InTegriLogic Blog
The Week in Breach News: 05/11/22 – 05/17/22
Omnicell
https://www.securityweek.com/healthcare-technology-provider-omnicell-discloses-ransomware-attack
Exploit: Ransomware
Omnicell: Healthcare Technology
Risk to Business: 1.944 = Severe
Omnicell revealed that its internal systems were impacted by a ransomware attack on May 4, 2022, in an SEC filing. The company further explained that it expected the attack to have an impact on some of its products and services, but it did not specify which ones. Omnicell says that it is in the early stage of an investigation, but the attack has been contained and appropriate authorities have been informed.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: Everything in the healthcare sector has been under siege since the start of the global pandemic and pressure isn’t easing up.
Texas Department of Insurance (TDI)
https://www.texastribune.org/2022/05/16/texas-insurance-data-breach/
Exploit: Misconfiguration
Texas Department of Insurance (TDI): Regional Government Agency
Risk to Business: 1.804 = Severe
A routine audit discovered that a misconfigured server at the Texas Department of Insurance has been leaking information for three years. The report disclosed that the personal information of an estimated 1.8 million Texas workers who have filed compensation claims between March 2019 and January 2022 has been exposed. TDI says that the problem has been corrected and that its investigation found no evidence that the information had been stolen or used unlawfully.
Risk to Individual: 1.923 = Severe
The personal information of 1.8 million workers who have filed compensation claims in Texas was exposed including Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries.
How It Could Affect Your Business: Misconfiguration errors are common and just as costly and problematic as many cyberattacks.
The Oregon Elections Division
https://www.securityweek.com/hackers-hit-web-hosting-provider-linked-oregon-elections
Exploit: Supply Chain Risk
The Oregon Elections Division: Regional Government Agency
Risk to Business: 2.702 = Moderate
The Oregon Elections Division has announced that it has informed an estimated 1,100 people that their information may have been exposed in a data breach after the online system where campaign finance records are published was hit by a ransomware attack at its web hosting provider. The Oregon Elections Division said it was informed by C&E systems, a campaign finance firm that its web hosting provider Opus Interactive was the victim of a ransomware attack. Through that incident, C&E’s database was compromised, which includes their client’s log-in credentials for ORESTAR accounts. C7E disputes the number of affected accounts, placing it closer to 300. This attack has no impact on the voting or elections process outside campaign finance.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
Oklahoma City Indian Clinic (OKCIC)
https://www.infosecurity-magazine.com/news/oklahoma-city-indian-clinic-data/
Exploit: Hacking
Oklahoma City Indian Clinic (OKCIC): Healthcare Provider
Risk to Business: 2.302 = Severe
Oklahoma City Indian Clinic (OKCIC) this week announced that it experienced a data breach exposing personally identifiable information (PII) on May 12 when unauthorized parties obtained access to its data and systems. A third-party forensic firm has been brought in to investigate. So far, the investigation has confirmed that an unauthorized party accessed and may have retained sensitive customer information.
Risk to Individual: 2.327 = Severe
At present, 38,239 individuals are reportedly impacted by the breach. The compromised files include a patient’s name, date of birth, treatment information, prescription information, medical records, physician information, health insurance policy numbers, phone numbers, Tribal ID numbers, Social Security numbers and driver’s license numbers.
How it Could Affect Your Business: Government and quasi-governmental agencies have been popular targets for cybercriminals looking for big stores of data.
Illinois Gastroenterology Group (IGG)
https://www.illinoisgastro.com/articles/notice-of-security-incident
Exploit: Hacking
Illinois Gastroenterology Group (IGG): Healthcare Provider
Risk to Business: 1.917 = Severe
Illinois Gastroenterology Group (IGG) announced that it has experienced a data security problem that potentially impacted 227,943 individuals. IGG disclosed that it had discovered unusual network activity on October 22, 2021, and that it believed that information may have been stolen. IGG also said it had no evidence of related identity theft or fraud.
Risk to Individual: 1.929 = Severe
The stolen data includes patient names, birth dates, Social Security numbers, driver’s license numbers, passport information, financial account information, addresses, payment card information, biometric data, employer-assigned identification numbers and medical information.
How it Could Affect Your Business: This type of incident is expensive in more ways than one and will spin out into a long, draining regulatory nightmare.
Top Aces
https://therecord.media/top-aces-ransomware-attack-lockbit/
Exploit: Ransomware
Top Aces: Flight Training Company
Risk to Business: 1.733-Severe
Montreal-based company Top Aces, a provider of fighter jets for airborne training exercises, has been hit with a ransomware attack by the LockBit group. The company says that it is the exclusive adversary air provider to the Canadian and German armed forces. LockBit says it stole 44 GB of data and has given Top Aces a deadline of May 15 to pay them and avoid publication of the stolen data. No ransom amount is available.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Defense industry contractors and military-adjacent service providers are tempting targets for cybercriminals looking for back doors.
Italy – Senato della Repubblica (Senate of the Republic)
Exploit: Nation-State
Senato della Repubblica (Senate of the Republic) – Governing Body
Risk to Business: 2.096 = Severe
Pro-Russian hacking group Killnet has claimed responsibility for a cyberattack that briefly interrupted business in Italy’s Senate. The group also targeted the National Health Institute (ISS) and the Automobile Club d’Italia. A tweet by the Speaker of the Senate disclosed that there was no significant damage in the Senate attack.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Unexpected nation-state danger is always just around the corner for government agencies, legislative bodies and government-related entities.
Russia – SOCAR Energoresource
https://securityaffairs.co/wordpress/131264/hacktivism/anonymous-oprussia-updates.html
Exploit: Nation-State (Hacktivism)
SOCAR Energoresource: Oil Company
Risk to Business: 2.776 = Moderate
SOCAR Energoresource, a company partially owned by the State Oil Company of Azerbaijan Republic (SOCAR), has been hit in a cyberattack by the Anonymous Collective. The company operates the Antipinsky Refinery and several oilfields in Russia. The hacktivist group released a 130 GB archive via DDoSecrets that contains nearly 116,500 emails. Other Russian organizations also felt the sting of an attack by Anonymous in the last week or so including the Polar Branch of the Russian Federal Research Institute of Fisheries and Oceanography, the Achinsk City Government and the Port and Railway Projects Service of JSC UMMC.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Hacktivism isn’t only a factor in nation-state cybercrime and could impact all kinds of businesses and institutions.
About the author
