We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Microsoft attack blamed on China morphs into global crisis, healthcare data breach exposes 100,000 patients’ information, hackers post New Mexico hospital employees’ info online after ransomware attack, and more.
Microsoft
Microsoft Attack Blamed on China Morphs Into Global Crisis
A sophisticated attack on Microsoft Corp.’s widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before companies can secure their computer systems. The attack, which Microsoft has said started with a Chinese government-backed hacking group, has so far claimed at least 60,000 known victims globally, according to a former senior U.S. official with knowledge of the investigation. Many of them appear to be small or medium-sized businesses caught in a wide net the attackers cast as Microsoft worked to shut down the hack. Click to read entire article
Ransomware Corner
Payroll giant PrismHR outage likely caused by ransomware attack
Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. Click to read entire article
Hackers post New Mexico hospital employees’ info online after ransomware attack
Hackers recently stole and published online sensitive employee files from Gallup, N.M.-based Rehoboth McKinley Christian Health Care Services after inflicting ransomware on its computer network earlier this year, according to a March 3 NBC News report. Click to read entire article
Accellion Data Breach Resulted in Extortion Attempts Against Multiple Victims
FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group. Click to read entire article
Terminated: Texas Medicaid subcontractor dumped after data breach in ransomware attack from Russia
Most of the nearly 275,000 Americans potentially affected by the break were Texas Medicaid patients. Click to read entire article
100K Patients Impacted by Cochise Eye and Laser Ransomware Attack
Cochise Eye and Laser has continued under EHR downtime after a ransomware hit in mid-January; more ransomware incidents and an email hack complete this week’s breach roundup. Click to read entire article
Healthcare
Data breach at healthcare provider Elara Caring exposes 100,000 patients’ information
The company, which provides home-based health services, suffered an unauthorized computer intrusion in December 2020 after a series of phishing attacks targeted employees. The attack resulted in a potential 100,487 individuals having their data compromised, as reported to the US Department of Health and Human Services by parent company BW Homecare Holdings Click to read entire article
Saint Agnes data breach exposed personal info. Here’s what hackers may know about you
A data breach at Saint Agnes Medical Center and its sister hospital Saint Alphonsus Health System in Idaho may have exposed a trove of patient personal information. Saint Agnes was made aware of the breach on Feb. 5 after officials at Saint Alphonsus discovered an employee’s email had been compromised by an unauthorized user. The hacker used the employee’s email to send phishing emails on Jan. 4-6 in an attempt to try and get other login IDs and passwords. Click to read entire article
Public Entities
NYSAC: County employees fall prey to unemployment fraud
Identities are being stolen and funds are being misspent as COVID-19 unemployment insurance fraud grows almost every day. Counties across the state this week are raising concerns that county employees’ personal data has been used to file for, and collect, COVID-19-related unemployment insurance Click to read entire article
Washington State Lawmakers Grill Auditor Aides Over Disclosure of Massive Data Breach
The questions and criticism zeroed in on whether McCarthy’s office should have disclosed the breach of a third-party file-hosting vendor sooner, and whether the auditor should have amassed so much personal data — including Social Security and bank-account numbers — that may now be in the hands of cybercriminals. Click to read entire article
Skagit Public Utility District vendor suffers data breach
One of the Skagit Public Utility District’s payment vendors suffered a data breach, potentially exposing customers’ information to hackers. Automatic Funds Transfer Services, Inc. (AFTS) was victimized with a ransomware attack, meaning its data was accessed by malicious software and held for ransom by hacker Click to read entire article
Airlines
Airlines warn passengers of data breach after aviation tech supplier is hit by cyberattack
Sita, which provides IT of services to 90% of the world’s airlines, warns of “data security incident” after falling victim to a “highly sophisticated attack.” Click to read entire article
New York DFS Regulation
NY Regulator Fines Mortgage Lender $1.5M Over Data Breach
New York’s Department of Financial Services say that an independent East Coast mortgage lender has agreed to pay a $1.5 million to the agency as part of a cybersecurity settlement tied to a March 2019 data breach involving an email phishing attack. Click to read entire article
Canada
Personal data of 50,000 N.S. health-care workers may have been leaked through pension plan
The Nova Scotia Health Employees’ Pension Plan says it shut down the compromised email server immediately after learning of the breach, but personal information of all its members was already potentially accessible for two months. (CBC) Click to read entire article
Slater Vecchio LLP files Class Action against SFU due to recent Data Breach
Slater Vecchio LLP has filed a class action lawsuit against Simon Fraser University on behalf of all individuals whose personal information was accessed by unauthorized cybercriminals in a recent data breach. Included in this class group are the approximately 200,000 individuals who had their personal information exposed. This is the second data breach to affect SFU students, faculty, and alumni in the past 12 months. Click to read entire article
EU
Ursnif Trojan Targets Italian Bank Customer Data
Payment card information and other data belonging to the customers of at least 100 Italian banks and one payment processor were compromised using the Ursnif banking Trojan, according to Avast Threat Labs. Click to read entire article
Czech officials in Prague ‘hit by massive cyber attack’
Czech officials in Prague have been hit by a large-scale cyberattack, according to the city’s mayor. “There has been a massive cyber attack on public administration systems,” Zdeněk Hřib tweeted, adding that the servers had “survived” and there was little damage. An immediate outage was made on the email system to maintain security Click to read entire article
Asia
Singapore’s Singtel assess potential data breach by hackers
In a media statement on Thursday, Singtel said it was informed by third-party vendor Accellion that its file sharing system FTA (File Transfer Appliance) was “illegally attacked by unidentified hackers”. Click to read entire article
Maha Min Speaks in Assembly, Says Mumbai Blackout Was Cyber Attack
Maharashtra’s Energy Minister Nitin Raut in a statement on Wednesday, 3 March, reiterated that the Mumbai power outage on 12 October 2020, which disrupted local trains, hospitals, and the stock exchange was a cyber attack, as per the findings of a Maharashtra Cyber Cell report. Click to read entire article
