Weekly Cybersecurity Recap December 8
Table of Contents
- By Steven
- Published: Dec 08, 2023
- Last Updated: Dec 11, 2023
This week’s data breaches contained significant impact figures from around the world. Malware on a vendor’s computer inadvertently breached Japan’s Line Messenger. New York’s East River Medical Imaging suffered the loss of employee and patient record information. The Pan-American Life Insurance Group faces a 105k record data breach through MOVEit. Welltok’s MOVEit breach returned with three new organizations: Elixir RX Solutions, Orthowest, and the OSF HealthCare System. Towards the end of the week, Apple also published a new cybersecurity environment report—suggesting that cybercriminals stole 2.6 billion consumer records in the last two years.
Line Messenger
Line Messenger’s parent company, a Japanese communications organization, was breached by a fourth-party malware-infected computer. The incident exposed Japanese and American information; the breach included internal Line Messenger identification numbers and some interactions between specific users. More than 440,000 people had data put at risk in the incident, and more may still appear following investigations. Line users must secure their accounts before using the application.
East River Medical Imaging
A cybersecurity event victimized New York’s East River Medical Imaging this week. The radiology clinic discovered suspicious activity within their network in September, though the unauthorized access occurred in the weeks before. The stolen information comes from patients and employees and varies individually. Exposed patient data may include names, contact data, Social Security Numbers (SSNs), insurance data, exam and procedure details, and imaging results; meanwhile, exposed employee data may include names, contact information, SSNs, insurance information, financial account data, and state-issued ID numbers. Victims of this breach must act quickly to protect their information from misuse.
Pan-American Life Insurance Group
Another casualty of the MOVEit breach was announced this week, with more than 105,000 records stolen from PALIG. The exposed data includes sensitive information like names, addresses, birthdays, SSNs, biometric data, medical and medical benefits data, contact information, subscriber account numbers, financial account information, and credit card details. All those with a relationship with PALIG should consider investing in data protection and monitoring services.
Welltok; Elixir RX Solutions, Orthowest, OSF HealthCare
The MOVEit event also returned to the healthcare industry this week, with Welltok announcing further damages from the global event: this data breach exposed patient data and the information associated with some minors in the incident. Cybercriminals stole information from Elixir RX Solutions—called Elixir Pharmacy, and Orthowest—specifically, subsidiaries like OrthoNebraska and the OSF HealthCare System. The data stolen differs between individuals and across different organizations, but there are similarities. The exposures include full names, birthdays, contact information, SSNs, patient ID numbers, provider names, treatment and diagnosis data, and health insurance information. All those who have relationships with the clinic systems must act to protect their data from misuse; they should act regardless of whether they have yet received notification of the event.
Apple Publishes Cybersecurity Environment Report
Cybercriminals stole an estimated 2.6 billion consumer records in breach events in the last two years. Apple’s sponsored report suggests that these records came mainly from vendor vulnerabilities. The information stolen in these events significantly comprises personal data and credentials taken in ransomware incidents. Consumers and organizations are encouraged to undertake data protective securities because of the significant losses from this year. Organizations must encrypt their data and limit the amount of non-encrypted data kept on their network. At the same time, the public must be cautious of technology pitfalls, social traps, and activity within their accounts.
