Hacks, Attacks and Breaches: 1/8/2020 – 1/14/2020
Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update. The Logically team provides top cyber security stories every week to keep you up-to-date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
United States - Alomere Health
Exploit: Phishing attack
Alomere Health: General medical and surgical hospital
Risk to Small Business: Two employees fell for a phishing scam that gave hackers access to patients’ protected health information. The first breach occurred between October 31, 2019 and November 1, 2019, while a second breach took place on November 6, 2019. In response, the company is updating its email security protocols, an effort that won’t restore the stolen data nor repair the company’s already-damaged reputation. In addition, Alomere Health could face regulatory penalties because of the nature and scope of the data breach.
How It Could Affect Your Business: Phishing scams are the leading cause of data breaches, but they are also entirely avoidable. With the cost associated with a compromise continually escalating, training employees to identify and avoid phishing scams is a relatively low-cost initiative that can transform employees into a robust defense rather than an imminent vulnerability.
United States - Contra Costa Library System
Contra Costa Library System: Library network
Risk to Small Business: A ransomware attack disabled the entire library network, impacting all 26 branches. While buildings remain open, patrons must bring their library cards to a location to manually check out books. The incident will bring significant recovery costs to the library network, which just updated its systems in 2018. For an organization with limited resources, this attack can reduce their ability to meet customer needs and invest in future opportunities.
How it Could Affect Your Business: Ransomware attacks come with high recovery and opportunity costs. Especially for SMBs that operate with more limited budgets, these increasingly common attacks can dampen their financial outlook and prevent them from embracing opportunities in the future. However, ransomware always requires a foothold, and every organization can take steps to ensure that they are not inviting these attacks to damage their business.
United States - The Heritage Company
The Heritage Company: Telemarketing and fundraising firm
Risk to Small Business: An October ransomware attack ultimately forced The Heritage Company to close its doors. Shortly before Christmas, the company informed the staff that their operation was no longer tenable, even noting that the CEO was paying salaries out-of-pocket to keep business going while systems were unavailable. Unfortunately, three months after the attack, The Heritage Company was no longer financially solvent and chose to temporarily shut down its operations. The company may try to reopen if systems can be restored, but it appears likely that the institution, which existed for 60 years, was put out of business by a ransomware attack.
How it Could Affect Your Business: This incident is an especially prescient warning for SMBs who often have less cash on hand and rely on critical IT systems to manage their operations. As security experts noted, the company’s ultimate failure wasn’t financial solvency but an inability to adopt cybersecurity standards that could have prevented a ransomware attack from crippling their operations. Even simple steps, like implementing two-factor authentication, can keep hackers out of your IT infrastructure, which prevents a potentially-devastating data disaster before it takes place.
United States - Children’s Choice Pediatrics
Children’s Choice Pediatrics: Pediatric healthcare provider
Risk to Small Business: A ransomware attack encrypted patient data and exposed patient records to hackers. The attack, which was discovered on October 27, 2019, encrypted the healthcare provider’s entire network. When records were restored, the provider discovered that some were irretrievably deleted. In response, Children’s Choice Pediatrics is upgrading its cybersecurity protocols to ensure that they don’t give a foothold to future ransomware attacks. However, the opportunity cost, reputational damage, and recovery expenses will continue to weigh down the practice now and for the foreseeable future.
How it Could Affect Your Business: Reactive cybersecurity measures can’t undo the damage of a data breach. With the holistic cost associated with exposure at an all-time high, companies have millions of reasons to embrace a robust defensive posture against cybercrime. Often, this means starting by securing accounts using best practices, like two-factor authentication, to keep intruders out.