Cyber Alert: Last week, employee phishing runs rampant, ransomware brings an airport offline, an NBA team’s online store leaks credit card information, and another Dark Web marketplace takes a dive.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
EmCare:  Dallas-based healthcare provider that offers physician services and other healthcare functions
Exploit: Employee Email Account Breach
Risk to Small Business: 1.666 = Severe: An unauthorized third party accessed employee emails, allowing them to view sensitive personal information and confidential patient data. Through this vulnerability, hackers were able to access as many as 60,000 individual records, including 31,000 patient records. The company was quick to indicate that they don’t believe any personal data has or will be misused, and it’s unclear why this information was accessed. Nevertheless, EmCare will now bear the costs of providing free credit monitoring services and managing public relations.
Individual Risk: 2.149 = Severe: Employees and patients who received care from the company could have had their name, birth date, age, social security number, and driver’s license number exposed. In some cases, protected health information was also made vulnerable.
Customers Impacted: 60,000
How it Could Affect Your Business: This episode is a reminder that even minor vulnerabilities can have extensive consequences. In this case, accessing just a few email accounts compromised thousands of patient records, creating serious problems for both the victims and the company. Since healthcare organizations are explicitly charged with protecting this information, they need to take every precaution to make sure that their systems are secure. By monitoring where and how hackers use patient and employee information on the Dark Web, providers can offer lasting protection.
 
Atlanta Hawks Shop: Online store for the Atlanta Hawks, a professional basketball team in the NBA
Exploit: Malware
Risk to Small Business: 1.888 = Severe: A malicious code bearing the signature of Magecart, a well-known collective of online credit card thieves, was planted on the online store for the Atlanta Hawks. The malware records keystrokes on the payment platform, allowing the thieves to acquire sensitive payment information from buyers. It’s believed that hackers accessed the store through unprotected third-party extensions affiliated with the shop’s cloud hosting service.
Individual Risk: 2.248 = Severe:  The Atlanta Hawks online store has more than seven million visitors each year, and this particular strain of malware was introduced on April 20th. Anyone who made purchases through the online store on or after that date should assume that their name, address, and credit card information was compromised. As a result, those impacted should immediately sign up for credit monitoring services while staying vigilant for other misuses of this sensitive data.
Customers Impacted: Unknown
How it Could Affect Your Business:  E-commerce has quickly become the shopping method of choice for many consumers, and securing this process is critical for any company looking to capitalize on this trend. To put it simply, if customers don’t trust that your checkout is secure, they are less likely to make a purchase on your platform. Businesses must vet their third-party payment processing providers and implement additional layers of security through MSPs who can navigate digital marketplaces to understand how compromised payment data is being used by hackers.
 
Doctors’ Management Service: Medical billing service provider
Exploit: Ransomware attack
Risk to Small Business: 1.444 = Extreme: Nearly 40 healthcare centers were significantly impacted by a ransomware attack that compromised patient data. Although the company deployed a network backup to avoid paying the ransom, the hackers had access to sensitive patient information including names, addresses, dates of birth, social security numbers, driver’s license numbers, and health insurance information.
Individual Risk: 2 = Severe: The company was unable to determine if personal health information was viewed or downloaded, and patients at any of the healthcare providers working with Doctors’ Management System could be impacted by the breach. Therefore, all patients within this network are encouraged to obtain credit and identity monitoring services.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a serious problem for healthcare companies and those tasked with managing patient data. Having the right backup infrastructure in place is important, and, in this case, allowed the company to avoid paying a ransom to reclaim its data. However, implementing the right security measures for proactive detection is even more critical for preventing attacks from occurring in the first place.
 
Cleveland Hopkins International Airport: A public airport located in Cleveland, Ohio
Exploit: Ransomware attack
Risk to Small Business: 2.111 = Severe: A ransomware attack on the airport disabled information screens that provide information about incoming arrivals, imminent departures, and baggage claim status. At the same time, other network components including email, electronic payroll, and record keeping services were also affected. These disruptions occurred for many days, and the FBI is investigating the source of the attack.
Individual Risk: 3 = Moderate: There is no indication that any personal information was compromised in this attack, but users with information stored on this network should be mindful of its vulnerabilities while monitoring for possible misuse of stored information.
Customers Impacted: Unknown
How it Could Affect Your Business: When data breaches occur at companies providing critical services like air travel, the prospect of a disruptive data breach can have far-reaching consequences. While this data breach didn’t compromise any critical infrastructure, travelers might be less likely to trust the company’s infrastructure to guard against more progressive or intrusive tasks. When public safety is concerned, preventing a breach becomes an even more critical concern.
 
BodyBuilding.com: Idaho-based online forum and retailer for supplements
Exploit: Employee phishing scam
Risk to Small Business: 1.888 = Severe: A single phishing email targeting staff members managed to compromise an entire network, allowing hackers to access the personal information of the platform’s users. Even more alarmingly, the company was unable to confirm if data was actually stolen, signaling a lack of privacy stewardship. Along with the threat of fines or lawsuits, the company stands to lose the trust of customers who catch wind of the breach.
Individual Risk: 2.428 = Moderate: While the platform contends that credit card and social security numbers were not compromised in the breach, they acknowledged that it’s possible that hackers accessed customers names, email addresses, billing/shipping addresses, phone numbers, order history, and company communications.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing scams are preventable, and the right training coupled with proactive security software can stop such an attack before it compromises the entire network. This incident serves as reminder that untrained and unfamiliar staff can be a point of vulnerability that hackers tap into, creating significant security risks for any company.
 
 
Partners for Quality: Pennsylvania-based agency providing educational services for children with intellectual and developmental disabilities
Exploit: Compromised email accounts
Risk to Small Business: 1.222 = Extreme: A malicious third party gained access to several employee email accounts, giving them broad access to their users’ sensitive personal information. This is the company’s second data breach this year, and, since the company handles uniquely sensitive information about their customers, the responsibility to secure this data is magnified.
Individual Risk: 2 = Severe: Hackers gain access to protected health information (PHI) including names, social security numbers, diagnosis/treatment, medical records, billing claims, health insurance credentials, passport information, and banking numbers. Those impacted by the breach should enroll in credit and identity monitoring services to ensure that their information is not used for malicious purposes.
Customers Impacted: 3,673
How it Could Affect Your Business: Every company managing PHI needs to be especially aware of their cybersecurity vulnerabilities, since a breach not only imperils their users but it also casts doubt on their competence. Since most email-based threats are preventable, companies handling PHI should take every action to educate their employees and to secure their networks.
 
A Note From Kobargo:
Cyber-attacks are soaring in 2019
It’s no surprise that cyber criminals are always looking for new vulnerabilities to take advantage of, and we are now becoming inundated, and even accepting, of breaches making daily news headlines. However, their swift increase in the first quarter of 2019 is shocking even by today’s standards.
According to recent report by Malwarebytes, cyber threats are up 235% year-over-year, primarily the result of a surge in ransomware and trojans.
However, bad actors aren’t just increasing the frequency of their attacks. They are changing their focus. The study found that cyber criminals are targeting SMBs because they have less money and resources to spend on cyber defense.
Most prominently, cyber criminals are relying on ransomware. Corporate ransomware attacks are up 195% from the last quarter, and they have grown at an astonishing 500% since April 2018.
It’s no secret that today’s threat landscape is always evolving, and protecting small businesses requires a continual reevaluation of your organization’s most prominent vulnerabilities. However, in order to fight fire with fire, companies must enlist the help of security solutions that are designed to keep a pulse on hacker activities and employee/customer information.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Cyber Alert: Last week, Chipotle accounts might be getting hacked and the Weather Channel is struck by ransomware.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
Chipotle: American chain of fast casual restaurants
Exploit: Credential stuffing
Risk to Small Business: 1.888 = Severe: Several individuals took to Twitter and Reddit to report that their Chipotle accounts were being used to place unauthorized orders at locations across the country. However, many of the customers maintain that their passwords were unique to Chipotle, which could rule out the possibility of a credential stuffing attack and shift the blame directly on Chipotle. In response, Chipotle officials stated that they don’t believe their network was breached or that personal data was revealed to outside entities. This is the company’s second data security incident in two years, and they have yet to roll out two-factor authentication for their customers.
Individual Risk: 2.571 = Moderate: In credential stuffing attacks, hackers leverage personal information retrieved from past data breaches to breach new accounts. Chipotle account holders should enlist in identity monitoring solutions and reset their passwords to protect their information going forward.
Customers Impacted: To be determined.
How it Could Affect Your Business: Being able to rule out a credential stuffing attack is crucial to identifying the source of a breach. Without the help of an MSP or an MSSP that offers Dark Web monitoring solutions, it becomes incredibly difficult to track how compromised data is being leveraged by hackers. When developing digital platforms, companies of all sizes need to plan to protect their customer data by taking every precaution to ensure that their information is never compromised.
 
Navicent Health: Second largest hospital in Georgia and part of the Central Georgia Health System.
Exploit: Employee e-mail breach
Risk to Small Business: 1.777 = Severe: In a recent data breach notice, Navicent Health disclosed that they learned about a breach originating with their employees’ corporate email accounts, which were accessed by an unauthorized third party. Although no evidence of identity theft was revealed, the company was forced to take responsibility, notify patients, and offer free identity protection services, while also pledging to improve their security infrastructure moving forward.
Individual Risk: 2.857 = Severe Navicent doesn’t believe any of the accessed data is being used to perpetuate identity theft or other cybercrimes, but the compromised emails did include sensitive patient data including their names, birthdays, addresses, medical information, and social security numbers.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies charged with handling personal health information (PHI) need a comprehensive understanding of their IT infrastructure, including potential vulnerabilities. Since HIPAA compliance and patient trust are both on the line, any company managing PHI should prioritize risk assessment and prevention. Employees should be the first line of defense, as they manage patient data on a daily basis, and they must be armed with proper cybersecurity awareness training to prevent future incidents.
 
Verint: Global cybersecurity firm offering analytics, surveillance, and business IT service
Exploit: Ransomware attack
Risk to Small Business: 2.111 = Severe: Verint is an international cybersecurity firm headquartered in the US, and the ransomware is currently contained within their Israel offices. The company reacted quickly, issuing an on-screen message that instructs employees to immediately shut down devices if they receive a ransomware message. However, the erosion of brand reputation has the potential to spread like wildfire, especially among cybersecurity experts and customers who catch wind of the incident.
Individual Risk: 2.857 = Severe: Ransomware attacks typically affect businesses because they prevent users from accessing files until a ransom is paid. However, when hackers gain access to a company’s network, there is always a risk of revealing personal information. At this time, there is no indication that Verint employee or customer information was compromised.
Customers Impacted: Unknown
How it Could Affect Your Business: This incident is a reminder of the difficulty of managing and maintaining an international IT infrastructure. Fortunately, Verint’s security software immediately detected the breach and made employees aware of best practices for combating a ransomware attack, but a lot more could have been done. Companies should invest in solutions that can proactively and continuously monitor hacker marketplaces for compromised employee or customer data. Especially in the case of companies conducting business in cybersecurity and IT infrastructure, the risk associated with damaged brand quality is too high.
 
The Weather Channel: Television network airing 24-hour coverage of weather
Exploit: Ransomware attack
Risk to Small Business: 2.333 = Severe: The Weather Channel’s daily morning show AMHQ was unable to air at its regular time because of a ransomware attack that temporarily incapacitated the network. The downtime lasted for more than 90 minutes, and viewers saw pre-recorded footage during this time.
Individual Risk: 3 = Moderate: It is not currently believed that any personal information was revealed in the ransomware attack.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a serious problem for companies of all sizes. Critical information and operations can be cut off until the ransom is paid. Businesses must establish security protocols and source advanced security solutions in order to appropriately respond in the event of a ransomware attack.
 
Augusta: The city capital of Maine, which provides services to 18,000 residents
Exploit: Computer virus
Risk to Small Business: 2.333 = Severe: A malicious software infiltrated and damaged the city’s computer network system and individual devices, shutting down all offices for an extended period of time. Not only did the virus prevent officials from using servers and computers, but it debilitated the machines used by emergency dispatchers, which required manual tracking of emergency vehicles and responses. The phone system and public safety radio system did remain operational during the ordeal, ensuring no disruption to public safety. Additionally, all services related to the computer network including billing, tax records, and general assistance were completely offline. City officials believe the incident was perpetrated by an inside threat who wanted to destroy, not capture, government data.
Individual Risk: 2.714 = Moderate: City officials don’t believe that any personal information was compromised in the attack, but they do admit that this information has become inaccessible. Individuals with data stored on the city network should be mindful of the vulnerability by taking precautions to ensure data parity.
Customers Impacted: Unknown
How it Could Affect Your Business: The notion that this incident could be perpetrated by an insider threat is a reminder than any single employee can do significant damage to a company’s IT infrastructure. Having contingency plans in place is a veritable must-have, but companies should also be prepared to provide support to any individuals impacted by the breach.
 
A Note From Kobargo:
How Will You Handle Ransomware?
Ransomware attacks are one of the scariest and most reported cyber-security threats, and a recent report found that most victims are now prepared to pay the ransom.
The Telstra’s 2019 Security Report surveyed 320 Australian businesses, more than half of which paid ransomware attackers to retrieve their data. Interestingly, 77% of those companies successfully recovered their information after paying the ransom.
In some ways, this is a good thing. Nobody wants to lose their data to hackers. However, it also incentivizes bad actors, making it possible for them to continue victimizing more people. Having a plan to combat and address ransomware is quickly becoming a critical component of any cyber-security strategy, and it’s one that demands more than just a cache of Bitcoin for a rainy day.  Kobargo Technology Partners will prepare you with the tools to fight back.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Data Breach, Cyber Alert

Last week, phishing scams targeted US government and healthcare employees, and 60,000 digital fingerprints found their way to the Dark Web.

LAST WEEK’S CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
BBH: Mental health service provider’s South Carolina network
Exploit: Ransomware attack
Risk to Small Business: 1.777 = Severe: After local police detected a ransomware infection, the city was forced to shut down most of its servers. While police and fire facilities remain unaffected, other services, including payments to city agencies, are significantly restricted. Consequently, city officials recommend making cash payments until the network can be restored. The city expects servers to be offline for several days as they work to determine the next steps towards rectifying the situation.
Individual Risk: 2.571= Severe: According to the city’s communications manager, Brock Letchworth, the city does not believe that the incident compromised personal information.
Customers Impacted: To be determined.
How it Could Affect Your Business:  This episode is a reminder of the fragility within local infrastructure. Although critical safety operations remain unaffected, city employees are unable to continue business as usual, and new solutions are not immediately apparent. Most importantly, it’s essential to know if data is stolen and to understand what thieves intend to do with that information.
Minnesota Department of Human Services: Minnesota state agency
Exploit: Phishing scam
Risk to Small Business: 2= Severe: In March 2018, a bad actor logged into a state agency email account and sent emails seeking personal information and invoice payments via wire transfer. The breach was detected when an agency employee received the email and flagged it as suspicious. The breach was just disclosed this week, and department officials believe that hackers gained access to the personal information of 11,000 users.
Individual Risk: 2.285 = Severe: Although the agency contends that personal information has not been misused, the perpetrator certainly had access to the data of thousands of people. Because the breach impacted the agency’s Direct Care and Treatment division, the data stolen includes treatment information and other sensitive health files.
Customers Impacted: 11,000
How it Could Affect Your Business: This most recent incident is the department’s third breach in just over a year, something that can have broad implications for data security and patient trust. The employee who received the malicious email responded appropriately, but these scams are preventable through security training and education.
A Note From Kobargo:
Coming soon – Cybersecurity for 5G
As you might imagine, many industries are gearing up to harness the widely anticipated development of 5G. Although there is much to gain, including better speeds and more consistency, we must also prepare for 5G to usher in its own showcase of security threats.
One of the immediate concerns that rises to the top is how 5G will transform data collection and protection. With fast-moving and highly customized web traffic, new technologies such as IoT devices will be enabled, creating an unmet need in security statistics and metrics.
High-level cyber-security strategies must adapt to meet these needs, but one maxim still holds true. Hackers will continue to expose the gaps within the infrastructures of small businesses or enterprises, but Kobargo Technology Partners will prepare you with the tools to fight back.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!

Cyber Alert: Last week, ransomware shuts down a US medical practice, freshmen hack their school’s Wi-Fi to avoid tests and UConn is hit with a $5M data breach lawsuit.

LAST WEEKS CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
BBH: Mental health service provider based in Missouri
Exploit: Unsecured business associate portal
Risk to Small Business: 2.333= Severe: BBH has sent letters to patients notifying them of a breach that occurred in August of last year. Potential attackers would be able to infiltrate a business associate’s portal to access electronic protected health information (ePHI) and compromise sensitive records. The mental health service provider noted that there was no evidence of unauthorized access, but will be providing free identity monitoring, protection, and reporting from agencies including Equifax, Experian, and TransUnion. Along with the direct costs associated with offering such services to patients, the organization will have to pour funds into reputation management.
Individual Risk: 2.571= Severe: The exposed records included names, addresses, contact information, DOBs, medical history information, driver’s license numbers and SSNs. Given the amount of time that has lapsed, patients are at high risk and should immediately begin monitoring their identity and credit reports.
Customers Impacted: 67,493 patients
How it Could Affect Your Business: As breaches continue to become more commonplace, companies are being held accountable for providing free identity protection for their customers and employees. Such damage can be disabling for small businesses, especially when combined with the costs that come with managing public relation.
Brookside: Medical practice in Battle Creek, Michigan
Exploit: Ransomware attack
Risk to Small Business: 2= Severe: The doctor’s office of Dr. William Scalf and Dr. John Bizon will be forced to close on April 30th after falling victim to a ransomware attack and refusing to pay $6,500 to regain access. Although hackers were unable to compromise their data, all information regarding appointments, patients, and payments was completely erased.
Individual Risk: 2.428= Severe: Sensitive information of individuals was not accessed, only deleted. However, none of the unrecoverable data was salvaged and the office closure will force patients to seek treatment elsewhere, even those with imminent health concerns.
Customers Impacted: Undetermined
How it Could Affect Your Business: This security incident is a perfect example of how devastating a ransomware attack can be for small businesses and their customers. Hackers are capable of wiping out infrastructure and important records, causing business owners to rebuild from the ground-up. As such, company managers must begin assessing cybersecurity threats and working with MSPs to protect themselves from compromises going forward.
Secaucus High School: New Jersey school district
Exploit: Malware
Risk to Small Business: 2.333 =Severe: Two high school freshmen were arrested for disabling their school’s Wi-Fi system to avoid taking tests. The students used a private company to execute the hack, resulting in them being charged with computer criminal activity and conspiracy to commit computer criminal activity. Although the systems are back up and running, it remains to be seen how the students will be disciplined by the school district.
Individual Risk:  2.482= Severe: None.
Customers Impacted: 2
How it Could Affect Your Business: Hacks are being commoditized, with packaged products capable of bringing down systems and stealing information becoming readily available on the Dark Web. Smaller organizations must learn to recognize such trends and protect their members, customers, and staff by investing in security providers that host solutions enabling them to understand the inner workings of online, underground marketplaces.
A Note From Kobargo:
UConn’s $5M data breach lawsuit
The University of Connecticut Health Center has been served a class action lawsuit over a data breach that resulted in the exposure of 326,000 current and former patients. Yoselin Martinez and others are seeking $5M in damages, alleging that the university not only took months to report the breach, but could have done more to prevent it. Martinez claims that her bank account has been defrauded and overdrawn due to the information that was compromised during the breach.
The attack was discovered in December of last year, when an unauthorized party was able to access an employee’s email account and compromise names, DOBs, addresses, medical information, and SSNs. With the public eye scrutinizing organizational efforts to protect their customers and employees, small businesses must catch on early and begin working with MSPs to bolster new cybersecurity initiatives.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!
 

LAST WEEK, US HEALTHCARE PROVIDER GETS BREACHED 3 TIMES AND THIRD-PARTY RANSOMWARE PARKS CANADIAN AGENCY FOR DAYS.

LAST WEEKS CYBER ALERT, HACKS, ATTACKS, BREACHES AND MORE…
 
Verity Medical Foundation: Healthcare provider based in San Jose, CA.
Exploit: Employee phishing scam.
Risk to Small Business: 2.333 = Severe: VMF recently notified its patients of another security breach it suffered on January 16th of this year, immediately following two similar phishing incidents. A hacker was able to compromise an employee’s Office 365 account for several hours and send phishing emails internally and externally to gather usernames and passwords. Although the organization maintains that there is no evidence of patient information being accessed, they will now face scrutiny by the media and patients, along with being forced to deploy mandatory training for employees.

Individual Risk: 2.571 = Severe: Aside from account usernames and passwords, protected health information including DOBs, patient identification numbers, phone numbers, addresses, health plans, treatments received, SSNs, and even insurance details may have been exposed. While the company believes that it was unlikely that the attacker was after the data, affected patients should enlist in identity monitoring and additional security measures.

Customers Impacted: 14,894 patients
How it Could Affect Your Business: The compounding effects of back-to-back breaches can amount to serious losses for organizations. Even worse, employee phishing attacks are entirely preventable through the implementation of security training and education. If breach occurs, businesses are forced to enroll their employees in such programs anyway, and likely at a higher cost. By then, however, the damage will have already been done.

 Earl Enterprises: Hospitality industry giant that owns Buca Di Beppo, Planet Hollywood, Earl of Sandwich, and other restaurant brands

Exploit: Malware installation on point-of-sale (POS) systems

Risk to Small Business: 2 = Severe: In a press release published last Friday, the company announced that hackers had planted malware on POS systems, affecting over 100 restaurants between May 23, 2018, and March 18, 2019. After noticing a mysteriously large card dump in February, cybersecurity researchers realized that this incident is related to a database that is already available for sale on the Dark Web. In addition to dealing with customer churn and brand degradation, the company will now have to do its best to protect the users whose card information is up for grabs on the Dark Web.

Individual Risk: 2.428 = Severe: Credit and debit card numbers, expiration dates, and cardholder names were exposed in the incident and will eventually be sold to the highest bidder on the Dark Web. Anyone who dined at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology, or Tequila Taqueria should consider cancelling their cards, monitoring their financial reports, and changing their passwords.