Data Breach, Cyber Alert Monday: Last week, ransomware shuts down multiple U.S Healthcare Providers disrupting many services across the country..
LAST WEEK’S HACKS, ATTACKS, DATA BREACHES AND MORE…
NEO Urology: Healthcare provider for urology care services
Exploit: Ransomware
Risk to Small Business: 1.666= Severe: Hackers gained access to NEO Urology’s network, encrypting the company’s files and disrupting many of their services. Employees were notified of the ransomware by a fax listing “Pay4Day.io” as a contact address for additional information. While their network was inaccessible, the practice reported operational losses of $30,000 – $50,000 per day, a significant sum that ultimately led them to pay the $75,000 ransom using Bitcoin. In this case, it was more affordable to pay the ransom than to experience the revenue losses that accompany an inaccessible network. Unfortunately, their willingness to pay could make them a target for additional attacks.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Business: Every company needs a ransomware response plan that is both technological and philosophical. Many ransomware attacks originate through phishing scams or other malware, a maxim that underscores the importance of robust cyber-security initiatives. At the same time, developing adequate backup protocols can help companies avoid paying ransoms that neither guarantee a solution nor curtail bad actors from returning in the future.
Oregon Department of Human Service: State government agency supporting safety and health initiatives
Exploit: Phishing attack
Risk to Small Business: 1.444 = Extreme: When nine employees clicked on a phishing email, hackers gained access to their accounts, which collectively included more than two million emails containing personal information. The data breach occurred in January 2019, and it was first reported in March. However, the agency’s forensics investigation identified nearly twice as many impacted accounts as initially disclosed. Although phishing scams are entirely defensible, relying primarily on apathy and ignorance to trick unsuspecting recipients, the Oregon Department of Human Services is now responsible for providing 12 months of identity monitoring and recovery services as well as a $1 million insurance reimbursement policy to those who were impacted by the breach.
Individual Risk: 2 = Severe Risk: When hackers gained access to the employees’ email accounts, they received an incredible amount of personal information. This data could include names, addresses, birth dates, social security numbers, case numbers, personal health information, and other sensitive information. Oregon DHS is offering identity monitoring and recovery services to those impacted by the breach.
Customers Impacted: 645,000
How it Could Affect Your Business: Phishing attacks are on the rise, delivering malware that can cripple a company’s reputation and financial standing. Fortunately, they are also entirely defensible. With proper training, employees can be transformed into the strongest line of cyber-security defense, rather than an imminent liability. Given the high cost of a data breach, the relatively minor expense of a training program is an obvious solution for any organization.
ResiDex Software: Software provider for assisted-living, group facilities, and care-giving organizations
Exploit: Unauthorized network access
Risk to Small Business: 2.333 = Severe: When the software company was the victim of a ransomware attack on April 9th, it discovered unauthorized network access starting on April 2nd. ResiDex launched an IT forensics investigation, which determined that no company information was accessed in the attack. However, hackers could have gained access to the personal information of its clients. Not only will ResiDex have to bear the cost of updating its cyber-security standards, but the unquantifiable reputational damage will have continuing consequences as the company tries to attain new clients or maintain relationships with existing customers.
Individual Risk: 2 = Severe: Since ResiDex serves assisted-living, group facilities, and care-giving organizations, patients at these locations could have their information compromised in the breach. This could include names, social security numbers, and protected health information that was stored with the provider. The software company notified all impacted individuals, but this information can quickly spread on the Dark Web, and those impacted should attain proper identify and financial monitoring services to ensure that their information remains secure.
Customers Impacted: Unknown
How it Could Affect Your Business: When sensitive personal information is compromised in a data breach, companies have a responsibility to help their customers regain confidence in their data’s integrity. In addition to providing identity and financial monitoring services to those impacted, understanding if the exposed information is accessible on the Dark Web by hackers is a critical component of a strong breach response.
City of Riviera Beach: Ransomware
Exploit: Local government organization serving Riviera Beach, Florida
Risk to Small Business: 1.555 = Severe: When a single employee clicked on a malicious email link containing ransomware, the city’s entire computer network was encrypted by ransomware. The encryption prevented the city from using email, logging 911 calls, or even controlling their water utilities. After spending nearly $1 million on new IT infrastructure, the city ultimately decided to pay the ransom, which cost $600,000 in Bitcoin. The payment, which will come from the city’s insurance provider, became necessary when the city discovered that it didn’t have adequate backups to restore vital information to this equipment.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Business: No personal information was compromised in the breach.
In Other News:
Shred-it’s annual Data Protection Report, which evaluates the most prescient threats to data security, took aim at Canadian businesses and concluded that they have an overly optimistic outlook of today’s cyber-security landscape.
Consequently, many companies are not prepared to defend against a data breach, which could negatively impact revenue, employee, and customer retention.
The survey identified shifting consumer sentiments about data privacy and encouraged Canadian businesses to cater to the changing market dynamics by considering the reputational damage that accompanies a data breach along with other serious consequences.
Today, the stakes couldn’t be higher.
A single data breach can have devastating outcomes for companies of all sizes, and this year’s survey concluded that too many companies need to prioritize cyber-security as a critical component of overall business success. Partnering with us can patch holes in your cyber-security protocols while bolstering your defenses going forward!
A Note From Kobargo..
This type of cyber-security threat is ultimately the most defensible, since phishing attacks not only need to make it through email filters, but recipients have to directly act upon the message. Yet, they continue to inflict serious damage on small and medium businesses alike, becoming more common and complicated in today’s digital landscape.
According to a recent report, more than 3.4 billion phishing emails are sent each day, making it increasingly probable that an employee will accidentally engage with the message. This underscores the need for awareness and prevention training to disrupt these efforts. Given the high cost of recovering from a phishing attack, acquiring comprehensive training from trusted professionals (like us!) is a cost-effective way to equip your employees to defend against phishing attacks.
For More Info, Check Out Our Latest Video On Security Awareness Training, Available Today!
Contact Kobargo Technology Partners to schedule a free consultation today!
The best online JS tools can be found at HTML-CSS-JS.com: script beautifier, compressor, cheat sheet or just read the blog.