A federal grand jury in Atlanta returned an indictment last week charging four members of the Chinese People’s Liberation Army (PLA) with hacking into the computer systems of the credit reporting agency Equifax and stealing Americans’ personal data and Equifax’s valuable trade secrets.
o alleges that Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei conspired with each other to hack into Equifax’s computer networks, maintain unauthorized access to those computers, and steal sensitive, personally identifiable information of approximately 145 million American victims.
- Ponemon Institute published new report on frequency of cybersecurity
o incidents caused by insiders has increased by 47% in the past 2 years
o 4,716 insider incidents reported in last 12 months
o average annual global cost of those cybersecurity incidents has increased by 31% to $871,000
o average annual cost of insider incidents is now $11.45 million.
o Organizations are spending 60% more dealing with insider incidents than they were 3 years ago
costs have increased by 25% since 2018
o On average it takes 77 days to contain an incident
o The health and pharmaceutical sector spent an average of $10.81 million in the past year on insider incidents.
- Medtronic has issued patches to correct flaws in its CareLink 2090 and CareLink Encore 29901 programmers, implantable cardioverter defibrillators (ICDs), and cardiac resynchronization therapy defibrillators (CRT-Ds).
- IBM Security today released the IBM X-Force Threat Intelligence Index 2020:
o 60% of initial entries into victims' networks that were observed leveraged either previously stolen credentials or known software vulnerabilities, allowing attackers to rely less on deception to gain access
o 31% = email phishing
o 30% = scanning and exploitation of vulnerabilities
o 29% = use of previously stolen credentials
o more than 8.5 billion records were compromised in 2019, up 200%
- Puerto Rico’s government admitted to losing $2.6 million due to an email phishing scam.
- Pavia Hospital Santurce and Pavia Hospital Hata Rey in Puerto Rico were both hit by ransomware that exposed PHI of 305,737 patients.
- Wise Health System of Decatur, Texas notified 66,934 patients that their PHI was exposed after email phishing attack.
- Campbell County Health of Gillette, Wyoming notified an unknown number of patients that their PHI was exposed after ransomware attack.
- JailCore of Brentwood, TN notified 36,077 incarcerated individuals that their PHI was exposed after being left online unsecurely
o JailCore software is used by prisons in Florida, Kentucky, Missouri, Tennessee and Virginia
- City of North Miami Beach, FL notified an unknown number of citizens that this info may have been exposed after ransomware attack.
- Reuters News Service is reporting that:
o Average ransom demand from hackers = $41,198
o Ransomware insurance rates growing at 25%
- Havre Public School District of Missoula, Montana notified an unknown number of students that their info may have been exposed after ransomware attack.
- ZDNet magazine is reporting that the new RobbinHoold ransomware installs a Gigabyte drive to kill antivirus software systems.
- Shields Health Solutions of Stoughton, Mass notified an unknown number of patients that their PHI may have been exposed after email phishing attack.
- Vernon, CT schools had their email and Internet access disable due to an unspecified cybersecurity incident.
- The Credit Union National Association (CUNA) notified an unknown number of customers that it was hit by ransomware.
- Sunshine Behavioral Health Group of San Juan Capistrano, CA notified an unknown number of patients that their PHI was exposed after it was inadvertently made accessible on Internet.
- Nacogdoches School District of Texas notified an unknown number of students that their info may have been exposed after ransomware attack.
- ACM Global Labs, headquartered in Gates, NY, announced that a former employee, Jessica Meier, was arrested for allegedly illegally accessing PHI for 215 patients.
- Altice USA of Long Island City, NY, notified 12,000 employees that their info was exposed after email phishing attack.
- Nominet Inc. published reported showing that the average tenure of a CISO (chief security officer) is only 26 months due to high stress and burnout.
- Pediatric Physicians’ Organization for Children of Boston, Mass notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Central Kansas Orthopedic Group notified an unknown number of patients that their PHI was exposed after ransomware attack.
- The City of Port Lavaca, TX notified an unknown number of citizens that their info may have been exposed after ransomware attack.
- Estee Lauder Corp. of New York City, NY notified 440 million customers that their info may have been exposed after it was inadvertently made accessible on Internet.
- Fifth Third Bank of Cincinnati, OH announced that “a small number of employees” stole customer info and sold it to an outside group.
- Grundy County Courthouse of Trenton, MO notified an unknown number of citizens that their info may have been exposed after ransomware attack.
- Hospital Sisters Health System of Springfield, IL notified 16,167 patients that their PHI was exposed after email phishing attack.
- Modern Healthcare magazine reports that more than 438,000 patients had their PHI exposed in January, 2020.
- Kern Medical is being sued for allegedly exposing PHI of thousands of patients when paper records were stolen by a former employee.
- Manchester Ophthalmology of CT notified 6,846 patients that their PHI was exposed after ransomware attack.
- North Mississippi Rural Legal Services notified an unknown number of customers that their info was exposed after ransomware attack.
Original Post