Weekly Summary September 9, 2022
Table of Contents
- By Steven
- Published: Sep 09, 2022
- Last Updated: Sep 09, 2022
According to Constella Intelligence, the breach economy has rapidly expanded to the point that more than 65,000 breaches occur annually, resulting in nearly 42 billion records falling into the hands of parties with evil intentions. Constella Intelligence's digital security statisticians also highlight that more than one-third of all digital breaches and leaks occur in healthcare, finance, banking, and services.
Though few are aware of it, the truth is that manipulating employees and even some executives within businesses of all different types and sizes are important risk vectors. Constella's team is quick to point out that a recent sample of more than 120 executives revealed corporate credential exposure occurred within a leakage or data breach nearly 80% of the time. Over one-quarter of those executives had a corporate password exposed to an unauthorized party. Below, we highlight some of the more meaningful hacks in recent weeks and months.
Allaire Health Services Hacked
Digital criminals compromised Allaire Health Services. Hackers accessed the healthcare provider's network, making copies of valuable data that hackers will likely use for identity theft and other forms of manipulation. The information heist results from the illegal access of an Allaire Health Services employee's email account.
Patients' names, social security numbers, protected health information, and other sensitive data were stolen in the attack. The Allaire hack is the perfect example of why businesses and everyday computer owners should boost their digital defenses and also consider the merits of tapping into the expertise of a cybersecurity expert for ongoing guidance/training.
Novartis Breach
Novartis, a pharmaceutical giant, lost sensitive customer data following an extortion scheme. Industrial Spy is responsible for the attack in which hackers stole Novartis' valuable information directly out of its allegedly secure databases. The information stolen in the heist is related to tech advancements in the context of DNA and RNA. The hackers took to the dark web forums after the attack, demanding six figures for the stolen information. However, hackers stole only 8 MB of data.
Cyberattack Compromises Baton Rouge General Hospital
Baton Rouge General Hospital serves the public good, yet the group's altruism clearly doesn't hold weight with the hacking community. The hospital's systems were temporarily paused during the attack centered on using precise social engineering strategies and ransomware. BRGH systems were eventually restored though the organization's representatives did not indicate whether they paid the ransom.
AdviceOne Breach
An unauthorized threat actor breached AdviceOne between February and March of 2022. AdviceOne's internal IT team noticed signs of shady network activity and quickly launched an investigation. However, the response wasn't fast enough, as the hack led to the theft of AdviceOne client data.
AdviceOne offered affected customers free Experian identity monitoring services. All in all, the attack accessed the information of more than 7,000 AdviceOne customers. Those customers' bank account details, Social Security numbers, birthdates, login names/passwords, and government identification were stolen and likely put up for sale on the dark web.
West Virginia University Medical Corporation Breach
WVU's Medical branch is in legal trouble following a web-based attack that culminated in a significant breach and data theft. The hack accessed employee records, providing digital miscreants with the opportunity to manipulate those individuals through identity theft, financial fraud, social engineering, and more.
The attack compromised WVU's data systems, zeroing in on the timekeeping and payroll systems. WVU Medical Corporation public relations specialists did not indicate if the hackers' ransom was paid to retrieve the stolen data. Examples of information stolen in the online attack include street addresses, social security numbers, dates of birth, names, and other personal information.
