The Week in Breach: 02/16/19 – 02/23/19

February 28, 2019

In the news this week: highly-sensitive medical conversations accessed from a Swedish health phone line, rogue politicians stir up data breach anarchy in the U.K., restaurant customer credit cards exposed across 100+ establishments in 9 U.S. states, and an Australian hospital faced with ransom demands to unlock stolen files.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%)
Top Compromise Type: Domain (99%)
Top Industry: Business & Professional Services
Top Employee Count: 11 – 50 Employees

United States – North Country Business Products
https://www.azcentral.com/story/money/business/consumers/2019/02/19/arizona-north-country-business-products-data-breach-hits-chompies-someburros-zipps-sports-grill/2914036002/

Exploit: Malware injection into point-of-sale (POS) systems.
North Country Business Products: A Minnesota-based provider of POS systems for the hospitality sector

Risk to Small Business: 1.444 = Extreme: Customers of restaurants and hotels in nine states, including some 50 Arizona establishments and 65 Dunn Brothers coffee shops, may have had their payment card information accessed between January 3 and January 24, 2019. Announcement of this potential exposure was made February 15 by North Country Business Products, which provides point-of-sale software systems in the hospitality sector. Upon discerning suspicious activity in certain of its clients’ networks, North Country launched an investigation January 4, determining on January 30 that an outside party deployed malware to some of its business partners.

Individual Risk: 2.142 = Severe Risk: Information potentially accessed includes the cardholder’s name, credit card number, expiration date, and CVV. Criminals can use this information to commit payment fraud, so those who patronized the Arizona restaurants and hotels affected should continuously review account statements and monitor credit reports. North Country, which says that the problem has been corrected, lists the businesses potentially affected on its website and has set up a helpline for consumers.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: The issue was first noticed January 4 and data continued to be exposed for another 20 days, until January 24, signaling an opportunity for North Country Business Products to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage.

ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Memorial Hospital at Gulfport
https://healthitsecurity.com/news/phishing-attack-breaches-data-of-30000-memorial-hospital-patients

Exploit: Phishing
Memorial Hospital at Gulfport: Hospital in Gulfport, Mississippi

	Risk to Small Business: 1.444 = Extreme: On December 17, Memorial Hospital at Gulfport discovered that an employee opened a phishing email 11 days earlier, allowing a hacker to gain access to PII for over 30,000 patients before it was discovered. It remains to be seen if patients will choose other facilities for their medical care..
	Individual Risk: 2.142 = Severe: Data contained in breached emails included patient name, date of birth, health data, services received at Memorial Hospital, and — for a limited number of patients — Social Security numbers. This information could be sold on the Dark Web and used for identity theft.

Customers Impacted: 30,000
How it Could Affect Your Customers’ Business: Employee training in recognizing signs of phishing can help safeguard an organization’s data security. All companies should partner with MSPs that can offer constant monitoring to discover customer and employee data breaches in a timely manner.

ID Agent to the Rescue: Phishing Simulation exercises and Training and Awareness programs can help you proactively test and train employees about the threats your organization faces every day. Building security awareness among employees will help reduce the loss and brand erosion that can be incurred from such a breach. See how you can benefit here: https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – American Consumers
https://cyware.com/news/egobbler-group-target-us-users-with-a-massive-malvertising-campaign-ac24c62b

Exploit: Malvertising campaign
American consumers: Online users in the United States

	Risk to Small Business: 2.111 = Severe: A malvertising campaign by the eGobbler group targeting U.S. users was launched over Presidents Day weekend, February 16-18, garnering some 800 million impressions. Those who clicked on the ads were redirected to a wide range of phishing sites that attempted to trick consumers to enter personal details, including financial information.
	Individual Risk: 2.571 = Moderate: Cybercriminals can use the information collected to conduct spear phishing email campaigns or they can sell the stolen credentials on the Dark Web to other criminals.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Malvertising campaigns can expose sensitive customer and employee data, or cause mistrust in websites hosting the infected ads leading to brand erosion and customer churn.

ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/

United States – AdventHealth Medical Group
https://www.scmagazine.com/home/security-news/data-breach/42000-patients-data-compromised-adventhealth-medical-group-data-breach/

Exploit: Malware
AdventHealth Medical Group: Taveras, Florida-based health care practice

Risk to Small Business: 1.777 = Severe: AdventHealth Group recently announced a 16-month data breach stretching back to August 2017 that exposed some 42,000 patients’ sensitive personal data. The medical provider group has not detected how the malware was installed, nor has it stated why the breach was not discovered for nearly a year and a half.

Individual Risk: 2.428 = Severe: The malware allowed access to patient names, addresses, email addresses, telephone numbers, dates of birth, health insurance information, Social Security numbers, and medical histories, as well as race, gender, weight, and height. This data could allow identity theft and potentially blackmail where particularly sensitive medical conditions, such as HIV/AIDS or addiction, are concerned.

Customers Impacted: 42,000 users
How it Could Affect Your Customers’ Business: The breach extended across 16 months before it was discovered, and the medical group has not yet determined its origin, indicating a need to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage.

ID Agent to the Rescue: Dark Web ID monitoring can help identify when PII is being distributed on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading monitoring services. Find out more here: https://www.idagent.com/dark-web/

Sweden – Medhelp and Medicall
https://www.bbc.com/news/technology-47292887

Exploit: Unencrypted web server
Medhelp and Medicall: Firms administrating a Swedish medical helpline

Risk to Small Business: 2 = Severe: A technology news site, Computer Sweden, discovered that 2.7 million phone conversations, totaling about 170,000 hours and dating back to 2013, were stored on an unencrypted web server. It is not yet clear if the firms contracted to operate the medical helpline reported the breach, as required under Europe’s General Data Protection Regulation (GDPR). The Swedish Data Protection Authority has said it will launch an investigation.

Individual Risk: 2.285 = Severe: The content of the conversations is highly personal, including users’ symptoms and diseases and their social security numbers. This information could form the basis for identity theft and potentially blackmail in the case of consumers who have conditions carrying social stigma.

Customers Impacted: 2.7 million
How it Could Affect Your Customers’ Business: Phone helplines that record interactions cross many disciplines and industries, from customer service to tech support to health care. Organizations that rely on them want their customers to rely on them as well, and that means knowing that the content of those recorded conversations is kept securely and accessed appropriately by authorized users for valid reasons.

United Kingdom – Labour Party
https://www.theregister.co.uk/2019/02/21/data_breach_labour_locks_down_member_databases/

Exploit: Theft of data from member databases
Labour Party: Second largest political party in the United Kingdom

Risk to Small Business: 2.111 = Severe: The United Kingdom’s Labour Party announced February 20, 2019, that it had detected several attempts to access member databases and campaign tools. The surmise is that members of Parliament (MPs) who recently left the Labour Party to form a competing party known as The Independent Group tried to steal information that would allow targeting in future political campaigns. Anyone obtaining or attempting to obtain personal data without the consent of the controller is committing an offense under the U.K.’s Data Protection Act of 2018.

Individual Risk: 2.714 = Moderate: It is yet unknown if information was obtained by individuals whose access to that information should have been revoked. Labour Party officials may also be questioned as to the large number of individuals with access to its databases, including not only MPs but also paid and volunteer campaign associates across the nation.

Customers Impacted: Undisclosed
How it Could Affect Your Customers’ Business: All organizations, whether public or private sector, need robust systems and processes to validate access rights and continually manage those rights, which includes triggering notices when unauthorized parties attempt to gain access.

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Australia- Melbourne Heart Group
https://www.cyware.com/news/cybercriminals-encrypt-15000-medical-files-belonging-to-australian-hospital-and-demand-ransom-839e03ef

Exploit: Ransomware
Melbourne Heart Group: Cardiology practice based at the Cabrini Hospital in Malvern, Australia

Risk to Small Business: 1.888 = Severe: Malware created possibly in Russia or North Korea was deployed by a hacking group to deploy ransomware in a cardiology practice in Malvern, Australia, and encrypt 15,000 medical files, crippling the server. The attack was discovered when the practice reported that it could not access patient files for three weeks. Even after the ransom was reportedly paid in cryptocurrency as demanded, some files remained encrypted. Affected patients were informed that their files were lost but not told of the breach. The event is now under investigation by security agencies.

Individual Risk: 2.428 = Severe: Patients showed up for appointments the practice did not have on record. Some medical files are still encrypted

Customers Impacted: Up to 15,000
How it Could Affect Your Customers’ Business: Wide-scale identity theft is a risk. Any firm that collects and retains sensitive information should assess the value promised by machine learning solutions, which can detect and predict suspicious activities before they wreak havoc.

ID Agent to the Rescue: Dark Web ID monitoring can help identify when PII is being distributed on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading monitoring services. Find out more here: https://www.idagent.com/dark-web/

In Other News:

The U.K. has seen its first group litigation case concerning data breach, and the organization in question, the supermarket chain Morrisons, was found vicariously liable for the actions of one of its employees.

A disgruntled employee posted a file on a file-sharing website that included data on nearly 100,000 of his colleagues. That employee was found guilty of several charges related to the incident, including fraud and gaining unauthorized access to computer materials, and sentenced to eight years in prison.

Then 5,518 of the individuals whose personal data was published sued Morrisons. In this class-action-type suit, Morrisons — which was determined to have been compliant with data security laws at the time — was found vicariously liable for its rogue employee’s actions. It now faces large compensation costs.

Notable not only for being the first of its kind around data breach in the U.K., this case is also interesting for setting a high standard of responsibility among companies for their employees’ actions. As data breaches increase in both frequency and scope in Europe, those affected by them are likely to look to class-action claims under the provisions of the GDPR, which gives data subjects’ more rights and increases defendants’ penalties.

A side note: Similar claims but concerning nonmaterial damage like emotional distress may be enabled by the GDPR and the Irish Data Protection Act 2018 to be brought to Irish courts.

https://www.siliconrepublic.com/enterprise/morrisons-data-breach-employees

What We’re Listening To:

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e

A note for your customers:

Cross-border e-commerce is booming: it is expected to bring in $203 billion annually by 2021. Yet many U.S.-based merchants hesitate to engage in global transactions. To be sure, risks abound, but so do misconceptions about payment fraud.

Using local payment methods (LPMs) — that is, payment methods beyond credit cards — may lessen risk and allow global expansion. Linked to local banks, they typically have built-in security safeguards. In China, for instance, 49 percent of online transaction take place via e-wallet and only 23 percent by credit card.

Risk is reduced because such push-payment methods, where the customer initiates payment, do not require the business to collect consumers’ payment data, thereby lessening exposure to chargebacks due to misuse of stolen cards.

Bank transfers — which move money directly from the purchaser’s bank to the merchant’s — are another avenue to pursue. Used in nearly half of online transactions in Germany, bank transfers are performed via redirect during checkout, through a real-time or offline transfer process.

https://www.mobilepaymentstoday.com/blogs/exposing-misconceptions-in-payments-fraud/

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

Categories

Tags

The Week in Breach: 02/16/19 – 02/23/19