Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 05/10/23 – 05/17/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: Where’s the Money? Ransomware Edition.
In #HacksAttacks&Breaches this week – companies in the critical infrastructure sectors of Healthcare, Transportation, and Food got hit. Two huge healthcare breaches, employee data exposed at the U.S. Department of Transportation, and bad actors feast on Sysco’s data. Here are the highlights:
- PII, medications, and other health information of five million people were exposed by the Play ransomware group.
- Info for 250,000 current and former employees of the US DOT was leaked. Now DOT will suffer a budget hit to clean up the mess.
- Nearly a decade of data from famed automaker, Toyota, was recently discovered as “improperly configured” exposing info on over two million vehicles.
PharMerica: Pharmacy Services
Risk to Business: A ransomware attack on pharmacy services company PharMerica has resulted in the exposure of confidential medical data for over 5.8 million patients. The Play ransomware group perpetrated the attack, which took place on March 12th, 2023. The gang was able to snatch the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people. The ransomware gang claimed to have stolen 4.7 TB of data during their attack on PharMerica including at least 1.6 million unique records of personal information, and it has already published the stolen data.
How it Could Affect Your Customers’ Business: This incident is going to cost PharmMerica a fortune in both recovery costs and regulatory penalties.
Exploit: Credential Compromise
NextGen Healthcare: Software Company
Risk to Business: NextGen Healthcare, a maker of electronic health recordkeeping solutions, has disclosed that it has experienced a data breach. An estimated one million individuals have been impacted by this incident. NextGen said that it noticed suspicious activity in its network on March 30, and an internal investigation determined that bad actors had access to the company’s data from March 29 and April 14, 2023. Stolen patient data includes a patient’s name, address, birth date and Social Security number. In its data breach filing, NextGen Healthcare told the Maine Attorney General’s office that the attackers accessed its database using stolen client credentials.
How it Could Affect Your Customers’ Business: This type of data is extremely desirable on the dark web and valuable to bad actors, so it needs strong protection.
Sysco: Commercial Food Distributor
Risk to Business: Foodservice supply giant Sysco has announced that it has experienced a data breach that may have exposed customer and supplier data in the U.S. and Canada, as well as personal information belonging to U.S. employees. Sysco sent a letter to employees that revealed that the company detected an intrusion on March 5, however, the company believes bad actors had access to data as early as January 14, 2023. The company said that the hackers swiped company data, including internal operations files, customer data and personal data. Employees had their personal data compromised, with bad actors stealing their personal information provided to Sysco for payroll purposes, including name, social security number and bank account numbers.
How it Could Affect Your Customers’ Business: The longer hackers spend inside a business environment, the more damage they can do. Reducing or eliminating dwell time is important.
U.S. Department of Transportation (DOT)
U.S. Department of Transportation (DOT): Federal Government Agency
Risk to Business: The U.S. Department of Transportation (DOT) has experienced a data breach that has resulted in the exposure of personal data for an estimated 237,000 current and former federal employees. The agency said that the data breach impacts individuals that are enrolled in the US Department of Transportation’s (DOT) transit benefit program (TRANServe), a program that handles commuter transit benefits for federal agencies. Access to that program is currently offline. The breach impacted 114,000 current employees and 123,000 former employees. The employee information compromised as a result of the breach may include the name of TRANServe transit benefit recipients, their agency, work email address, work phone number, work address, home address, SmarTrip card number (used to ride the Washington, D.C. Metro) and/or TRANServe Card number.
How it Could Affect Your Customers’ Business: This could have been much worse for DOT, but they’re still going to suffer a budget hit to clean up the mess.
National Gallery of Canada
National Gallery of Canada: Museum
Risk to Business: The National Gallery of Canada has been forced to shut down its IT systems for the last two weeks in response to a ransomware attack. The gallery said that it discovered the attack on April 23. The museum reassured customers and members and that no customer data was stolen in the incident, admitting that some operational data had been lost. The National Gallery of Canada has remained open throughout the incident with limited technology and the attack is currently under investigation.
How it Could Affect Your Customers’ Business: No organization is safe from becoming a victim of ransomware gangs, not even a museum.
Switzerland – ABB
ABB: Technology Developer
Risk to Business: The Black Basta ransomware gang is behind a successful ransomware attack on Swiss technology giant ABB. The attack took place on May 7, with sources reporting that it hit the company’s Windows Active Directory, affecting hundreds of devices. ABB severed VPN connections with customers to prevent the spread of the attack. ABB has confirmed the attack but refused to offer details. No word on any ransom demand was available at press time.
How it Could Affect Your Customers’ Business: Technology companies are often service providers, making them attractive targets that can offer both profit and access to other businesses.
Australia – TechnologyOne
TechnologyOne: Software Company
Risk to Business: Tech company TechnologyOne is the latest Australian company to get hit by a ransomware attack. The software maker announced that it had been successfully attacked last Wednesday, with reports pointing to ransomware. The company said that bad actors gained access to its back-office systems. TechnologyOne was quick to reassure customers that “TechnologyOne’s customer-facing SaaS platform is not connected to the Microsoft 365 system, and therefore, has not been impacted.” The incident remains under investigation.
How it Could Affect Your Customers’ Business: A cyberattack like this can damage a company’s reputation leading to lost revenue.
Australia – Ambulance Victoria
Exploit: Human Error
Ambulance Victoria: Ambulance Service
Risk to Business: Ambulance Victoria is in hot water after the discovery that it had exposed the results of confidential drug and alcohol tests for more than 600 employees. Officials told members of the Victorian Ambulance Union in an email that confidential spreadsheets containing the test results of pre-employment drug and alcohol testing of graduate paramedics in 2017 and 2018 had been available on the staff intranet until the union alerted Ambulance Victoria to the problem last week. The exposed information included the full names of graduate paramedics, when they were tested, whether the result was positive or negative, and, if positive, the substance that had been detected. Ambulance Victoria blamed the data exposure on an “inadvertent process issue” and noted that it is under investigation. The Victorian Ambulance Union also said that is considering legal action.
How it Could Affect Your Customers’ Business: Employees who receive regular security awareness training are less likely to make mistakes like this.
Japan – Toyota
Risk to Business: A cloud misconfiguration is to blame for a data security incident at Japanese motor company Toyota that exposed information about two million vehicles. The automaker has apologized for the incident that affected users of the onboard T-Connect driver assistance and emergency contact system for Toyota and Lexus G-Link technology. The company said that the data collected by those systems was improperly stored, resulting in the data being publicly available from November 2013 until the snafu was discovered last month. The exposed information included in-vehicle terminal IDs, chassis numbers and vehicle locations.
How it Could Affect Your Customers’ Business: Employee mistakes like misconfiguration are a gateway to expensive, damaging disasters but they can be prevented.