Ensuring anti-phishing protection becomes difficult when threat actors are continually evolving their modus operandi to plan more sophisticated cyberattacks and get their hands on our information assets. To help you better plan your organizational cybersecurity, here are this week’s most significant hacking news headlines:
Ransomware Hits YRMC, Arizona
Arizona-based Yuma Regional Medical Center (YRMC) recently underwent a security breach that affected over 700,000 patients. The hospital is now sending out breach notifications to affected individuals.
As per reports, a ransomware attack has targeted YRMC, which was detected on 25th April 2022. Soon after noticing the attack vector, the hospital adopted phishing protection measures and hired external cybersecurity experts. Law enforcement was also brought into the loop.
The adversaries deleted some YRMC files, including patients’ names, health insurance details, Social Security numbers, and other medical details related to their treatment at YRMC.
The hospital is now providing free identity theft protection and a credit monitoring facility to the victims of the breach. So far, no ransomware group has claimed credit for the attack, but more details are expected after the initial investigation
Data Breach Hits Kaiser Permanente
The US healthcare provider Kaiser Permanente recently underwent a data breach that exposed the personal information of around 70,000 patients from Washington.
The breach, which occurred in April 2022, revealed the patients’ sensitive and confidential information, including their full names, dates of service, medical record numbers, and laboratory test results. Fortunately, the breach did not affect social security and credit card numbers.
Two months after the security incident, in early June, Kaiser released a breach notification stating that the breach was contained. The notification mentioned that the breach was caused by an employee account takeover that took place on 5th April 2022.
Kaiser could detect unauthorized access on the same day and took immediate anti-phishing measures to contain the breach. An investigation was launched soon after to determine the extent of the breach.
So far, there has been no evidence of the misuse of the protected health information of Kaiser patients, but the facility still advises individuals to remain alert. Furthermore, Kaiser auto-reset the account passwords of all affected users.
Data Breach at Uganda Securities Exchange
The Uganda Securities Exchange (USE) has been leaking the financial and personal details of its global business entities and customers. Owing to a misconfigured USE database, over 32 GB of data belonging to USE customers was unprotected online for anyone to access, download, and misuse.
Image sourced from infoworld.com
The database was found online (on Shodan) by the security researcher Anurag Sen. The database belonged to Easy Portal — USE’s self-service portal allowing users to view stock performance and monitor their account balance.
Sen’s findings further revealed that the server contained other ports belonging to the Bank of Baroda (an Indian bank operating in Uganda and registered under the USE). Sen mentioned that the exposed customer records were sensitive and were left online without any security authentication.
Consequently, USE users’ names, usernames, DOBs, phone numbers, email addresses, residential addresses, plaintext passwords, user ID numbers, access tokens, bank details, etc., were compromised.
The cybersecurity researcher immediately informed the USE, Uganda CERT, and other government institutions of the breach, but none of them ever responded. The database remained publicly exposed for several days before 12th June 2022, when its size was finally reduced from 32 GB to MBs.
Eventually, the database was secured, and its IP address was made inaccessible. However, Easy Portal users are advised to take phishing prevention measures and contact USE to enquire about the incident.
Data Breach Hits US Ambulance Billing Service Comstar
A data breach recently targeted the US ambulance billing service Comstar. The breach was noticed on 26th March when the company detected suspicious activity in some of its servers.
Internal investigations revealed that sensitive and confidential information belonging to medical patients was compromised in the incident. These include their names, DOBs, health insurance details, medical assessment details, social security numbers, and financial account numbers.
As part of its anti-phishing solutions, Comstar released a breach notification on 14th June, mentioning that the company has collaborated with external cybersecurity experts to examine the attack’s depth. However, the initial findings do not suggest what caused the attack or the nature of the information stolen. The company is providing free credit monitoring to all victims.
Data Breach Hits Sioux Falls
Avera Health is a leading healthcare system with its headquarters in Sioux Falls. It recently experienced a data breach that exposed the health information of over 700 patients. The breach took place at one of Avera’s vendors, MCG Health. The latter provides health care guidelines and plans to patients’ healthcare providers.
The personal information compromised in this incident includes patients’ names, contact numbers, email addresses, DOBs, social security numbers, medical codes, postal addresses, and gender. All the affected patients will receive a breach notification letter from MCG in the coming days.
MCG first discovered the breach on 25th March and began an investigation soon after. As it turns out, Avera patients were not the only ones affected; MCG’s other clients too suffered because of the attack. It coordinated with law enforcement to determine the extent of the attack.
So far, the specifics of the attack are not known. However, MCG posted a notification online stating how to report the breach and check one’s credit report.
MCG began sending out breach notices to victims on 10th June and asked them to take phishing attack prevention seriously for the next few weeks. While Avera publicly apologized for the security incompetency of its provider, MCG made its plans to deploy better monitoring tools known.
StoreHub Leaves Database Public Online
Cybersecurity experts have recently found an Elasticsearch server owned by StoreHub online. StoreHub is a Malaysian PoS software vendor, and it left one of its servers containing unencrypted data publicly available online without any password protection.
Consequently, the records of millions of customers were compromised. At least 1.7 billion user records (over 1 TB of data) belonging to at least a million people were exposed because of this incident.
Because StoreHub provides point-of-sale and online ordering services, it stores data about individual buyers’ activities and businesses running its products. The exposed customer details include their names, contact numbers, device types, and email addresses.
Furthermore, customers’ live locations while ordering were also exposed. Cyber experts looking into the incident suggested that the breach also affected masked credit card details.
Along with customer information, the server also contained information on StoreHub users’ staff and access tokens. The exposed server was first discovered on 27th January, but StoreHub secured it only on 2nd February.
However, in one of its statements, StoreHub mentioned that it was notified of the breach only on 3rd February and took measures to prevent phishing attacks immediately. It further noted that the company could rectify the vulnerability within a day of being notified and that no financial details or passwords were affected by the breach.
BeanVPN Exposes Connection Logs
In a recent investigation, the free VPN software provider BeanVPN exposed around 20 GB of connection logs. 18.5 GB of connection logs contained over 25 million records, including IP addresses, connection timestamps, and user device and Play Service IDs.
This database was stored on an unencrypted ElasticSearch server. If exploited by adversaries, it could lead to the revelation of BeanVPN users’ identities and locations.
Security experts note that the Play Service ID could also be used to trace a user’s email address. This is in contrast to BeanVPN’s privacy policy (listed on its website), where it is mentioned that it doesn’t store activity logs or IP addresses of users. We can only hope that the attackers haven’t yet found this server and that the VPN service strengthens its measures for protection against phishing.
Cyberattack Hits Baptist Medical College and Resolute Health Hospital
The IT networks at San Antonio-based Baptist Medical Center and New Braunfels-based Resolute Health Hospital were compromised owing to a malicious code infection. The attack vector facilitated unauthorized access to some of the hospital patients’ personal health information (PHI).
The attackers gained access to the hospitals’ systems between 31st March and 24th April, and this was discovered on 20th April.
The exposed patient data includes their names, DOBs, Social Security numbers, health insurance information, addresses, medical information, and billing and claims information.
As part of its measures for protection from phishing, the hospitals restricted users’ access to the affected systems until the issue was resolved and adopted strict cybersecurity protection measures. Although the exact number of affected individuals is unknown, Baptist Health has begun notifying victims of the breach.