InTegriLogic Blog
The Week in Breach News: 05/16/24 – 05/21/24
This week: Hundreds of thousands of records were exposed in three medical breaches, customer data was exposed at a Spanish bank, and an employee data breach at Nissan.
DocGo
https://healthitsecurity.com/news/patient-data-stolen-in-docgo-cyberattack
Exploit: Hacking
DocGo: Medical Service Provider
Risk to Business: 1.901 = Severe
DocGo, a provider of mobile medical services, has disclosed to the U.S. Securities and Exchange Commission (SEC) that it experienced a cyberattack that resulted in a data breach. The incident only impacted its U.S.-based ambulance transportation business. In the filing, DocGo stated that a threat actor accessed its network and acquired data that included protected health information. DocGo said that the company currently does not expect that the cybersecurity incident will have a material impact on its overall financial condition or on its ongoing results of operations.
How It Could Affect Your Business: A breach that involves sensitive medical data is an expensive proposition for a business or medical system.
Affiliated Dermatologists and Dermatologic Surgeons (AD)
https://data.cincinnati.com/health-care-data-breaches/affiliated-dermatologists-and-dermatologic-surgeons-pa-nj-380000-20240503-hacking-network/?query=Last%206%20Months&page=1
Exploit: Ransomware
Affiliated Dermatologists and Dermatologic Surgeons (AD): Medical Practice
Risk to Business: 1.856 = Severe
Affiliated Dermatologists and Dermatologic Surgeons (AD), a New Jersey-based healthcare practice, has admitted that it experienced a data breach as the result of a March 2024 ransomware attack. Between May 2 and May 3, the threat actor accessed AD’s systems, copied data pertaining to over 300K patients and employees and deployed ransomware. Stolen patient data includes names, dates of birth, Social Security numbers, health insurance claims information, treatment information and mailing addresses. Employee data was also exposed including names, dates of birth, addresses, driver’s license numbers, passport numbers, and Social Security numbers.
How It Could Affect Your Business: The data that was stolen from this medical group will be profitable for cybercriminals on the dark web.
MedStar Health
https://www.medstarhealth.org/notice-of-data-incident
Exploit: Hacking
MedStar Health: Healthcare System
Risk to Business: 1.721 = Severe
Washington D.C. area hospital system MedStar Health has disclosed that it has suffered a data breach due to someone gaining unauthorized access to employee email accounts. Bad actors used compromised accounts to access MedStar’s systems between January 2 and October 18, 2023. The hospital system said that in March 2024 it determined that that patient information was included in the emails and files that were accessed. MedStar said that the exposed data included patient names, addresses, provider names, dates of service, and health insurance information.
How It Could Affect Your Business: It’s critical that every organization conduct regular security awareness training to avoid email security problems
Rockford Public Schools (MI)
https://www.fox17online.com/news/local-news/kent/your-data-is-stolen-rockford-schools-hit-by-ransomware-attack
Exploit: Ransomware
Rockford Public Schools (MI): Regional Education Authority
Risk to Business: 1.203 = Extreme
An early May cyberattack on Rockford Public Schools took out computers, internet service and phones at all district buildings. The loss of technology disrupted the learning environment, causing teachers and students to have to resort to using old-fashioned pencil and paper for lessons. Even with the disruptions, classes remained in session. The district has not provided a timeline for recovery.
How It Could Affect Your Business: Bad actors will seek out any opening to exploit, making penetration testing a must-have to close gaps.
The American Radio Relay League (ARRL)
https://www.bleepingcomputer.com/news/security/arrl-cyberattack-takes-logbook-of-the-world-offline
Exploit: Hacking
The American Radio Relay League (ARRL): Membership Association
Risk to Business: 1.712 = Severe
The U.S. national association for amateur radio operators has experienced a cyberattack that has disrupted its IT systems and online operations, including email. The attack also took down its online database Logbook of The World (LoTW), an online database that allows amateur radio enthusiasts to submit electronic logs of successful contacts (QSO) and confirmations (QSL) between other users worldwide. The group did not specify what if any data was exposed but admitted that its member database includes members’ names, addresses and call signs.
How it Could Affect Your Business: It’s essential to remember that any organization of any size in any industry is at risk of a cyberattack
Spain – Santander
https://www.reuters.com/technology/cybersecurity/santander-reports-customer-employee-data-breach-spain-chile-uruguay-2024-05-14
Exploit: Hacking (Supply Chain)
Santander: Bank
Risk to Business: 2.376 = Severe
Santander, a Spanish bank, has disclosed that it has experienced a data breach. The bank said that employee data in a database hosted by an outside provider was accessed by an unauthorized party. Santander specified that the exposed data belongs to clients in Spain, Chile and Uruguay, but customer data in other markets and in Santander’s other business units were not affected.
How it Could Affect Your Business: Worldwide, the financial services sector has been a favorite target of cybercriminals for the past three years.
Australia – MediSecure
https://www.mobihealthnews.com/news/anz/e-scripts-platform-medisecure-hit-large-scale-ransomware
Exploit: Ransomware
MediSecure: Prescription Platform
Risk to Business: 1.866 = Severe
MediSecure, an Australian provider of a digital prescription platform, has disclosed that it has experienced a ransomware attack on May 16. Bad actors gained access to the personal and health information of individuals in its systems. The company did not offer specifics. The company’s website and phone lines were also knocked offline. Officials from the office of the National Cyber Security Coordinator (NCSC) reassured the public that no current e-prescriptions have been impacted or accessed.
How it Could Affect Your Business: Healthcare providers often hold very sensitive data that can be used for nefarious purposes like blackmail if it falls into the wrong hands.
Japan – Nissan
https://www.cbsnews.com/news/nissan-data-breach-cyberattack
Exploit: Ransomware
Nissan: Carmaker
Risk to Business: 1.602 = Severe
Nissan North America has announced that they have suffered a ransomware attack that exposed the Social Security numbers of thousands of former and current employees. Cybercriminals compromised data belonging to more than 53,000 current and former workers. Nissan said that a bad actor slipped in through a virtual private network (VPN). The company did not clarify the exact data stolen or any ransom demand.
How it Could Affect Your Business: Companies not only have an obligation to protect customer data, but they also need to protect their employees’ data.
About the author
