Back to top

Hacks, Attacks and Breaches: 11/27/2019 to 12/03/2019

Suzanne Gassman

Welcome to the latest installment of the Hacks, Attacks and Breaches cybersecurity news update. The Logically team provides top cyber security stories every week to keep you up-to-date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

Here are the top stories for the week:

United States - DeBella’s Subs 
Exploit: Malware attack
DeBella’s Subs: Rochester-based restaurant chain

Customers Impacted: 305,000
Credential stealing malware was discovered in the restaurant chain’s information systems almost a year after the initial incident. Customers’ personal and financial data may have been compromised in the breach. This includes names, payment card numbers, expiration dates, and CVV numbers. The breach is limited to customers in Connecticut, Indiana, Michigan, Ohio, New York, and Pennsylvania between March 22, 2018 and December 28, 2018. Although the damage resulting from the data exposure may already been inflicted, those impacted should still take necessary precautions such as contacting their financial institutions and reviewing card histories to check for unauthorized charges.

How Could It Affect Your Business: Reputation management and restoration is a critical component of an effective data breach response plan. Although it’s more difficult to quantify than direct financial losses, reputational damage can be extremely problematic for any company and even place their ability to recover in jeopardy. Instead, providing timely communications and a comprehensive overview of what happens to customer data after it’s stolen can help companies demonstrate that they are serious about data security, helping restore customer confidence along the way.

United States - Great Plains Health
Exploit: Ransomware
Great Plains Health: Local hospital

A ransomware attack disrupted many services at Great Plains Health, including email and other internal communication technologies. As a result, the healthcare provider has cancelled some procedures and appointments, while continuing to provide emergency services as needed. Whether Great Plains Health ultimately decides to pay the ransom or to attempt a recovery from backups, the result will undoubtedly be expensive. Especially when coupled with the opportunity cost and reputational damage that accompanies a data breach, the consequences of a ransomware attack can be financially devastating and long-lasting.

How Could It Affect Your Business: Healthcare providers are increasingly caught in the crosshairs of ransomware attacks, as cybercriminals capitalize on the critical nature of their services and the quality of information stored. The industry faces strong regulatory oversight that can have costly consequences for healthcare companies that succumb to a breach. Even more importantly, a disruption in care services or communication can have even more severe implications for patients and put their lives at risk. Therefore, a robust cyber defense should be considered a staple to any healthcare service provider in the digital age.

United States - Magellan Rx Management 
Exploit: Phishing scam
Magellan Rx Management: Full-service pharmacy benefit manage

An employee fell for a phishing scam that provided hackers with access to his account which included member information, including names, dates of birth, health plan member ID numbers, health plan names, providers, diagnoses, and other healthcare-related information.  The breach occurred back on May 28th, and it wasn’t identified until July 5th. Officials haven’t found any evidence that the data was misused, but the lengthy response time makes it more difficult for those impacted by the breach to secure their information before it’s used for nefarious purposes.

How Could It Affect Your Business: Despite advanced security practices and other defensive efforts, phishing scams will inevitably make their way into employees’ inboxes. Fortunately, such messages can be rendered harmless, unless they are acted upon by an employee. Every business can enhance its defensive posture by providing comprehensive awareness training to keep employees abreast of the latest threats and the best practices for protecting company data.