Phishing attack prevention is a challenge for all internet users. What a typical internet user can do to avoid such attacks is to stay abreast of the latest phishing headlines, other than adopting adequate anti-phishing measures. Following are this week’s security updates:
1. Data Breach Hits Illinois Gastroenterology Group
Gurnee-based Illinois Gastroenterology Group (IGG) recently underwent a data breach that exposed its patients’ financial and personal information. IGG made the data breach announcement last week and mentioned that the suspicious activity on its computer network was first detected on 22nd October 2021.
An investigation into the breach was launched soon after, revealing that unauthorized third parties had accessed specific company systems. While there is no evidence of the misuse of any information, it is quite possible that adversaries viewed and stole the information contained in the compromised systems.
The exposed patient information could include their names, DOBs, addresses, social security numbers, passport details, driver’s license numbers, payment card information, financial account details, medical information, employer-assigned identification number, biometric data, etc. IGG reassured stakeholders that it takes the security of personal information very seriously and is doing everything in its capacity to investigate and respond to the security incident. The company is notifying patients of the breach and adopting necessary measures to prevent phishing attacks.
2. Cyberattack Hits Tenet Healthcare
One of the US’s largest hospital care service providers – Tenet Healthcare, recently underwent a cyberattack that disrupted its operations and immediately suspended access to its IT applications. With over 146 hospitals across the country, Tenet is a big name in the US, so this attack is of significant concern. The hospital’s security team launched an investigation soon after detecting the attack and took phishing protection measures to restrict unauthorized activity.
Tenet Healthcare released a breach notification where it did not mention the cause of the attack or the precise date when it began. However, several local media houses reported that the incident started on 20th April 2022. Further, Tenet’s St. Mary’s Medical Center in West Palm Beach is said to be diverting patients to nearby hospitals ever since this system outage.
As Tenet attempts to restore its services, clinicians are trying their best to deliver patient care using backup processes. Most critical applications have been restored, and Tenet is now implementing additional security measures to prevent such an incident from happening again. It has expressed its gratitude to all staff members, physicians, and nurses for their dedicated services in these challenging times.
Tenet became the fifth US healthcare provider targeted by a cyberattack this year. The other providers include Taylor Regional Hospital in Kentucky, East Tennessee Children’s Hospital (ETCH), Partnership HealthPlan of California, and Oklahoma City Indian Clinic. Of these, only ETCH and Partnership HealthPlan of California have been able to restore their affected systems.
3. Dedalus Biologie Fined For Data Leak
The application software editor Dedalus Biologie was recently fined €1.5 million by the French Authority for Data Protection (CNIL) for violating its data security obligation. Dedalus Biologie underwent a massive data leak in February 2021, which affected over 500,000 individuals.
The organization’s failure to comply with article 28 of the GDPR requires it to provide a formal contract for the processing carried out, which has led to this huge fine amount – which is, in fact, the maximum amount permitted by French regulations.
Dedalus Biologie has expressed its willingness to comply with the Data Processing Agreement (DPA) in the future and has taken phishing prevention measures to achieve the highest level of GDPR compliance and security. It is now working on strengthening its IT infrastructure, hiring new DPO and IT information services managers, and enhancing its internal and external procedures.
4. Post-Hack Investigations Continue at Coca-Cola
The beverage giant Coca-Cola recently underwent a ransomware attack where the hackers claim to have stolen 161 GB of data belonging to the company. The company is taking necessary measures to protect against phishing and investigating the breach for clarity.
Coca-Cola has approached law enforcement and is now working to gauge the validity of the attack claim. The Stormous ransomware (one of the rare few to express solidarity with the Russian government during its invasion of Ukraine) has claimed responsibility for this attack on Coca-Cola. The ransomware group is selling the stolen Coca-Cola data for around $64,000. Stormous recently announced that it shall fight anybody who attempts to launch cyberattacks on Russia. Coca-Cola was one of the first organizations to withdraw its operations in Russia after the invasion, and perhaps Stormous is seeking revenge for this loss to the Russian economy.
5. Cyberattack Hits Adaptive Health Integrations of Williston
Adaptive Health Integrations (AHI) of Williston is a North Dakota-based company providing billing and software services to doctors and healthcare professionals. It recently underwent a cyberattack that may have affected over half a million customers. AHI was attacked in mid-October last year, but the breach was reported to the US Department of Health and Human Services in late April this year.
In this breach notification, the company mentioned that unauthorized individuals had accessed a limited amount of data stored on its systems, affecting 510,574 people. Soon after detecting the suspicious activity, AHI shut down the affected systems and launched a thorough investigation into the breach. It also hired external cybersecurity professionals to quicken the process of implementing anti-phishing solutions.
The compromised user data could include their names, contact details, DOBs, and Social Security numbers. However, the breach does not affect all Adaptive Health Integrations patients and does not expose all the information for all individuals.
6. Data Breach at Newman Regional Health
The Emporia-based hospital – Newman Regional Health (NRH), underwent a year-long data breach in 2021 that may have affected over 52,000 individuals. In a recent breach notification posted on its website, the hospital mentioned adversaries accessed a limited number of its email accounts between 26th January 2021 and 23rd November 2021.
After detecting the incident, NRH launched an investigation into the breach with the help of third-party security experts. The compromised email accounts contained patients’ names, DOBs, email addresses, addresses, medical record numbers, contact numbers, treatment information, and other sensitive employee information. The hospital clarified that a limited number of individuals might have their financial details and social security numbers exposed as well.
Investigations into the breach were completed on 14th March 2022. However, the hospital did not mention when the breach was discovered or when investigations were launched. It took to its website to assure patients that NRH is taking anti-phishing protection measures to prevent such an incident from happening again. It has notified law enforcement and contacted affected individuals asking them to remain vigilant.
7. LockBit Targets Rio de Janeiro Finance Department
The Rio de Janeiro finance department recently underwent a ransomware attack that brought down its systems. The LockBit ransomware group has claimed responsibility for this attack and warned that it shall leak all the stolen data (about 420 GB).
A spokesperson for the Secretary of State for Finance of Rio de Janeiro mentioned that the department had informed law enforcement of the breach. The spokesperson further said that the adversaries are demanding a ransom from the department not to leak the stolen data, which amounts to only 0.05% of the data stored on Sefaz-RJ systems.
The Undersecretariat for Information and Communication Technology (SUBTIC) has offered to collaborate with the police on this investigation. LockBit is currently one of the most deadly ransomware operators. With the shutdown of threat actors like REvil, Darkside, and Avaddon, LockBit has only become stronger as a RaaS platform. With the able scrutiny of SUBTIC, it is hoped that the Sefaz-RJ systems will be restored at the earliest. This incident adds to the list of attacks on government organizations and the need for these institutions to implement robust phishing prevention measures.