We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Microsoft attack blamed on China morphs into global crisis, healthcare data breach exposes 100,000 patients’ information, hackers post New Mexico hospital employees’ info online after ransomware attack, and more.

Microsoft

Microsoft Attack Blamed on China Morphs Into Global Crisis

A sophisticated attack on Microsoft Corp.’s widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before companies can secure their computer systems. The attack, which Microsoft has said started with a Chinese government-backed hacking group, has so far claimed at least 60,000 known victims globally, according to a former senior U.S. official with knowledge of the investigation. Many of them appear to be small or medium-sized businesses caught in a wide net the attackers cast as Microsoft worked to shut down the hack. Click to read entire article

Ransomware Corner

Payroll giant PrismHR outage likely caused by ransomware attack

Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. Click to read entire article

Hackers post New Mexico hospital employees’ info online after ransomware attack

Hackers recently stole and published online sensitive employee files from Gallup, N.M.-based Rehoboth McKinley Christian Health Care Services after inflicting ransomware on its computer network earlier this year, according to a March 3 NBC News report. Click to read entire article

Accellion Data Breach Resulted in Extortion Attempts Against Multiple Victims

FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group. Click to read entire article

Terminated: Texas Medicaid subcontractor dumped after data breach in ransomware attack from Russia

Most of the nearly 275,000 Americans potentially affected by the break were Texas Medicaid patients. Click to read entire article

100K Patients Impacted by Cochise Eye and Laser Ransomware Attack

Cochise Eye and Laser has continued under EHR downtime after a ransomware hit in mid-January; more ransomware incidents and an email hack complete this week’s breach roundup. Click to read entire article

Healthcare

Data breach at healthcare provider Elara Caring exposes 100,000 patients’ information

The company, which provides home-based health services, suffered an unauthorized computer intrusion in December 2020 after a series of phishing attacks targeted employees. The attack resulted in a potential 100,487 individuals having their data compromised, as reported to the US Department of Health and Human Services by parent company BW Homecare Holdings Click to read entire article

Saint Agnes data breach exposed personal info. Here’s what hackers may know about you

A data breach at Saint Agnes Medical Center and its sister hospital Saint Alphonsus Health System in Idaho may have exposed a trove of patient personal information. Saint Agnes was made aware of the breach on Feb. 5 after officials at Saint Alphonsus discovered an employee’s email had been compromised by an unauthorized user. The hacker used the employee’s email to send phishing emails on Jan. 4-6 in an attempt to try and get other login IDs and passwords. Click to read entire article

Public Entities

NYSAC: County employees fall prey to unemployment fraud

Identities are being stolen and funds are being misspent as COVID-19 unemployment insurance fraud grows almost every day. Counties across the state this week are raising concerns that county employees’ personal data has been used to file for, and collect, COVID-19-related unemployment insurance Click to read entire article

Washington State Lawmakers Grill Auditor Aides Over Disclosure of Massive Data Breach

The questions and criticism zeroed in on whether McCarthy’s office should have disclosed the breach of a third-party file-hosting vendor sooner, and whether the auditor should have amassed so much personal data — including Social Security and bank-account numbers — that may now be in the hands of cybercriminals. Click to read entire article

Skagit Public Utility District vendor suffers data breach

One of the Skagit Public Utility District’s payment vendors suffered a data breach, potentially exposing customers’ information to hackers. Automatic Funds Transfer Services, Inc. (AFTS) was victimized with a ransomware attack, meaning its data was accessed by malicious software and held for ransom by hacker Click to read entire article

Airlines

Airlines warn passengers of data breach after aviation tech supplier is hit by cyberattack

Sita, which provides IT of services to 90% of the world’s airlines, warns of “data security incident” after falling victim to a “highly sophisticated attack.” Click to read entire article

New York DFS Regulation

NY Regulator Fines Mortgage Lender $1.5M Over Data Breach

New York’s Department of Financial Services say that an independent East Coast mortgage lender has agreed to pay a $1.5 million to the agency as part of a cybersecurity settlement tied to a March 2019 data breach involving an email phishing attack. Click to read entire article

Canada

Personal data of 50,000 N.S. health-care workers may have been leaked through pension plan

The Nova Scotia Health Employees’ Pension Plan says it shut down the compromised email server immediately after learning of the breach, but personal information of all its members was already potentially accessible for two months. (CBC) Click to read entire article

Slater Vecchio LLP files Class Action against SFU due to recent Data Breach

Slater Vecchio LLP has filed a class action lawsuit against Simon Fraser University on behalf of all individuals whose personal information was accessed by unauthorized cybercriminals in a recent data breach. Included in this class group are the approximately 200,000 individuals who had their personal information exposed. This is the second data breach to affect SFU students, faculty, and alumni in the past 12 months. Click to read entire article

EU

Ursnif Trojan Targets Italian Bank Customer Data

Payment card information and other data belonging to the customers of at least 100 Italian banks and one payment processor were compromised using the Ursnif banking Trojan, according to Avast Threat Labs. Click to read entire article

Czech officials in Prague ‘hit by massive cyber attack’

Czech officials in Prague have been hit by a large-scale cyberattack, according to the city’s mayor. “There has been a massive cyber attack on public administration systems,” Zdeněk Hřib tweeted, adding that the servers had “survived” and there was little damage. An immediate outage was made on the email system to maintain security Click to read entire article

Asia

Singapore’s Singtel assess potential data breach by hackers

In a media statement on Thursday, Singtel said it was informed by third-party vendor Accellion that its file sharing system FTA (File Transfer Appliance) was “illegally attacked by unidentified hackers”. Click to read entire article

Maha Min Speaks in Assembly, Says Mumbai Blackout Was Cyber Attack

Maharashtra’s Energy Minister Nitin Raut in a statement on Wednesday, 3 March, reiterated that the Mumbai power outage on 12 October 2020, which disrupted local trains, hospitals, and the stock exchange was a cyber attack, as per the findings of a Maharashtra Cyber Cell report. Click to read entire article