Monthly Breach Report: September 2021 Edition
While attention has been turned this last month to crises such as the Delta variant and Afghanistan, cyber attacks continue their relentless hits on sensitive data. From healthcare to tech, politics to education, no industry was safe from hackers and threats.
Data Security Health Checkup
Protected health information (PHI) is required by multiple mandates—from HIPAA to HITECH—to be under virtual lock and key. And when it’s not, the data is ripe for theft.
Atlanta Allergy & Asthma recently notified patients of a data breach that occurred in January of this year. Potentially compromised information included names, birthdates, Social Security numbers, financial account and/or routing numbers, diagnoses, treatment information and costs, patient account numbers, and health insurance information. While AAA did not disclose the full nature of the attack, evidence has been revealed that it was a ransomware attack by Nefilim. Approximately 9,800 patients had their data exposed.
Another ransomware attack on the other side of the world has an eye clinic in Singapore seeing red. Eye & Retina Surgeons suffered a ransomware attack that affected both personal and clinical data of more than 73,000 patients. The clinic has not paid any ransom for the information, which includes names, addresses, identity card numbers, contact details, and clinical information. ERS has bene asked by Singapore’s Ministry of Health to thoroughly review its systems alongside the Cyber Security Agency to uncover the root cause of the attack and strengthen its defenses.
At Revere Health, phishing managed to catch medical information for 12,000 patients during the 45 minutes that the threat actor had access to the systems through an employee’s email. No PHI was shared online, causing this attack to be labeled a low-level risk. However, it is believed that this attack was intended as a gateway to launch a more sophisticated attack on more Revere employees. Revere is in the process of strengthening tech security protocols and providing anti-phishing training to all its employees.
Indiana residents recently learned their data was involved in a large-scale breach of the state’s COVID-19 online contact tracing. Software misconfiguration contributed to leaving information including name, address, email, gender, race, ethnicity, and date of birth open to the public. Immediate actions were taken to reconfigure the software and secure the previously accessible records. While the state believes impact will be minimal, they are offering impacted residents one year of free credit monitoring.
In a time when ER beds are at a premium, Memorial Health System in Ohio had to divert emergency care patients from three hospitals to other facilities due to a ransomware attack that disrupted patient care services. The health system immediately suspended user access to IT applications that were related to operations and had hospitals work off of paper charts until the systems and data could be restored. Experts believe that this ransomware attack originated with the Hive ransomware gang. Memorial Health System becomes one in a long string of troubling ransomware attacks in the US healthcare sector that more recently have also included Sanford Health (South Dakota), Eskenazi Health (Indiana), Scripps Health (Florida), and UF Health Central Florida.
Sources
Can You Hear Me Now?
Mobile devices are not only ubiquitous in our current world, but another industry for threat actors to attack. After already having been hacked in December 2020 and again in February 2021, T-Mobile became the victim of yet another cybersecurity blow in August. Alerted through Motherboard, who had direct contact with the threat actors involved, T-Mobile experienced a major data breach that exposed data for millions of customers through an unsecured access point in their servers. Cybersecurity experts agree that lax security on T-Mobile’s part may be to blame for this latest string of attacks.
Days after the T-Mobile breach was announced, the same threat actor, ShinyHunters, seemed to have accessed AT&T records and was posting names, Social Security numbers, email addresses, and birthdates for as many as 70 million users. While researchers have attested to the validity of the information, AT&T maintains that the data did not originate from their servers and denies the company was hacked. Even if the data did not come directly from AT&T’s servers, any legitimate personal information could still be viable for an identity thief’s abuse.
Mobile carriers weren’t the only ones impacted this month. SAC Wireless, a wholly-owned subsidiary of Nokia, helps customers design, build, and upgrade cellular networks. It too took a hit by Conti Ransomware. The company maintains that its security tools and infrastructure controlled the incident. However, affected files contain personal information such as name, date of birth, address, email, phone number, government ID numbers, Social Security, citizenship status, medical history, and more relating to both current and former SAC Wireless employees. The company is providing 24 months of Experian identity protection services in return, along with using cyber and forensic specialists to correct the issue.
Tech cyberthreats continued with Taiwanese hardware company, Gigabyte. Hackers gained access to more than 112 GB of data that could include confidential NDA information from Intel, AMD, and Megatrends. Gigabyte shut down systems in Taiwan, and the incident impacted several of the company’s websites, including its support site. The affected internal servers were taken down and isolated, ensuring the incident would not further impact production on Gigabyte’s high-performance motherboards. While unconfirmed by Gigabyte, experts believe the attack to be the work of RansomEXX.
Sources
Hack to School Season
Many students are heading back to school . . . and so are hackers. Bar Ilan University in Israel suffered a ransomware attack so drastic, it asked staff to shut down their computers and await further instruction. Systems were hit with a “wiper” attack, which takes over data and encrypts or erases it unless a ransom is paid. According to the university, the limited number of impacted computers on their research network were being handled by university cybersecurity experts alongside Israel’s National Cyber Directorate.
Across the ocean, the Research Foundation for the State University of New York (SUNY) announced that unauthorized network access impacted the data of more than 46,700 individuals ranging from employees to donors. Compromised data included Social Security numbers. SUNY has agreed to provide one year of credit monitoring and identity theft protection services to those impacted by the breach. The Research Foundation is also enhancing network security to deter future attacks.
School may not have been in session yet, but the University of Kentucky located a security breach in a test-taking platform during a scheduled security test this summer. The vulnerability uncovered during this testing further revealed that data had been exploited already, accessing the internal database in January and February to snag information such as names, emails, and passwords for students and teachers from across the country and around the world. All in all, the impacted individuals totaled over 355,000. The university has reportedly corrected the vulnerability and migrated data to a centralized server system where it will be better protected.
Sources
These are only a few of the many breach stories reported in August. Cyberattacks target organizations of all sizes, in all industries, and yours could be next. Be prepared with the help of PK Protect’s data security and privacy solutions. Request your custom demo now.