InTegriLogic Blog
The Week in Breach News: 10/23/24 – 10/29/24
This week: A spate of attacks hits non-profits and a malicious insider wreaks havoc on an Italian bank.
Kansas City Hospice & Palliative Care
https://cybernews.com/news/blacksuit-ransomware-claims-kansas-city-hospice
Exploit: Ransomware
Industry: Healthcare
Kansas City Hospice & Palliative Care was added to BlackSuit’s victim list on October 19. While the organization’s website offers no further details, it confirmed launching an investigation with third-party forensic experts to assess the breach. Some systems were impacted, but operations continued without interruption, and the nonprofit is now fully recovered. Founded in 1980, Kansas City Hospice serves 5,700 individuals and families annually and is the largest hospice provider in the region, with over 300 employees and volunteers.
How It Could Affect Your Business: A data breach like this is a fast way for an organization to run up big bills that can impact a company’s financial health and future.
Easterseals
https://therecord.media/easterseals-central-illinois-data-breach
Exploit: Ransomware
Industry: Non-profit
The Rhysida ransomware group has targeted Easterseals, seeking to extort $1.3 million from the organization that supports disabled children, seniors, and military veterans. Although Easterseals has not commented, it filed breach notification documents with Maine regulators, revealing a cyberattack at its Central Illinois location in April. The attack compromised the personal information of 14,855 individuals, including names, addresses, Social Security numbers and medical data. Affected individuals are being offered 12 months of identity protection services. The group has posted Easterseals on its leak site, demanding a 20 bitcoin ransom by October 30.
How It Could Affect Your Business: It’s important to remember that even non-profits like charities aren’t immune to cybercrime.
BronxWorks
https://www.jdsupra.com/legalnews/bronxworks-announces-data-breach-3646094
Exploit: Hacking
Industry: Non-profit
BronxWorks, a non-profit in New York that provides family, legal and health services, filed a data breach notice with the Massachusetts Attorney General after discovering that an unauthorized party accessed employee email accounts. The breach, which occurred between September 1 and October 11, 2023, also involved access to documents stored on SharePoint and OneDrive platforms. Compromised information includes names, Social Security numbers, passport numbers, digital signatures, medical and financial data and driver’s license numbers. BronxWorks has begun notifying affected individuals and is taking steps to address the security incident.
How It Could Affect Your Business: Attacks on non-profits can hurt more than just organizations, they can also hurt people.
Arkansas Blue Cross and Blue Shield
https://www.kark.com/news/state-news/arkansas-blue-cross-and-blue-shield-providing-protection-after-data-breach-of-member-personal-information
Exploit: Supply Chain Breach
Industry: Insurance
Arkansas Blue Cross and Blue Shield is assisting members after a vendor data breach on August 26. Its vendor, Healthmine, discovered unauthorized access to the Blue Wellness Rewards program portal, where a hacker redeemed digital gift cards and accessed members’ personal data, including names, addresses, emails, birth dates, and prescription histories. Social Security numbers and financial information were not compromised. The company reported the incident to law enforcement, hired a forensic firm and Healthmine disabled affected accounts and blocked suspicious domains.
How It Could Affect Your Business: This breach garnered attackers a combination of health and personal data that will be profitable for them and an expensive disaster.
Johnson & Johnson
https://www.securityweek.com/johnson-johnson-discloses-data-breach
Exploit: Hacking
Industry: Insurance
Johnson & Johnson, an insurer unrelated to the pharmaceutical company, disclosed a security breach detected in mid-August 2024. A forensic investigation revealed that files related to its insurance operations may have been compromised, potentially exposing personal information. However, the exact data affected remains unclear. The breach impacted over 3,200 individuals. Johnson & Johnson claims that it has taken steps to strengthen its security following the incident.
How it Could Affect Your Business: Insurance companies can be excellent sources of data for bad actors thanks to the multiple data types they tend to hold.
Peru – World Vision Perú
https://ransomwareattacks.halcyon.ai/attacks/medusa-ransomware-hits-world-vision-peru-in-cyberattack
Exploit: Ransomware
Industry: Non-Profit
World Vision Perú, a branch of the Christian relief, development, and advocacy organization World Vision, has fallen victim to a ransomware attack orchestrated by the Medusa group. This incident was discovered on October 14. Employee and client information likely exposed in this attack includes full names, passport scans and email addresses. Unspecified confidential business data was also snatched. No ransom demand was made public.
How it Could Affect Your Business: A successful cyberattack on a non-profit can have an unfortunate ripple effect on that non-profit’s entire community.
Switzerland – Berufsbildungszentrum (BBZ)
https://therecord.media/ransomware-attack-german-speaking-school-switzerland-bbz-schaffhausen
Exploit: Ransomware
Industry: Education
The Vocational Training Center (BBZ) in Schaffhausen, Switzerland, suffered a ransomware attack earlier this month, the canton’s education department announced. Cybercriminals exploited a firewall vulnerability to block system access and demanded a ransom using encryption malware. The school has notified employees, parents, trainees and partner companies about the incident, and classes will resume as scheduled after the fall break.
How it Could Affect Your Business: Education is the top sector for ransomware attacks, which means that schools need extra protection in place.
Italy – Intesa Sanpaolo
https://www.reuters.com/technology/cybersecurity/what-we-know-about-data-breach-intesa-sanpaolo-2024-10-22
Exploit: Malicious Insider
Industry: Finance
Prosecutors in Bari, Italy, are investigating a data breach at Intesa Sanpaolo, the country’s largest bank, involving unauthorized access to around 3,500 customer accounts, including those of Prime Minister Giorgia Meloni and former Prime Minister Mario Draghi. An employee at a branch in Bitonto allegedly accessed the accounts between February 2022 and April 2024. The bank initiated disciplinary action and a full audit after its internal controls flagged irregular activity. Affected customers had already alerted authorities before the bank notified prosecutors. Intesa issued a public apology on October 13 and established a new security division, led by a recently retired senior police officer.
How it Could Affect Your Business: No company wants to think about it, but every business is at risk of trouble from a malicious insider.