Kaiser Permanente

 https://portswigger.net/daily-swig/kaiser-permanente-data-breach-exposed-healthcare-records-of-70-000-patients

Exploit: Credential Compromise

Kaiser Permanente: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

A data breach at healthcare and insurance giant Kaiser Permanente has exposed the personal information and health data of patients in the state of Washington. The company says that an unauthorized party gained access to its systems through a compromised employee email account in April 2022. The U.S. Department of Health and Human Services Office for Civil Rights reports that 69,589 records were potentially exposed as a result of the email security slip-up at Kaiser’s Washington unit.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.278 = Severe

Exposed data includes a patient’s first and last name, medical record number, dates of service, and laboratory test result information of the health plan provider.

How It Could Affect Your Business: This will be an expensive employee mistake (and training failure) once regulators get finished with penalties for this incident.

 

 

Comstar

https://portswigger.net/daily-swig/data-breach-at-us-ambulance-billing-service-comstar-exposed-patients-healthcare-information

Exploit: Hacking

Comstar: Medical Billing Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.742 = Severe

U.S. ambulance billing service Comstar has disclosed that it has exposed sensitive information belonging to medical patients. The company stated that it notices suspicious activity in March 2022, and an investigation determined that certain systems on Comstar’s network were subject to unauthorized access, but investigators were ultimately unable to confirm what specific information on those systems was accessed.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.861 = Severe

Exposed information may include patient names, dates of birth, information regarding medical assessment and medication administration, health insurance information, drivers’ licenses, financial account information, and Social Security numbers.

How It Could Affect Your Business: Any breach that involves healthcare data is going to cost the company a pretty penny in cleanup and fines.

 

Robert Half

https://www.securityweek.com/staffing-firm-robert-half-says-hackers-targeted-over-1000-customer-accounts

Exploit: Credential Stuffing

Robert Half: Staffing Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.601 = Moderate

Robert Half has determined that more than 1000 job seekers and employees placed by the firm had their accounts accessed by an unauthorized source between April 26 and May 16, 2022, exposing potentially sensitive information that may have been stolen. The company says that there is no evidence that the information was actually accessed or downloaded, and current users are required to update their passwords.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.612 = Moderate

The release disclosed that the targeted accounts stored information such as name, address, and social security number, as well as wage and tax information. The company noted that bank account numbers for direct deposits are stored in these accounts, but only the last four digits are visible.

How It Could Affect Your Business: Teaching employees to make good, strong passwords and handle them safely with security awareness training prevents problems like this.

 

 

Eyecare Leaders

https://invisionmag.com/2m-eyecare-patients-potentially-affected-by-data-breach/

Exploit: Hacking

Eyecare Leaders: Medical Records Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

An estimated two million eyecare patients may have had their personal and health data exposed by medical billing service Eyecare Leaders. 1.3 million of those patients sought treatment at Texas Tech University Health Sciences Center. The company, provider of the myCare Integrity electronic medical record platform has disclosed that it suffered a data security incident in December 2021 that resulted in “the deletion of databases and systems configuration data”. Over 20 other eyecare practices have also had patient data exposed in this incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.721 = Severe

The customer data that was compromised may include names, Social Security numbers, tax ID numbers, driver’s license numbers, passport numbers, financial account/payment card account numbers, and medical or health insurance information.

How it Could Affect Your Business: Service providers can be a source of data breach risk and an incident like this will be very expensive for every organization involved.

 

 

Memorial University

https://www.cbc.ca/news/canada/newfoundland-labrador/mun-data-breach-1.6492697

Exploit: Employee Error

Memorial University: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.077 = Severe

Students at Memorial University have been informed that their data has been exposed after an employee error. The blunder involved a university employee sending the wrong data to several students. About 1,000 students received emails that contained other students’ personal information, according to a statement from Memorial.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.021 = Severe

Leaked details included names, email addresses, student numbers and programs of study. No financial or medical data was included.

How it Could Affect Your Business: Employee errors can lead to big headaches and big bills to clean up the messes left behind.

 

 

Regina Public Schools

 https://www.cbc.ca/news/canada/saskatchewan/regina-public-schools-still-experiencing-tech-issues-nearly-month-after-cyberattack-teachers-say-1.6490268

Exploit: Ransomware

Regina Public Schools: Local Education Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.206= Severe

Regina Public Schools are experiencing technical difficulties in the wake of a late-May cyberattack. The ransomware group BlackCat has claimed responsibility. The group claims to have encrypted 500 gigabytes of files belonging to RPS. BlackCat has also said that the group now possesses employee data from a wide range of sources like tax reports, health information, passports and social insurance numbers, but the school system disputes those assertions. Many schools are still experiencing internet outages, leaving teachers unable to access learning tools, grading systems and other educational assets. Services are slowly being restored.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Schools, universities and colleges have been prime targets for cybercrime since the start of the global pandemic and need to take extra precautions.

 

 

Germany – The Green Party

https://www.thestar.com/news/world/europe/2022/06/18/germanys-green-party-says-email-system-hit-by-cyberattack.html

Exploit: Hacking

Green Party: Political Group

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.206 = Severe

The German Green party has disclosed that its IT system was hit by a cyberattack last month. The party is part of Germany’s ruling coalition. Ultimately, 11 email accounts were impacted including email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck. The hacked accounts were compromised in such a way that some emails were forwarded to addresses outside the party, possibly in Russia according to Der Spiegel. Both politicians have publicly taken anti-Russia stances.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: An unprecedented wave of hacking has emerged in the wake of Russia’s invasion of Ukraine with far-reaching ripples.

 

 

South Africa – Shoprite Holdings Ltd.

https://www.bleepingcomputer.com/news/security/extortion-gang-ransoms-shoprite-largest-supermarket-chain-in-africa/

Exploit: Ransomware

Shoprite Holdings Ltd.: Supermarket Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.613 = Severe

Africa’s largest supermarket chain has been hit by a ransomware attack. The company warned customers in Eswatini, Namibia and Zambia, that their personal information might have been compromised due to a cyberattack. The RansomHouse group has claimed responsibility for the attack, posting an evidence sample of 600GB of data it claims it stole from the retailer to its dark web site. The attackers were quick to ridicule Shoprite’s cybersecurity practices as part of its leak announcement.

Individual Impact: No specific information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Ransomware is always a business disaster that costs a company time, money and reputation with a long, painful recovery.