Back to top

Hacks, Attacks and Breaches: 4/29/2020 to 5/5/2020

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States – Ambry Genetics

Exploit: Phishing scam  
Ambry Genetics: Genetic testing laboratory 

Risk to Small Business: An employee failed to identify a phishing scam, interacting with the message and giving hackers access to patient data between January 22, 2020, and January 24, 2020. However, the incident wasn’t reported until March 22nd, as the company struggled to dedicate resources to cybersecurity while it transitioned to remote work. In total, the breach is the second largest healthcare breach of the year, and, although the company is updating its cybersecurity practices in response to the incident, they will need to navigate a challenging recovery process during a pandemic.

How it Could Affect Your Business: Healthcare services collect and store peoples’ most sensitive personal information, and they are a top target for cybercriminals during the COVID-19 pandemic. Rather than reacting to a cybersecurity incident, companies should take a proactive stance to protect PII. The incredible rise in phishing scams targeting healthcare facilities during this time should make employee awareness training a top priority.  

United States – CivicSmart

Exploit: Ransomware
CivicSmart: Smart parking meter technology producer

Risk to Small Business: A ransomware attack encrypted CivicSmart’s network and exfiltrated company and customer data. The attack, which took place in March, was identified when hackers threatened to publish 159 gigabytes of sensitive data online. To prevent publication, the company paid an undisclosed ransom, and the files were brought offline. However, CivicSmart can’t rest easy. Despite promises to delete the information, it’s unlikely that cybercriminals will destroy valuable resources, which means that the stolen data could come back to haunt the company or its customers.  

How it Could Affect Your Business:  Even before bad actors began exfiltrating data, ransomware attacks were uniquely costly and incredibly destructive. Today, companies can expect that a ransomware attack will double as a data breach, giving every organization millions of reasons to ensure that their networks are guarded against this especially problematic malware. 

United States – Saint Francis Ministries

Exploit: Phishing scam
Saint Francis Ministries: Non-profit organization

Risk to Small Business: An employee interacted with a phishing scam that provided hackers with access to company IT. The breach, which was first identified on December 19, 2019, gave hackers access to user data between December 13, 2019, and December 20, 2019. However, it would be another two months before the organization understood the full scope of the breach. What’s more, it took until March 24, 2020, to determine that the breach included peoples’ personal data, and Saint Francis Ministries is just now notifying the public of the incident.  

How it Could Affect Your Business: Whether hackers extract account credentials through phishing scams, purchase them on the Dark Web, or otherwise acquire this valuable data, organizations need to be prepared to protect accounts even when account information is compromised. Enabling easy-to-use tools like two-factor authentication is a natural first step.