. 

LESSONS LEARNED?

The lessons that a school [or any business] that has been through an event like this one will make them better at risk-based decisions going forward. Now they know that they are vulnerable to an attack like this and will take positive steps to introduce better prevention and detection processes. 

Todd Swartzman, RealTime CISO

Todd Swartzman, RealTime CISO

 TODD’S TAKE ON THE RECOVERY:

After paying the ransom, it was pretty fast to decrypt that many systems and perhaps most were using the same decryption keys – some victims aren’t that lucky and have to juggle hundreds or thousands of decryption keys that really slows down recovery. Part of the decision to pay was based on how much quicker it can be to decrypt machines rather than reloading from scratch. The statement by the university indicates that they may not have had backups of some of their critical data. 

 

summary:

  • Be sure to have a good backup in place;

  • Cyber insurance is a great idea;

  • Adding a cyber security plan could have helped detect the internal attack during the months they “inside” the system rather than waiting. 

 WANT TO TALK?

Want to talk to our Chief Information Security Officer about a better strategy for your business?

Read More