The Week in Breach News: 11/16/22 – 11/22/22

CorrectCare Integrated Health

https://www.jdsupra.com/legalnews/correctcare-integrated-health-announces-1605263/

Exploit: Misconfiguration
CorrectCare Integrated Health: Healthcare Provide

Risk to Business: 1.214 = Extreme
CorrectCare Integrated Health, a Kentucky-based company that specializes in providing healthcare to prisoners in U.S. jails, has experienced a data breach. In a filing with the California Attorney General’s Office, the company stated that two file directories on the company’s server had been accidentally exposed on the internet by an employee’s misconfiguration of a server. An estimated 600,000 patients who received medical care in a CDCR facility between January 1, 2012, and July 6, 2022, were among those whose data was potentially impacted.

Risk to Business: 1.227 = Extreme
The breached information may include an individual’s full name, date of birth, social security number, CDCR number and protected health information.

How It Could Affect Your Business: This employee mistake will cost the a fortune by the time regulators get finished with it.

Middletown Valley Bank

https://www.jdsupra.com/legalnews/middletown-valley-bank-reports-data-6177965/

Exploit: Hacking

Middletown Valley Bank: Financial Institution

Risk to Business: 2.177 = Severe
Maryland-based regional financial institution Middletown Valley Bank has disclosed that it has experienced a data breach as the result of an unspecified hacking incident. Around October 1, 2022, Middletown Valley Bank learned of a potential data security incident that resulted in the bank shutting down parts of its computer network. An investigation determined that an unauthorized party had gained access to its computer network. The unauthorized party was able to access files that contained sensitive information related to bank customers.

Risk to Business: 2.201 = Severe
The breached information varies depending on the individual and may include a customer’s name, financial account numbers, Social Security number, driver’s license number, passport number, and other information provided to the bank for purposes of applying for products or services.

How It Could Affect Your Business: The Banking and Finance sector was the top sector for ransomware attacks two years in a row, and the pace is not decreasing.

ESO

https://www.canadianparvasi.com/ontario-paramedics-taking-notes-by-hand-as-patient-software-hit-by-cyberattack/

Exploit: Hacking

ESO: Medical Software Provider

Risk to Business: 1.652 = Severe
Ambulance crews across Ontario have been forced to resort to pencil and paper charting after an outage in the iMedic system. Software maker ESO stated that the system has experienced service outages after unauthorized parties gained access to a server, forcing a shutdown. Paramedics typically use iMedic to record patient information that is transmitted to hospitals for incoming patients arriving by ambulance. ESO said that its initial investigation showed no evidence indicated that data had been breached and there was no malware or ransomware installed.

How It Could Affect Your Business: Business service providers in time-sensitive industries are high on the cybercriminal hit list because they’re likely to pay ransoms.

Russia – Whoosh

https://www.bleepingcomputer.com/news/security/whoosh-confirms-data-breach-after-hackers-sell-72m-user-records/

Exploit: Hacking

Whoosh: Transportation Company

Risk to Business: 1.782 = Moderate
Whoosh, Russia’s top scooter sharing service, has confirmed a data breach. Hackers have started shopping a database containing the details of 7.2 million customers on a hacking forum. The stolen data purportedly includes promotion codes that can be used to access the service for free, as well as partial user identification and payment card data. The company had previously confirmed the cyberattack via statements on Russian media earlier this month but claimed that it had been thwarted. In a revised statement, the company has admitted the attack took place and data was stolen, claiming that no sensitive user data was impacted, which does not appear to be the case.

How it Could Affect Your Business: Payment card data is a hot seller for the bad guys on the dark web and they’re always happy to swipe it.

France – The Department of Seine-et-Marne

https://globeecho.com/news/europe/france/cyberattack-a-ransom-of-10-million-dollars-demanded-from-the-department-of-seine-et-marne/

Exploit: Ransomware

The Department of Seine-et-Marne: Regional Government

Risk to Business: 1.482 = Extreme
The government of the department of Seine-et-Marne in northern France has been struck by a ransomware attack that has crippled government systems. Officials were quick to note that social benefits and salaries of departmental agents were unaffected, but outages and service disruptions were likely for other government functions, with no timeline given for restoration. The government’s website is also down. The unnamed hackers have demanded a ransom of $10 million, but the president (Les Républicains) of the departmental council of Seine-et-Marne says that he sees no reason to pay it.

How it Could Affect Your Business: Government agencies and bodies have been under siege by bad actors looking for a quick payout to avoid a disruption to public services.

Finland – Uponor Corporation

https://www.yahoo.com/now/evidence-data-breach-resulting-ransomware-073000533.html

Exploit: Ransomware

Uponor Corporation: Industrial Plastic Pipe Maker

Risk to Business: 1.733 = Severe
A ransomware attack against plastic pipe and water system component company Uponor Corporation (Uponor Oyj) on November 5, 2022, led to a shutdown of production systems for a week and a data breach. The Finnish company reported that there is also evidence that current and former employee personal data has been exposed for employees in some countries where Uponor operates. Production has since been restored to capacity. No further information was available at press time about any ransom demand or claim of responsibility.

How it Could Affect Your Business: Ransomware has been a menace for manufacturers at critical points in the infrastructure supply chain and it’s getting worse.

Malaysia – Air Asia

https://thehackernews.com/2022/11/daixin-ransomware-gang-steals-5-million.html

Exploit: Ransomware

Air Asia: Airline

Risk to Business: 2.283 = Severe
Budget air carrier Air Asia has fallen victim to a ransomware attack that has created a data breach impacting more than 5 million people. The attack took place on November 11-12, 2022. The cybercrime group Daixin Team has claimed responsibility. The group leaked sample data belonging to AirAsia on its dark web data leak portal. The samples show that the gang appears to have grabbed passenger information and the booking IDs as well as personal data related to the company’s staff. In an interesting twist, Hacker News reports that A spokesperson for the threat actor said that further attacks were not pursued because of “the chaotic organization of the network.” No information about any ransom demand was available at press time.

How it Could Affect Your Business: Airlines are a popular target for ransomware gangs, and that threat will grow throughout the winter holiday season.