Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
One Brooklyn Health
One Brooklyn Health: Healthcare Provider
Risk to Business: Hospital operator One Brooklyn Health has confirmed that its hospitals were forced offline in November 2022 because of a security incident. The incident affected three OBH hospitals and affiliated care sites: Brookdale Hospital Medical Center, Interfaith Medical Center and Kingsbrook Jewish Medical Center. At those hospitals, workers were forced to resort to manual recordkeeping, creating treatment delays that were widely reported in the local press. Bad actors gained access to patient data in the incident including patient names, dates of birth, billing and claims data, treatment details, medical record numbers, prescriptions and health insurance information.
How it Could Affect Your Customers’ Business: Hospitals and medical facilities have been popular targets for bad actors and need extra security.
Zacks Investment Research
Zacks Investment Research: Financial Analysts
Risk to Small Business: Investment analysis company Zacks Investment Research has informed more than 280,000 customers that bad actors gained access to some of its client data. The company said that the intrusion occurred at the end of 2022. In the incident, the intruders had their hands on a database of customers who had signed up for the Zacks Elite product between November 1999 and February 2005. Exposed data may include a customer’s name, address, phone number, email address and password used for Zacks.com. Zacks was quick to assure customers that threat actors did not gain access to any customer credit card information, customer financial information or any other customer personal information.
How it Could Affect Your Customers’ Business: The financial services industry was among the three most cyberattacked industries in 2022.
Circleville Municipal Court
Circleville Municipal Court: Municipal Government
Risk to Small Business: The municipal court system in Circleville, Ohio is the latest municipal government entity to have ransomware trouble. Circleville Municipal Court was added to the dark web leak site of the LockBit ransomware group last week. The group claims to have snatched 500 GB of data including sensitive court records. Officials have confirmed that the court system has had its operations disrupted and said that they are working with experts to get up and running again. No information was available about any ransom demands.
How it Could Affect Your Customers’ Business: Ransomware has been a menace for government agencies and municipalities of all sizes.
GoTo: Software Company
Risk to Small Business: GoTo disclosed that it has experienced a data security incident that impacts customers’ backups. The company said that in November 2022, unidentified threat actors snatched some customers’ encrypted backups along with an encryption key for some of those backups. Users of GoTo’s Central, Pro, join.me, Hamachi and RemotelyAnywhere products may have been hit in this incident. The exposed data may include customers’ account usernames, salted and hashed passwords, a portion of multi-factor authentication (MFA) settings, and well as some product settings and licensing information. In addition, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted.
How it Could Affect Your Customers’ Business: An incident like this could cost a company a fortune and not just in incident response – reputation damage is a consequence of a successful cyberattack.
Exploit: Supply Chain Attack
Charter Communications: Telecommunications Company
Risk to Small Business: Telecom giant Charter Communications disclosed that 550,000 of its customers have had information exposed as the result of a data breach at one of its vendors after bad actors claimed on a dark web site to have obtained Charter’s customer data. A post on a dark web data broker’s site claimed that the broker had obtained a tranche of data that belonged to Charter Communications that included 550K user records listing information like customers’ account numbers and some identity information. Charter says that the incident is still under investigation. The company serves 32 million customers in 41 states.
How it Could Affect Your Customers’ Business: Cybersecurity flubs by service providers can cause a cascade of supply chain problems that impact other businesses too.