"Your Information Technology Leader"

Client Portal Payment Portal

Blog

InTegriLogic Blog

InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Week in Breach News: 01/03/24 – 01/09/24

Breach-6

This week: Three big healthcare-related data breaches, and nation-state threat actors make off with $86 million from a DeFi platform.

 

HealthEC LLC

https://www.bleepingcomputer.com/news/security/data-breach-at-healthcare-tech-firm-impacts-45-million-patients/

Exploit: Hacking

HealthEC LLC: Technology Services Platform

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.617 = Severe

HealthEC LLC, the New Jersey-based provider of a population health management (PHM) platform used by healthcare providers, has announced that it has experienced a data breach that may have exposed the personally identifiable information of an estimated 4.5 million people. According to a notice provided to the Maine Attorney General, a few of the major organizations that utilize the platform include Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the University Medical Center of Princeton Physicians’ Organization and the Alliance for Integrated Care of New York. The incident occurred between July 14 and 23, 2023, but the company did not complete its investigation until December 2023. Exposed information includes a patient’s name, address, date of birth, Social Security number, taxpayer identification number, medical record number, medical information (diagnosis, diagnosis code, mental/physical condition, prescription information and provider’s name and location), health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification) as well as billing and claims information (patient account number, patient identification number and treatment cost information). 

How It Could Affect Your Business: In today’s interconnected business world companies can unwittingly provide a back door into a sister company or client’s data.


 

https://www.bleepingcomputer.com/news/security/online-museum-collections-down-after-cyberattack-on-service-provider/

Exploit: Hacking

Gallery Systems: Software Provider

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.691 = Severe

Gallery Systems has disclosed that it has experienced a cyberattack that has caused ongoing issues. The company provides the software that many major museums use to catalog their collections including the New York Museum of Modern Art (MoMA), the Metropolitan Museum of Art (Met), the Chrysler Museum of Art, the Museum of Pop Culture (MoPOP) in Seattle, the Barnes Foundation, the Crystal Bridges Museum of American Art and the San Francisco Museum of Modern Art (SFMOMA). The December 28 attack encrypted some of Gallery Systems’ devices, forcing the organization to take most of its systems offline including the online public viewing platform called eMuseum.  

How It Could Affect Your Business: Attacking a service provider can be a great play for bad actors looking for a quick payday or a backdoor into another organization’s network.


 

Fallon Ambulance Services 

https://www.hackread.com/defunct-ambulance-service-data-breach/

Exploit: Ransomware

Fallon Ambulance Services: Ambulance Service

cybersecurity news represented by a gauge indicating moderate risk

 

Risk to Business: 2.703 = Moderate

The now-defunct medical transport company Fallon Ambulance Service has disclosed that it has experienced a data breach. The company ceased operations in December 2023. Fallon said that it experienced a cyberattack in mid-February 2023 that was discovered in April 2023. The company noted in a filing that it expects this breach to impact around 911,757 individuals nationwide. The Boston-area company was a subsidiary of Transformative Healthcare. The exposed data included names, driver’s license numbers and non-driver identification card numbers.

How It Could Affect Your Business: Even companies that have shuttered can be valuable repositories of data for bad actors.


 

Housing Authority of the County of San Bernardino, California (HACSB)

https://therecord.media/san-bernardino-housing-authority-cyberattack

Exploit: Hacking

Housing Authority of the County of San Bernardino, California (HACSB): Regional Government Agency

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.840 = Severe

The Housing Authority of the County of San Bernardino in California has announced that it has experienced a data breach that impacted an estimated 19,000 people. Officials say that their investigation revealed that hackers gained access to an employee email account in June 2023, leading to the exposure of residents’ personal data including names and Social Security numbers. HACSB has operated for more than 80 years and now serves about 26,000 people.  

How It Could Affect Your Business: Government agencies are prime hacker attack targets because of the wide variety of data they hold.


 

Orrick, Herrington & Sutcliffe

https://thecyberexpress.com/orrick-data-breach/

Exploit: Hacking 

Orrick, Herrington & Sutcliffe: Law Firm

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.723 = Severe

San Francisco-based international law firm Orrick, Herrington & Sutcliffe is informing people that it has experienced a data breach as the result of a February 2023 hacking incident. Clients affected included individuals with vision plans from EyeMed Vision Care, dental plans from Delta Dental, health insurer MultiPlan, behavioral health giant Carelon and the U.S. Small Business Administration (SBA). The firm said that the intrusion, discovered in March 2023, led to the exposure of sensitive health information for more than 637,000 people. The stolen data includes a variety of PII including names, dates of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license and tax identification numbers. Health information and financial data were also compromised, including medical treatment details, insurance claims information, healthcare insurance numbers, provider details, online account credentials, and credit/debit card numbers. Orrick says that it notified victims by mail starting in October 2023. The firm is offering victims two years of identity theft protection services through Kroll.  

How it Could Affect Your Business: The business effects of a cyberattack like this can have a wide ripple effect leading to customer irritation and loss of revenue.


 

France – Pays Fouesnantais, France

https://therecord.media/france-cyberattack-local-government-pays-fouesnantais

Exploit: Ransomware

Pays Fouesnantais, France: Municipal Government

1.51 – 2.49 = Severe Risk

 

Risk to Business: 1.736 = Severe

The French town of Pays Fouesnantais is experiencing a major outage of local services after it was hit by a cyberattack. Town officials informed residents that the entire municipal IT system was down, with only nationally run services like is the passport and national identity card service functioning. Community buildings like the community center and the leisure center are still open to the public but only function in a limited capacity.  

How it Could Affect Your Business: Bad actors have been stepping up activity toward governments and government agencies of every size on the hunt for a quick payout.


 

South Korea – Orbit Chain

https://www.bleepingcomputer.com/news/security/orbit-chain-loses-86-million-in-the-last-fintech-hack-of-2023/#google_vignette

Exploit: Hacking

Orbit Chain: Blockchain Platform

cybersecurity news gauge indicating extreme risk

 

Risk to Business: 1.301 = Extreme

Korean DeFi company Orbit Chain has experienced a hacking incident that led to the loss of an estimated $86 million for users. The company sent out an urgent alert on X (formerly Twitter) warning users of the incident. Orbit Chain is a blockchain platform designed to function as a multi-asset hub, supporting interoperability between various blockchains, decentralized applications (DApps), and services. The first of the hacker attacks that caused the loss was logged on December 31. Experts suspect that North Korea is likely behind the hack.  

How it Could Affect Your Business: This kind of loss will be hard for this DeFi platform to come back from.


 

Japan – Ateam 

https://www.bleepingcomputer.com/news/security/android-game-devs-google-drive-misconfig-highlights-cloud-security-risks/#google_vignette

Exploit: Misconfiguration

Ateam: Game Developer

cybersecurity news gauge indicating extreme risk

 

Risk to Business: 1.433 = Extreme

A Google Drive configuration error at Japanese Android game studio Ateam has led to data exposure for an estimated one million people. a misconfigured server left data available for anyone for more than six years. The company informed users of its apps and services that in November 2023, it discovered that in March 2017, technicians had mistakenly set a Google Drive cloud storage instance to “Anyone on the internet with the link can view”. That misconfigured Google Drive instance contained 1,369 files with personal information on Ateam customers, Ateam business partners and Ateam’s former and current employees. The data exposed by this blunder may include a customer, partner or employee’s full name, email address, phone number, customer management number and terminal (device) identification numbers.

How it Could Affect Your Business: Human error is a top cause of data breaches and cybersecurity trouble because of carelessness.


 

The Week in Breach News: 01/10/24 – 01/16/24
The Week in Breach News: 12/26/23 – 01/02/24

Customer Login

News & Updates

InTegriLogic is proud to announce the launch of our new website at www.integrilogic.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...

Contact us

Learn more about what InTegriLogic can do for your business.

InTegriLogic
1931 W Grant Road suite 310
Tucson, Arizona 85745

Copyright InTegriLogic. All Rights Reserved.