Blog Post
July 14, 2022
Several healthcare organizations have recently reported data breaches, affecting the data of around 300,000 individuals. The breaches, affecting Central Florida Inpatient Medicine, Kaiser Permanente and Alameda Health System, were all a result of email account breaches, probably stemming from credentials stolen following a phishing attack.
Stolen credentials are the main way organizations are breached, as stated in the 2022 version of the Data Breach Investigations Report (DBIR). As threat actors seek to acquire and capitalize on stolen credentials, the number of stolen and compromised credentials is growing, and it has been stated that as of 2022, there are over 24 billion account credentials exposed online, a 65% increase since 2020.
This simple and ubiquitous means of access has very expensive consequences for data breach victims.
Kovrr’s cyber incidents database, which contains both threat intelligence and financial data on a vast collection of cyber incidents, includes details on many breaches affecting the healthcare industry.
A 2021 data breach of a large US-based healthcare system which exposed personal information of former and current employees and clients (the data of around 150,000 individuals is estimated to have been affected), cost the company a total of $112.7M.
06/24/2022
Hackers looted about $100 million from a so-called cryptocurrency bridge, targeting a key vulnerability in the digital-asset ecosystem. Harmony said in a tweet the hack of its Horizon bridge, which lets people swap coins between blockchains, took place Thursday morning. It has “begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
Horizon, which offers cross-chain transfers between Ethereum and Binance, marks the third major bridge hack this year. In February, hackers stole more than $300 million from the Wormhole bridge. In late March, Ronin Bridge lost about $620 million to hackers. Even before the Horizon hack, money stolen from bridges exceeded $1 billion, researcher Chainalysis has estimated.
06/21/2022
Flagstar Bank has disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. The U.S. financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, and Ohio. Flagstar Bank caters to consumers and the enterprise, accounting for roughly $23.2 billion in assets.
The bank is a subsidiary of Flagstar Bancorp, listed on the NYSE as FBC. A Flagtart notification letter states "After an extensive forensic investigation and manual document review, we discovered on Jun. 2 that certain impacted files containing your personal information were accessed and/or acquired from our network between Dec. 3 and 4, 2001."
06/17/2022
California’s state bar association, which is responsible for licensing and regulating more than 250,000 lawyers, is under scrutiny for a data leak that allowed confidential client complaint and attorney disciplinary record data to be captured by a free court records website.
As many as 322,500 such documents were vacuumed up by JudyRecords.com between Oct. 2021 and Feb. 2022, according to a proposed class action filed against the California bar by two lawyers, a former judge, and three people with attorney grievances, all of whom are proceeding anonymously.
When a state bar experiences a data breach, confidential information stored in disciplinary files could be a target, and releasing those files could potentially lead to doxing, extortion, or identity theft, as well as to litigation against the bar, according to attorneys who spoke to Bloomberg Law about the matter.
06/08/2022
The sensitive information of two million people was accessed during a cyberattack on Shields Health Care Group, a Massachusetts-based healthcare organization that provides services to more than 50 hospitals and clinics across the northeast, including hospitals at universities including Emerson, UMass, Tufts, and Wellesley.
The company – which provides MRI, radiology and ambulance services to hospitals in the state – released a notice about the incident, explaining that the hackers gained access to databases that contained full names, Social Security numbers, dates of birth, home addresses, provider information, diagnosis, billing information, insurance numbers and information, medical record numbers, patient IDs, and other medical or treatment information.