January 2023 Cyber Event Roundup

TL;DR

‍

• T-Mobile suffered another major breach exposing data from 37 million accounts due to weak API security. Kovrr data shows similar large-scale breaches can result in response costs exceeding $16M.
• A ransomware attack on Atlantic General Hospital disrupted operations and forced system downtime. Kovrr notes healthcare ransomware incidents rose over 25% from 2021 to 2022.
• LockBit ransomware hit financial software firm Ion Group, halting services for a week. Kovrr estimates average ransom payments for similar-sized companies at $750,000.
• These incidents highlight recurring vulnerabilities in healthcare and finance sectors, with rising financial consequences and operational disruptions.

‍

Massive T-Mobile Cybersecurity Breach Results in 37 million Customers’ Data Stolen

‍

T-Mobile has once again fallen victim to a massive new cybersecurity breach, discovered on Jan. 5. The company has a history of hacks from recent years, for which it was fined hundreds of millions of dollars.

‍

Using weak API security, the attack caused the exposure of the personal data of more than 37 million customer accounts, which was apparently first accessed on or around Nov. 25. The stolen records include addresses, phone numbers and dates of birth.

‍

Kovrr Insights: Cost of a Similar Incident

‍

To get an understanding of the impact of such incidents, Kovrr’s cyber incidents database, which contains both threat intelligence and financial data on a vast collection of cyber incidents, includes details on many large-scale breaches.

‍

For example, in October 2022, REvil Ransomware attacked a private health insurance provider, compromising about 9.7 million customer records held by the company. Only the response cost of the attack exceeded 16 million USD.

Massive Ransomware Attack on Atlantic General Hospital Causes Network Disruption

‍

Atlantic General Hospital in Maryland suffered from outages and network disruptions after ransomware attack, as it reported on Jan 30. The interruptions caused a limited disruption in the routine of the hospital, which had to operate under downtime procedures.

‍

Certain services that are fully supported by the hospital network, such as the hospital out-patient walk-in lab, pulmonary function testing and outpatient imaging, had to be temporarily shut down while dealing with the attack.

‍

Kovrr Insights: Cyber Trends

‍

In recent years, we can see the amount of ransomware attacks on the healthcare industry increase significantly, second only to the number of attacks on government-related services. As shown by Kovrr's cyber incident database, there was a 25.3% increase in the number of ransomware attacks on healthcare services between from 2021 to 2022.

‍

LockBit Ransomware Attack Partially Disables Ion Group Services for a Week

‍

On the last day of January, LockBit ransomware group attacked financial software company Ion Group. The attack, Shutting down part of the company's network, left banks in US and Europe processing trades manually. LockBit warned stolen data will be released if the ransom isn’t paid. After eight days Ion paid the ransom, and gradually resumed its services.

‍

Kovrr Insights: Average Cost of a Similar Incident

‍

According to Kovrr’s Cyber Incidents Database, the average ransom paid in 2020-2022 by companies with revenue larger than 50 Million USD, is 750,000 USD. It would be reasonable to assume that Ion paid a ransom of around that amount.