Weekly Cybersecurity Recap January 19
Table of Contents
- By Steven
- Published: Jan 19, 2024
- Last Updated: Jan 22, 2024
This week was slow in the cybersecurity breach world; a combined 775k records got exposed stemming from two health centers (Singing River Health and Harris Center for Mental Health and IDD) and a nationwide mortgage lender (Academy Mortgage Corporation); a communications security solution (Egress) released a risk report urging action of business leaders; and Kansas State University suffered widespread disruptions, potentially compromising the sensitive data of their students and faculty. Read a synopsis of each featured event below.
Singing River Health System
Primarily located in the tail of Mississippi, SRHS serves thousands of patients every year. Their comprehensive services offer options from pediatrics to hospice care and everything in between. In August 2023, they experienced malicious ransomware that stole thousands of sensitive data records; this included patients’ names, addresses, Social Security Numbers (SSNs), medical data, and health information. Victims of this event are at high risk for medical and identity fraud. They must safeguard their exposed data before the thieves can misuse it.
Harris Center for Mental Health and IDD
Overseeing six locations in Houston, Texas, the Harris Center offers treatment options for patients with behavioral and developmental needs. Their services span nationwide, and they serve millions of patients every year. In November, they suffered network disruptions that exposed the personal data of many patients in their network. These exposures included names, contact data, personally identifying information, financial account data, and medical information. Victims of this event are at high risk for fraud, impersonations, and phishing schemes; they shouldn’t wait for a notice to start taking preventative actions.
Academy Mortgage Corporation
This organization is a nationwide mortgage lender with over 200 physical branches. In March 2023, AMC experienced network disruptions that ultimately put employees, borrowers, applicants, and their families at risk for data misuse. Current and former employees may have had their names, birthdays, and SSNs exposed, while borrowers and their families may have had their names and SSNs compromised. Further, because the breach happened months ago, the victims of this breach are at high risk for online impersonation.
Egress 2024 Email Security Risk Report
This week, Egress—a communications cybersecurity solution—published its 2023-2024 security risk report. They determined that 94% of their respondents experienced security threats in the last 12 months. Many were due to successful phishing schemes and data loss/exfiltration following outbound emails. In both situations, the common themes were accidents caused by employees. Egress has suggested that the onus is on business leaders to change how they approach email security; traditional methods aren’t working, and organizations must evolve with their online threats.
Kansas State University
Early in the week, K-State darkened from network disruptions. Preliminary investigations found that the event was due to a cyberattack, although further details are unavailable as their reviews continue. The attack downed the university’s VPN, potentially exposing the private information of the students and faculty using the network. Until investigations are complete, however, victims will not know the complete scope of the incident. University associates must watch for suspicious activities within their accounts and strange behaviors within their communications.
