The Week in Breach News: 02/21/24 – 02/27/24

Risk to Business: 1.771 = Severe

Change Healthcare is admitting that it has experienced a successful cyberattack that has caused widespread disruptions to healthcare services and prescription processing across the U.S. The healthcare technology company is part of Optum and owned by UnitedHealth Group. The trouble began on February 21, when bad actors were able to exploit the ConnectWise vulnerability. More than 100 Change Healthcare applications across pharmacy, medical record, clinical, dental, patient engagement, and payment services are affected. Some reports are pointing to a state-sponsored threat actor as the culprit.

Risk to Business: 2.691 = Moderate

The Akira ransomware gang has claimed a hit on Alabama-based pawn shop chain Quik Pawn Shop. The attack occurred on February 22. Akira said that they snatched 140 GB of files along with a database full of customer information. Stolen customer information includes millions of records containing sensitive details such as dates of birth, addresses, Social Security numbers and financial transaction histories. The incident is under investigation.  

Risk to Business: 1.643 = Severe

An Arizona-based healthcare services firm is in the process of notifying nearly 2.4 million patients that their data may have been compromised in a November 2023 hacking incident. The incident involved data held by American Vision Partners, a brand of Medical Management Resource Group (MMRG) that services ophthalmology practices. The company said that it detected unauthorized activity on certain parts of its network in November 2023 and later determined that hackers had stolen sensitive data. The compromised information varies among patients but may include names, contact information, birthdates and medical information including services received, clinical records and medications. For some individuals, the hack also affected Social Security numbers and insurance information. 

Risk to Business: 1.462 = Extreme

The Royal Canadian Mounted Police (RCMP) has disclosed that a recent website outage was due to a cyber attack. The RCMP site was down as of early morning on February 26. Officials were quick to assure the public that RCMP is still operating normally and there is no impact on public safety. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach. 

Risk to Business: 2.702 = Moderate

A former council worker has admitted to making off with tens of thousands of residents’ emails from a Stratford-on-Avon District Council database in order to promote a business. The breach occurred in November 2023 when 79,000 email addresses were copied from a garden waste collection database. A Warwick District Council database was also nabbed. Officials say that the databases only contained email addresses. No bank details, names or addresses were exposed. The former employee has been cautioned by the police.  

Risk to Business: 1.836 = Severe

Major recruiter Das Team Ag has become a victim of the notorious Black Basta ransomware outfit. The company, which boasts 25 branches across Switzerland and the Principality of Liechtenstein, admitted that they have fallen victim to a ransomware attack after they appeared on Black Basta’s dark web leak site. The group did not post any evidence to back up its claim, nor did Das Team Ag specify what types of data have been stolen.  

Risk to Business: 1.566 = Extreme

German critical infrastructure software and logistics platforms vendor PSI Software has been knocked out by a ransomware attack. The company, providers of software used to provision critical infrastructure, was forced to shut down all external connections and systems last week. The problem was first revealed unusual activity was spotted on PSI’s network on February 15. PSI said that it doesn’t see evidence that customer sites were hacked, and bad actors did not gain access to remote connections for the maintenance of customer systems.

Risk to Business: 1.802 = Severe

Officials at Tangerine say that the compromise of a contractor’s credentials is to blame for a cyberattack that has resulted in a data breach. The incident came to light last Tuesday. Approximately 232,000 customers have been affected. Exposed customer data includes names, birthdates, mobile numbers, email addresses, postal addresses and Tangerine account numbers. The telecom said that no credit or debit card numbers, driver’s license numbers, ID documentation details, banking details or passwords have been exposed as a result of this incident.