Back to top

Hacks, Attacks and Breaches: 1/22/2020 – 1/28/2020

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update. The Logically team provides top cyber security stories every week to keep you up-to-date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States - Hanna Andersson

Exploit: Malware attack
Hanna Andersson: Children’s clothing maker

Risk to Small Business: Cybercriminals infected Hanna Andersson’s online store with payment skimming malware that collects customers’ personally identifiable information. The breach impacted customers shopping between September 16 and November 11, 2019. The company only identified the breach after being notified by law enforcement, and the consequences were exacerbated because Hanna Andersson failed to follow PCI standards for payment card encryption and CVV management. As a result, the company will likely face both customer blowback and regulatory scrutiny, neither of which will help the business thrive.

How It Could Affect Your Business: Payment skimming malware is a significant, ongoing threat for online retailers. It undermines customer confidence in the buying process and invites costly repercussions from a data breach. However, malware always requires a foothold to gain access to these systems, and every business can fight back by ensuring that their defensive posture is prepared for this increasingly common attack methodology.

United States - Health Quest

Exploit: Phishing scam
Health Quest: Network of hospitals and healthcare providers

Risk to Small Business: Health Quest is updating its data breach announcement from an event that initially occurred in July 2018 when several employees fell for a phishing attack that compromised patients protected health information (PHI). In the attack, employees provided their email account credentials to hackers who used their information to access patient data. The hospital sent breach notifications in May 2019, but the latest announcement expands the depth and scope of the breach. However, it’s unclear why it took the company nearly a year to issue the initial notification and another year to update their assessment. Healthcare breaches are the most expensive of any sector, and Health Quest will likely endure high recovery costs along with intense regulatory scrutiny.

How it Could Affect Your Business: After the breach, Health Quest announced that it would implement two-factor authentication to secure employee accounts and is instituting employee awareness training to guard against future phishing attacks. Unfortunately, these efforts won’t recover any compromised data, and it won’t mitigate the damage from this breach. To protect data, these highly effective defense tactics need to be deployed before a breach occurs.

United States - The Center for Neurological and Neurodevelopment

Exploit: Phishing scam
The Center for Neurological and Neurodevelopment (CNNH): Healthcare provider

Risk to Small Business: Hackers gained access to an employee account containing patients’ protected health information. The unauthorized access lasted for more than a month, occurring between October 7, 2019 and November 22, 2019. In response, CNNH secured the account and hired a third-party forensics team to investigate the breach. However, the diagnosis is unlikely to be positive, and the company likely faces an expensive road ahead.

How it Could Affect Your Business: CNNH secured the account by resetting its credentials and is updating company-wide email standards by enabling two-factor authentication and updating employee training initiatives. These simple data security measures should be standard at every company, and they must be implemented before a breach occurs. With the cost and consequences of a breach continually increasing, companies can’t afford to wait until it’s too late to take steps to protect their data.