The Week in Breach News: 02/07/24 – 02/13/24

Risk to Business: 1.771 = Severe

Lurie Children’s Hospital in Illinois has been experiencing cyber trouble that has impacted its services for more than a week after a suspected ransomware attack. The Chicago-area hospital was forced to take some of its systems offline to curtail the spread of the incident, resulting in limited access to medical records in the facility as well as hampering communication by phone or email. The disruption has been going on since the middle of last week. The hospital assured the public that it remains open and in operation.  

Risk to Business: 2.691 = Moderate

The LockBit ransomware group is claiming responsibility for a ransomware attack that hit Service Employees International Union (SEIU) Local 1000 in California. The gang says that they have captured 308GB of data, including employees’ salary details, financial documents and Social Security numbers. The union has confirmed that it has experienced a disruptive cyber-attack, stating that they are working with a third-party cyber forensics firm to determine exactly what data was stolen in this incident.  

Risk to Business: 1.643 = Severe

Middletown Area School District in Pennsylvania is still working on restoring some of its systems after a cyberattack last week. The school district said that it noticed that two of its information systems were not working right last week and took immediate action to disconnect those systems. As a result, students and teachers experienced some technological difficulties leading to learning disruptions. District officials said that they do not believe that any data was stolen.

Risk to Business: 1.862 = Severe

Bank of America is informing customers that their personal information may have been exposed in a data breach. The breach occurred when one of its service providers, Infosys McCamish Systems (IMS), was hacked on November 3, 2023. The bank said that some customers’ personally identifiable information (PII) was exposed in the security breach including names, addresses, social security numbers, dates of birth and financial information, including account and credit card numbers. Bank of America said in a filing that 57,028 people were directly impacted. 

Risk to Business: 1.702 = Severe

Oklahoma-based casino and resort operator WinStar has announced a data breach that impacts users of its My WinStar app. The app was developed by a software startup in Nevada, Dexiga. Unfortunately, the startup accidentally left one of its logging databases on the internet unsecured, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored there. The unsecured database contained customer data including full names, phone numbers, email addresses and home addresses.

Risk to Business: 1.336 = Extreme

A ransomware attack took down the health management system used by 21 Romanian hospitals including Slobozia County Emergency Hospital. Officials said that Backmydata ransomware was used. The health management system, Hipocrate Information System (HIS), is used to manage medical activity and patient data. The system was knocked overnight between February 11 and 12, 2024 after its databases became encrypted. Medical personnel have been forced to return to writing prescriptions and keeping records on paper. The list of impacted hospitals includes Pediatric Hospital Pitesti, Buzău County Emergency Hospital, Slobozia County Emergency Hospital, “Sf. Apostol Andrei” Emergency County Clinical Hospital Constanta, Pitești County Emergency Hospital, Military Emergency Hospital “Dr. Alexandru Gafencu” Constanta, Institute of Cardiovascular Diseases Timișoara, Emergency County Hospital “Dr. Constantin Opriș” Baia Mare, Sighetu Marmației Municipal Hospital, Târgoviște County Emergency Hospital, Colțea Clinical Hospital, Medgidia Municipal Hospital, Fundeni Clinical Institute, Oncological Institute “Prof. Dr. Al. Trestioreanu” Institute Bucharest (IOB), Regional Institute of Oncology Iasi (IRO Iasi), Azuga Orthopaedics and Traumatology Hospital, Băicoi City Hospital, Emergency Hospital for Plastic, Reconstructive and Burn Surgery Bucharest, Hospital for Chronic Diseases Sf. Luca, C.F. Clinical Hospital no. 2 Bucharest and Medical Centre MALP SRL Moinești.

Risk to Business: 1.442 = Extreme

The municipality of Korneuburg in Austria said it was hit by a ransomware attack, resulting in a loss of government services that has reportedly resulted in the cancellation of local funerals. The city government confirmed the ransom attack affected all the data held by the administration, including the backup system. Officials also said that they received a ransom demand, but they stopped short of disclosing the amount of the extortion demand. One result of the incident is that local funerals have been canceled because of the city’s inability to issue death certificates. Citizens are also unable to print out forms or pay bills.  

Risk to Business: 1.602 = Severe

The Black Basta ransomware group claims that it has stolen 3TB of data from Hyundai Motor Europe. The carmaker confirmed that it is investigating a cybersecurity incident in which an unauthorized third party accessed a limited part of its network. As proof of the supposed hack, the group shared images of folders related to various departments at the company, including legal, sales, human resources, accounting, IT and management. No extortion demand was made public, and the incident remains under investigation.