Back to top

Hacks, Attacks and Breaches: 4/22/2020 to 4/28/2020

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update. The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States – Beaumont Health 

Exploit: Phishing scam  
Beaumont Health: Healthcare provider  

Risk to Small Business: A phishing scam gave hackers access to IT infrastructure containing patients’ protected health information. The breach was identified on March 29, 2020, but data was exfiltrated between May 23, 2019, and June 2, 2019, leaving patient data exposed for nearly a year. This incident has come to light as healthcare providers face cybersecurity threats while battling the COVID-19 crisis, and Beaumont Health will undoubtedly face both regulatory troubles and financial woes on a long road to recovery.

How it Could Affect Your Business: Phishing scams are a significant risk to every company’s data. Especially during the COVID-19 pandemic, healthcare companies have seen a precipitous increase in these attacks, as hackers look to capitalize on the urgency and unease of the situation to trick employees into compromising critical data.  

United States – Small Business Administration  

Exploit: Unauthorized database access
Small Business Administration: Government agency overseeing small business affairs

Risk to Small Business: A cybersecurity vulnerability in the portal processing small business owners applying for an emergency loan under the Economic Injury Disaster Loan Program experienced a data breach. The breach, which was detected on March 25th, impacts a vital program for small businesses, and it could harm small business owners who are already grappling with an especially challenging time. Additionally, this oversight has caught the attention of news media, legislatures, and small business owners, weakening its credibility at a critical time. 

 

How it Could Affect Your Business:  Now, more than ever, the consequences of a data breach are traumatic for victims. Organizations collecting and storing personal data can support their users during the COVID-19 pandemic by taking extra care to ensure that personal data remains private. It’s a priority that always matters, but that is especially amplified during the pandemic.

 

Canada – MNP

Exploit: Ransomware
MNP: Accounting firm 

Risk to Small Business: MNP identified a ransomware attack that forced the company to shut down all systems, preventing employees from working for nearly a week. The company is deducting banked overtime for the affected employees, which could come with severe backlash. Similarly, many are being asked to bring their computers back to the company for a cybersecurity analysis, likely placing them in harm’s way as social distancing guidelines are intended to keep people apart to stop the spread of COVID-19. 

How it Could Affect Your Business: In many cases, ransomware attacks double as data breaches when cybercriminals steal company data before encrypting critical technology. In this case, the consequences of a ransomware attack are amplified, increasing both the cost and practical implications of these increasingly common attacks.