Aetna

https://www.bankinfosecurity.com/aetna-reports-326000-affected-by-mailing-vendor-hack-a-19691

Exploit: Supply Chain

Aetna: Insurer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.631 = Moderate

Health insurance heavyweight Aetna has reported a data breach to federal regulators affecting nearly 326,000 individuals. This breach was spurred by a ransomware attack at a service provider for an Aetna subcontractor, mailing company OneTouchPoint. This incident is one of the first reported as a direct result of that cyberattack. The OneTouchPoint breach is expected to impact over 30 large and small health insurers and plan providers.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.755 = Moderate

Aetna said that the exposed information for individuals may include names, addresses, dates of birth, and limited medical information.

How It Could Affect Your Business: Business services companies are becoming choice targets for cybercriminals looking for quick scores of data.

 

 

Lin-Mar School District

https://www.kcrg.com/2022/08/03/leaked-image-shows-ransomware-attack-hit-linn-mar-school-district/

Exploit: Ransomware

Lin-Mar School District: Local Public Education Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.372 = Severe

Thanks to a bit of timely reporting by local media, it has been revealed that the Lin-Mar School District in Iowa has become a victim of the Vice Society ransomware group. Screenshots of the group’s ransom note were given to the media by an anonymous district staff member. This leak occurred after the school district informed parents and students that it was suffering unspecified “technical difficulties”, raising concerns about the district’s readiness to open for the new school year. The school district has so far refused further comment.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: School districts will be especially appealing right now since the new school year time crunch makes them more likely to pay a ransom.

 

 

Wisan Smith Racker & Prescott

https://www.jdsupra.com/legalnews/wisan-smith-racker-prescott-confirms-5913417/

Exploit: Hacking

Wisan Smith Racker & Prescott: Accounting Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.716 = Severe

Salt Lake City Utah Based accounting firm Wisan Smith Racker & Prescott has disclosed that they have experienced a data breach. On June 14, 2022, the firm learned that an unauthorized party had penetrated its IT security and accessed information about their clients. That information was subsequently used to file fraudulent tax returns supposedly on behalf of several of the company’s clients. Data breach letters have been sent to all of the clients impacted by this breach.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.788 = Severe

The exposed information varies depending on the individual, but it may include a clients’ name, Social Security number, driver’s license or state identification card number, passport number, military identification number, government-issued identification number, financial account information, date of birth, electronic signature, medical information and health insurance information.

How It Could Affect Your Business: Ransomware attacks on service providers in the supply chain are an ongoing problem that won’t be going away anytime soon.

 

 

Goodman Campbell Brain and Spine

https://www.bankinfosecurity.com/neuro-practice-tells-363000-that-phi-was-posted-on-dark-web-a-19706

Exploit: Ransomware

Goodman Campbell Brain and Spine: Specialty Medical Practice

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.719 = Severe

Goodman Campbell Brain and Spine, a medical practice in Indiana, has disclosed that it has experienced a data breach as a result of a suspected ransomware attack. The Hive ransomware group is implicated in the attack. The practice noted that they discovered the attack had been successful on May 20, 2022. An estimated 363,000 people had data exposed in this incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.606 = Severe

Information affected in the incident includes patient PII and PHI including name, date of birth, address, telephone number, email addresses, medical record number, patient account number, diagnosis and treatment information, physician name, insurance information, dates of service and Social Security numbers.

How it Could Affect Your Business: Healthcare is the industry with the highest data breach cost, and its’ been beleaguered by ransomware.

 

 

United Kingdom – National Health Service

https://www.bbc.com/news/uk-wales-62442127

Exploit: Supply Chain

National Health Service: Healthcare System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.304 = Severe

United Kingdom’s National Health Service (NHS) has experienced a service outage of its 111 non-emergency medical service system that was triggered by a cyberattack that hit the systems of British MSP Advanced. The MSP’s Adastra system is used by 85% of NHS 111 services for patient management. Advanced said that the suspected ransomware attack was spotted at 07:00 BST last Thursday. This attack has had a widespread impact, affecting ambulance dispatch, out-of-hours appointment bookings and emergency prescriptions throughout the UK. Advanced says that the issue may not be resolved until this week. The emergency 999 system was not impacted.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: This is a great illustration of how no organization is safe from potential supply chain trouble.

 

 

Germany – Semikron

https://www.bleepingcomputer.com/news/security/semiconductor-manufacturer-semikron-hit-by-lv-ransomware-attack/

Exploit: Ransomware

Semikron: Semiconductor Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.529 = Severe

Semikron, a manufacturer of semiconductors for electric vehicles and industrial automation systems, has confirmed it has fallen victim to a ransomware attack, likely by the LV ransomware group. The attackers are demanding an unspecified ransom after stealing an estimated 2TB of documents and encrypting systems at the Nuremberg-based company. No specifications have been given for the exact data types stolen or the ransom amount demanded.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Service disruptions from cyberattacks can cost manufacturers and the companies that they supply a fortune.

 

 

Germany – The Association of German Chambers of Industry and Commerce (DIHK)

https://www.computing.co.uk/news/4054360/massive-cyberattack-targets-german-chambers-industry-commerce

Exploit: Ransomware

The Association of German Chambers of Industry and Commerce (DIHK): Business Association

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

The Association of German Chambers of Industry and Commerce (DIHK) has announced that it has been the victim of what it characterized as a “massive cyberattack”. The organization said that all internet connections at the organization were shut off as a way to address the issue, leading to phone, email and website outages that impacted all 79 local outposts to varying degrees. The DIHK is a business association that notes that it helps companies with legal issues, provides general support and promotes German businesses internationally.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Groups like this offer a great opportunity for cybercriminals to snatch profitable and useful data.

 

 

Luxembourg – Encevo Group

https://therecord.media/luxembourg-energy-companies-struggling-with-alleged-ransomware-attack-data-breach/

Exploit: Ransomware

Encevo Group: Energy Conglomerate

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

The BlackCat/ AlphV ransomware group is allegedly responsible for a ransomware attack that landed on two subsidiaries of the Encevo Group, a Luxembourg-based energy supplier. The company disclosed that energy network operator Creos and supplier Enovos had been affected. The attack took down customer portals for both companies but did not affect the supply of electricity and gas. The Encevo Group is partially owned by the government of Luxembourg. The attackers claim to have stolen 150 GB of data that they said includes contracts, passports, bills and emails although that has not been confirmed by Creos, Enovos or the Encevo Group.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: The energy sector has been a popular target for the bad guys who are continuing to pound critical infrastructure with ransomware attacks.