Please fill in the form below to subscribe to our blog

The Week in Breach: 07/17/19 – 07/23/19

July 24, 2019

This week, hackers send a message to government agencies, employee errors compromise thousands of people’s data, and Australians demand data security before making purchases.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Top Industry:
Education & Research
Top Employee Count:
1 – 10 Employees 

United States – Northwood, Inc.

Exploit: Unauthorized email account access
Northwood, Inc.: Provider of medical equipment, prosthetics, and supplies

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.555 = Severe: On May 6th, hackers gained access to an employee’s email account that contained patients’ personally identifiable information. A forensics investigation determined that hackers accessed company data for three days, and it’s unclear why Northwood waited more than two months to notify the public. In response, all employee passwords were reset, and Northwood encouraged employees to be vigilant about identifying suspicious emails. In addition, the company is upgrading its email security to try and prevent suspicious emails from reaching employees’ inboxes.
1.51 – 2.49 = Severe Risk

Individual Risk: 2 = Severe: The hacked email account contained sensitive client data and personally identifiable information. This includes names, dates of birth, dates of service, provider names, medical record numbers, patient identification numbers, and other health-related information. In addition, some clients had their Social Security numbers, driver’s license numbers, and health insurance information exposed. Northwood cannot confirm if this information was viewed or accessed by hackers, so those impacted by the breach need to be especially vigilant about monitoring their accounts for suspicious activity. Moreover, they should acquire identity and credit monitoring services to ensure the long-term integrity of their data.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In today’s interconnected digital environment, small mistakes can have catastrophic consequences. In this case, a single email gave bad actors expansive access to people’s sensitive data. While Northwood is taking all the right steps to recover from the breach, companies that truly prioritize data security will take these actions before a breach occurs, which will not only help protect critical information, but it will save companies the incredible expense and reputational cost associated with a data breach.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here:

United States – Syracuse City School District

Exploit: Ransomware
Syracuse City School District: Public school district based in Syracuse, New York

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: Ransomware brought services to a stop at the Syracuse City School District. The attack prevented the district from accessing their systems, and the malware spread to the city’s library system, which is now similarly hamstrung. While the district used backups to restore some services, including payroll, human relations, and student management, many of its online infrastructure remains inaccessible. What’s more, the district is embroiled in a debate about the best approach to recover their network as their insurance provider encourages them to pay the ransom and law enforcement agencies suggest that they refrain from making a payment. Regardless of the eventual approach, the district expects to incur six-figure losses from the incident.
whitebox Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The incident at Syracuse City School District illuminates a fierce debate about the most advantageous response to a ransomware attack. Many see paying the ransom as the fastest and most affordable way to recover crucial IT infrastructure. However, responding to ransom demands can incentivize bad behavior, making it more likely that these attacks will continue to wreak havoc on organizations and municipalities around the world. Therefore, it’s important to remember that the best response plan is based around a robust defense that includes identifying network vulnerabilities before an attack occurs.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started:

United States – Adirondack Health

Exploit: Unauthorized email account access
Adirondack Health: Full-service healthcare provider serving patients in the Adirondack region of New York

1.51 – 2.49 = Severe Risk Risk to Small Business:  1.555 = Severe: In March 2019, a remote hacker gained access to an employee’s email account that contained copious amounts of personal data. Although only one email contained patients’ personally identifiable information, it included an attachment for a “gap-in-care” analysis spreadsheet that provided hackers with access to a deluge of patient data. HIPAA guidelines mandate that companies report a data breach within 60 days, so it’s unclear why the company waited longer to notify the agency. In addition to the PR disaster that always accompanies a data breach, Adirondack Health could face fines and penalties because of their slow response time.
1.51 – 2.49 = Severe Risk Individual Risk: 2.142 = Severe: A significant amount of personal information was compromised in this breach, including names, treatment data, health insurance information, and dates of birth. Because this information is frequently sold on the Dark Web, those impacted by the breach should carefully monitor their accounts for suspicious activity. Moreover, identity and credit monitoring services can help ensure that credentials remain secure.

Customers Impacted: 25,000
How it Could Affect Your Customers’ Business: Small mistakes can have catastrophic consequences for personal data. In this case, brief access to a single email account provided hackers with just one document that compromised data integrity for thousands of people. While companies should take every measure possible to protect their data before a breach, understanding what happens to people’s information after it’s compromised is an important step in the recovery process.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today:

United States – WMNF 88.5 FM

Exploit: Ransomware
WMNF 88.5 FM: Tampa-based community radio station

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: A ransomware attack on WMNF 88.5 FM forced the station to stop its live broadcasts, leaving listeners with pre-recorded shows instead. The attack also impacted their AudioVault system that includes much of the station’s programming, including advertising material that constitutes a significant share of their revenue. In addition, ransomware restricted access to office files and forms. However, rather than paying the ransom, the station reported the incident to authorities and brought in a cybersecurity contractor to restore their files. Of course, these services alongside the opportunity cost incurred when the station’s material wasn’t accessible will still be an expensive solution for the local radio station.
whitebox Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even without paying a ransom demand, recovering from a ransomware attack is extremely expensive. Therefore, every organization needs to take every precaution possible to prevent these attacks in the first place. This certainly includes analyzing IT infrastructure for vulnerabilities, but it should also mean attaining the services necessary to know if your employee’s credentials are for sale on the Dark Web where they can be used to facilitate a ransomware attack.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime:

United States – Wise Health System

Exploit: Phishing attack
Wise Health System: Medical provider serving patients in Decatur, Texas

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe Risk: On March 14th, several employees fell for a phishing scam and entered their usernames and passwords on a false form. Hackers used this information to access an employee kiosk where they attempted to divert payroll deposits. IT administrators don’t believe that the hackers pursued patient data, but this information was included in the compromised accounts. Now, Wise Help System is responsible for providing a year of identity theft protection services to thousands of victims while also facing increased regulatory scrutiny because of their failure to report the incident within 60 days.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe Risk: In addition to the employee account details compromised in the breach, patient data was available to hackers. This includes patients’ medical record numbers, diagnosis, treatment information, and insurance data. Therefore, patients should monitor their accounts for unusual activity while also taking advantage of the identity theft monitoring services offered by Wise Health System.

Customers Impacted: 35,899
How it Could Affect Your Customers’ Business: Phishing attacks are entirely preventable because they rely on employee ignorance and indifference to perpetuate data theft. However, with the right training, employees can be trained to spot phishing scams, effectively rendering them useless. It’s a cost-effective way to mitigate a serious risk to any company’s data security initiatives.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here:

United States – The Town of Collierville

Exploit: Ransomware
The Town of Collierville: Town in Shelby County, Tennessee

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe Risk: In an extensive attack that cut-off computer access for more than 550 government employees, attackers infected the Town of Collierville’s computer network with Ryuk ransomware. The malware made some computer systems unusable and encrypted other files, restricting the government’s access to the information. Consequently, government employees are unable to complete many tasks, including permit requests, public record requisitions, and business services. Fortunately, the town’s emergency services were not impacted by the attack. The city is enacting its response plan, but they have a long road to fully restoring operations.
whitebox Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are a top cybersecurity threat for local governments, making a holistic response plan a must-have element to any government’s IT strategy. Fortunately, the Town of Collierville prepared for this scenario, which allowed them to avoid paying the ransom. Regardless, full recovery is still an arduous process, which means that any measures that can help prevent a ransomware attack should be a top priority for local governments looking to avoid being the next victim of a ransomware attack.

ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here:

United States – Henry County, Georgia

Exploit: Unauthorized network access
Henry County, Georgia: Local government serving residents in Henry County, Georgia

1.51 – 2.49 = Severe Risk Risk to Small Business:1.888 = Severe Risk: A cyberattack forced government agencies to take their network infrastructure offline, which prevented employees from accessing servers for email and daily operations, including tax collections, business licenses, building permits, and phone services. In addition, court records were not available, and department heads are considering temporarily adopting paper records to keep business moving. Public safety infrastructure was not impacted by the attack and some offices, like the motor vehicle department, were operational. Officials did not present a timetable for full system restoration, a process that likely won’t be quick and certainly won’t be cheap.
whitebox Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A cyberattack that diminishes working capacity has serious repercussions for any organization. Not only is there often an incredible cost to restore normal business operations, but the unquantifiable opportunity and reputational cost can be even more damaging. Comparatively, cybersecurity services are a bargain, and they can help ensure that your organization isn’t brought offline by cybercriminals.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at:

Bulgaria – National Revenue Agency

Exploit: Unauthorized database access
National Revenue Agency: Government agency responsible for tax collection and social security contributions

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.555 = Severe: When a hacker gained access to the government agency’s network, the personal information for virtually every Bulgarian adult was compromised. The data theft, the largest ever reported in the Balkans, prompted emergency meetings at the country’s national security agencies. While government agencies have worked hard to secure critical IT infrastructure, they have paid less attention to protecting information databases, a shortcoming that is exposed in the breach. Now, the agency faces the financial costs of repairing the damage and the heightened media scrutiny that accompanies such an expansive data breach.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: While there is some evidence that people’s personal data was stolen in a messaging attempt directed at the Bulgarian government, this information can be quickly sold on the Dark Web where bad actors use it to perpetuate identity and financial fraud. The data includes names, addresses, incomes, and social security information. Those impacted by the breach need to closely monitor their accounts, and they should acquire the monitoring services necessary to secure their personal information.

Customers Impacted: 5,000,000
How it Could Affect Your Customers’ Business: In an email to journalists, the hacker described the agency’s cybersecurity standards as “parody,” intonating that he was motivated, in part, to expose the lax security standards guarding people’s most sensitive personal information. Especially for government agencies storing personally identifiable information, data security standards are of paramount importance. When these initiatives fail, there is an inherent responsibility not only to improve security standards but to help victims sufficiently recover by providing the credit or identity monitoring services necessary to help them attain peace-of-mind about their data’s security.

ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more:

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

Australian Consumers Demand Data Security 

According to a recent survey of Australian consumers, confidence in a company’s data security impacts their spending with that platform. The survey, which comprised of 2,000 consumers, found that 74% of Australians are less inclined to spend money with companies that cannot or will not secure their customers’ personal information. With increasing instances of financial fraud and data theft, who could blame them? 

Local mayors are tired of paying the price for these attacks, and they codified this sentiment in a nonbinding, unanimous resolution at this year’s meeting of the U.S. Conference of Mayors where they vowed not to pay any more ransom demands.

To date, 34% of Australians experienced data loss from a company’s security breach or hack, and those numbers increase for younger generations that are more likely to participate in today’s expansive digital ecosystem.

Unfortunately, the retail sector and small businesses polled as the least trusted vendors, meaning that companies hoping to win customers need to make data security an integral part of their business strategy. Increasing the impetus to get this right from day one, 43% of consumers indicated that they would never return to a brand that compromised their data security.

Therefore, it’s clear that the need to identify vulnerabilities and to account for data security is more than just an altruistic endeavor. It’s mission critical for flourishing businesses in today’s increasingly digital economy. Don’t let this issue go overlooked.

With companies like ID Agent equipped to fortify your cybersecurity defenses, now is the perfect time to prepare your company for today’s evolving threat landscape.

What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business

A Note for Your Customers:

800,000 Computers Still Vulnerable to BlueKeep 

Despite the well-publicized threat that the BlueKeep vulnerability poses to individuals and enterprises, more than 800,000 systems are still not protected from the threat.

BlueKeep is a backdoor that allows hackers to access networks where they can directly deliver malware. The flaw can cause significant damage, and neutralizing the threat is surprising easy. A simple software update, which Microsoft issued in May, nullifies the vulnerability, but according to data compiled by a New Internet scan, less than 20% of eligible systems were updated in the past month.

With cyber threats coming from all directions, fixing security vulnerabilities through software updates is an easy way to prevent obvious threats from wreaking havoc on your company’s IT infrastructure. Partnering with security specialists can help organizations identify vulnerabilities, fortifying their defenses before a data breach occurs.—threats/800k-systems-still-vulnerable-to-bluekeep/d/d-id/1335286


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!