RESPONSE AND RESILIENCE

2020

Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: ransomware attacks continue to grow in number and severity, more lawsuits in the healthcare and retail sectors, a severe security breach (web skimming attack) of an online school accounting platform, a big breach in the technology sector, and the UK’s ICO fines Dixons Carphone the maximum possible amount. Don’t miss the items in ORANGE below.

THE RANSOMWARE CORNER
—CLASS ACTION ALERT—
DCH Health Faces Federal Lawsuit After 10-Day Ransomware Attack

Patients impacted by the 10-day EHR downtime at DCH Health in Alabama have filed a class-action lawsuit, claiming a ransomware attack on the three hospitals disrupted their medical care. Click to read entire article.

26 community libraries in Contra Costa County compromised by a ransomware attack

It may take several days to recover from a ransomware attack that has shuttered the online network linking all branches Contra Costa County Library branches and the Martinez administrative offices, the system said Friday evening. Click to read entire article.

Truckstop.com Says Ransomware Knocked Its Sites Offline

Truckstop.com said ransomware was behind a weeklong outage that affected sites including its load board, online carrier safety vetting and payment services. The outage hit at least seven sites owned by Truckstop.com. The affected services include the app-based load board, factoring, carrier onboarding, RFP tool, real-time freight monitoring, SaferWatch and ShipperMate. Click to read entire article.

Albany Airport pays hackers ransom, regains data from computers

Albany International Airport announced this week that its administrative computers had been locked down by a crypto virus on Christmas Day. Click to read entire article.

Sask. Cancer Agency disconnects from eHealth amid cyberattack

The Saskatchewan Cancer Agency has “disconnected” itself from the province’s electronic health care records system in the wake of a ransomware attack that has crippled administrative operations throughout the province. Click to read entire article.

RETAIL
Before Wawa found data breach, Visa warned it could happen

About a month before Wawa disclosed a data breach exposing customers’ credit and debit card numbers, the nation’s largest credit card network warned that hackers were targeting gas stations to steal payment card information. Click to read entire article.

—LAWSUIT ALERT—
Wawa faces wave of lawsuits in aftermath of massive data breach

Wawa has been hit with a wave of lawsuits claiming the company failed to protect consumers from a massive data breach that exposed their credit and debit card information. Click to read entire article.

Landry’s Warns Customers of Potential Data Breach

The Houston-based company owns and operates more than 60 restaurant chains nationwide, and wrote that the data breach likely affected cards swiped between March 13 and Oct. 17, 2019. Click to read entire article.

PUBLIC ENTITY
Aurora warns water customers about data breach involving payment system

The city of Aurora is warning water customers about a data breach involving one of their payment systems. They say customers who used the ‘Click2Gov’ system to submit one-time or to setup recurring payments between around August 30th–October 14th of 2019 may be affected. Click to read entire article.

County Veterans Service Office announces data breached

Klamath County is warning those with ties to the Veterans Service Office of a data breach of an employee’s email account in mid-September that an investigation found affected people’s personal information. Click to read entire article.

Las Vegas Reports Cyber Attack Breached City’s Computers

Las Vegas officials said that that a cyber attack breached the city’s computer systems, but it wasn’t immediately clear if any sensitive data was compromised. Click to read entire article.

K-12 SCHOOLS
School management software provider discloses severe security breach

Active Network, a company that provides web-based school accounting software for K-12 schools and districts, disclosed a severe security breach earlier this week. The US-based company said hackers gained access to Blue Bear, a software platform that facilitates administration and management of school accounting, student fees, and online stores on behalf of schools and other educational institutions. Click to read entire article.

CRYPTOCURRENCY
Poloniex Demands Action from Customers Following Security Breach

U.S. cryptocurrency exchange Poloniex has suffered a data leak and is enforcing a mandatory password change for all its users to prevent hackers from gaining access to their accounts. Click to read entire article.

HEALTHCARE
—LAWSUIT ALERT—
LifeLab hit with 2 lawsuits after data breach that affected 15 million consumers

In December, LifeLabs discovered that the information of 15 million consumers may have been exposed after an unauthorized third-party gained access to its computer system. The computer systems stored consumers’ names, addresses, emails, logins, passwords, dates of birth, healthcare numbers and lab test results. Click to read entire article.

—LAWSUIT ALERT—
Orthopedic clinic faces renewed lawsuit over 2016 cyberattack

The Supreme Court of Georgia revived a lawsuit accusing Athens (Ga.) Orthopedic Clinic of negligence for a 2016 patient data breach, according to court documents filed Dec. 23. Click to read entire article.

—LAWSUIT ALERT—
Kalispell Regional Healthcare Faces Second Lawsuit Over 2019 Data Breach

Kalispell Regional Healthcare is facing a second lawsuit over its handling of a data breach last year of up to 130,000 patients’ medical and financial information. Court documents allege the hospital was negligent in its cyber security practices and put patients at risk by not immediately alerting them about the breach. Click to read entire article.

Chicago Healthcare Provider Sinai Health System Hit With Data Breach

According to a statement, Sinai Health System (Sinai) became aware of a potential data security incident that may have resulted in the in advertent exposure of some patients’ personal and health information. On October 16, 2019, forensic information technology experts determined that patient information could be at risk after an unknown third party gained unauthorized access to two employee email accounts. Click to read entire article.

New Mexico Hospital Finds Malware Infection on Digital Imaging Server

The healthcare data of 500 Roosevelt General Hospital patients was exposed by a malware infection; phishing attacks, ransomware, and insider wrongdoing complete this week’s breach roundup. Click to read entire article.

Blue Button breach stems from coding issue, data of 10K affected

A data breach at the Centers for Medicare and Medicaid Services has affected the protected health information of about 10,000 Medicare beneficiaries and 30 applications. Early analysis suggests that the leak of information was a result of a series of missed opportunities by CMS and a third-party application partner. Click to read entire article.

Banner Health Settles Data Breach Lawsuit

Banner Health is a non-profit healthcare organization based in Phoenix, Arizona. It operates a total of 34 hospitals and specialized facilities across six states. Banner employs over 50,000 employees. Recently, Banner agreed to settle a data breach lawsuit for $6 million. Click to read entire article.

FINANCIAL SERVICES
—MORE RANSOMWARE—
Hackers Cripple Airport Currency Exchanges, Seeking $6 Million Ransom

The numbers that usually glow with exchange rates on Travelex boards in airports worldwide have gone dark, after the London-based currency exchange company was forced to go offline after it discovered a ransomware attack on Dec. 31. Click to read entire article.

—CREDIT UNIONS—
AG Nessel urges customers of Michigan State University Federal Credit Union to protect their accounts

MSUFCU says it notified affected customers via phone, email or text yesterday (Jan. 1, 2020) about the suspicious activity, which has been reported as unauthorized international transactions on their cards. Click to read entire article.

TECHNOLOGY
Data breach at Wyze Labs exposes information of 2.4 million customers of its home-security camera

Camera information, Wi-Fi network details and email addresses of customers were exposed from Dec. 4 to Dec. 27, the executives said. Click to read entire article.

UK/EUROPE
Dixons Carphone fined £500,000 for massive data breach

Dixons Carphone has been hit with the maximum possible fine after the tills in its shops were compromised by a cyber-attack that affected at least 14 million people. Click to read entire article.


Vol. 216 – January 22, 2020

Download 2019 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

RESPONSE AND RESILIENCE

Register Today!

© 2020 NetDiligence All Rights Reserved.