Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update. The Logically team provides top cyber security stories every week to keep you up-to-date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
United States – Sinai Health System
Exploit: Phishing scam
Sinai Health System: Chicago-based healthcare network
Risk to Small Business: Two employees fell for a phishing scam that gave hackers access to email accounts containing patients’ personal data. The attack, which occurred on October 16th, wasn’t discovered until December. In response, Sinai Health Network reset employees’ email passwords and provided employees with phishing scam awareness training to prevent a similar event in the future. Unfortunately, these actions cannot undo the damage of a data breach, and the healthcare network will now endure heavy regulatory scrutiny, as the Office for Civil Rights has launched an investigation into the incident.
How It Could Affect Your Business: It’s inevitable that phishing scams will make their way into your employees’ inboxes. Fortunately, these attacks are useless if employees identify the threat and don’t engage with the email. Employee awareness training can empower email recipients to become a strong defense against phishing scams but waiting until after a breach to provide this training is fruitless. As Sinai Health System just learned, if employees aren’t ready to respond before an incident occurs, the training efforts won’t save your company’s data or its dollars.
Exploit: Ransomware
Synoptek: Cloud hosting and IT management company
Risk to Small Business: A phishing scam-enabled ransomware attack brought an early, unwanted Christmas present to Synoptek’s employees and more than 1,100 enterprise customers around the world. The attack disrupted many services, and Synoptek paid a ransom demand to restore operations. Synoptek endured serious customer scrutiny as companies impacted by the network outages took to Twitter and Reddit to complain about the company. In addition, Synoptek is being ridiculed for a December 20th tweet encouraging companies to be vigilant about guarding against phishing scams, a message sent just days before a company employee fell for a phishing scam that instigated the ransomware attack.
How it Could Affect Your Business: Ransomware attacks are uniquely expensive, bringing hefty recovery and opportunity costs that are compounded by the less-quantifiable reputational damage that accompanies an attack. However, they aren’t as inevitable as many people think, as these malware attacks always require a foothold. In this case, a phishing scam allowed hackers to access to company’s system and infect its network. Since the consequences of a ransomware attack are enormous, every company has millions of reasons to put their best foot forward to defend against this increasingly common cyber-attack.
United States – Special Olympics NY
Exploit: Phishing scam
Special Olympics NY: Nonprofit organization
Risk to Small Business: Cybercriminals hacked the organization’s network and used this access to send phishing emails to its previous donors. Special Olympics NY contacted those impacted by the event, asking them to disregard the phishing communication and to offer confidence that their data was secure. Criminals created a sense of urgency by alerting donors that an automatic donation for $1,942,49 was scheduled to debit in two hours, and the emails invited users to confirm their donation by inputting their personal data on a malicious website.
How It Could Affect Your Business: While it’s unclear how cybercriminals accessed the organization’s communications platform, it’s possible that they walked right through the proverbial front door. With millions of user logins available on the Dark Web many hackers have critical login information available at their fingertips. Unfortunately, the consequences for businesses can be devastating. For Special Olympics NY, it’s possible that this event could discourage donors from contributing in the future, a damaging blow to one of their critical revenue streams.
United States – Active Network
Exploit: Unauthorized database access
Active Network: Educational software developer
Risk to Small Business: Hackers infiltrated Active Network’s IT infrastructure and gained access to customers’ personally identifiable information. Bad actors had access to the network between November 1, 2019 and November 13, 2019, but the company didn’t identify the breach until December. The breach is limited to the Active Network’s Blue Bear software platform used by public K-12 schools. This incident is an irrevocable stain on a company operating in an industry that demands data privacy as a prerequisite for doing business, meaning this breach could have significant negative consequences for their business in the future.
How It Could Affect Your Business: Brand reputation is a cherished and hard-earned standard that can quickly erode when a data breach strikes. With more consumers demanding a track record of high data security standards before doing business with a company, organizations have every incentive to build their reputation on the bedrock of strong data security procedures. Simply put, to remain competitive in today’s digital environment, businesses can’t just talk about data security, they have to protect customers’ information.