The Week in Breach News: 01/03/24 – 01/09/24
This week: Three big healthcare-related data breaches, nation-state threat actors make off with $86 million from a DeFi platform, four essential resources for K-12 educators and the challenges MSPs are navigating to thrive.
In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>
HealthEC LLC
Exploit: Hacking
HealthEC LLC: Technology Services Platform
Risk to Business: 1.617 = Severe
HealthEC LLC, the New Jersey-based provider of a population health management (PHM) platform used by healthcare providers, has announced that it has experienced a data breach that may have exposed the personally identifiable information of an estimated 4.5 million people. According to a notice provided to the Maine Attorney General, a few of the major organizations that utilize the platform include Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the University Medical Center of Princeton Physicians’ Organization and the Alliance for Integrated Care of New York. The incident occurred between July 14 and 23, 2023, but the company did not complete its investigation until December 2023. Exposed information includes a patient’s name, address, date of birth, Social Security number, taxpayer identification number, medical record number, medical information (diagnosis, diagnosis code, mental/physical condition, prescription information and provider’s name and location), health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification) as well as billing and claims information (patient account number, patient identification number and treatment cost information).
How It Could Affect Your Customers’ Business: In today’s interconnected business world companies can unwittingly provide a back door into a sister company or client’s data.
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>
Gallery Systems
Exploit: Hacking
Gallery Systems: Software Provider
Risk to Business: 1.691 = Severe
Gallery Systems has disclosed that it has experienced a cyberattack that has caused ongoing issues. The company provides the software that many major museums use to catalog their collections including the New York Museum of Modern Art (MoMA), the Metropolitan Museum of Art (Met), the Chrysler Museum of Art, the Museum of Pop Culture (MoPOP) in Seattle, the Barnes Foundation, the Crystal Bridges Museum of American Art and the San Francisco Museum of Modern Art (SFMOMA). The December 28 attack encrypted some of Gallery Systems’ devices, forcing the organization to take most of its systems offline including the online public viewing platform called eMuseum.
How It Could Affect Your Customers’ Business: Attacking a service provider can be a great play for bad actors looking for a quick payday or a backdoor into another organization’s network.
Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>
Fallon Ambulance Services
https://www.hackread.com/defunct-ambulance-service-data-breach/
Exploit: Ransomware
Fallon Ambulance Services: Ambulance Service
Risk to Business: 2.703 = Moderate
The now-defunct medical transport company Fallon Ambulance Service has disclosed that it has experienced a data breach. The company ceased operations in December 2023. Fallon said that it experienced a cyberattack in mid-February 2023 that was discovered in April 2023. The company noted in a filing that it expects this breach to impact around 911,757 individuals nationwide. The Boston-area company was a subsidiary of Transformative Healthcare. The exposed data included names, driver’s license numbers and non-driver identification card numbers.
How It Could Affect Your Customers’ Business: Even companies that have shuttered can be valuable repositories of data for bad actors.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
Housing Authority of the County of San Bernardino, California (HACSB)
https://therecord.media/san-bernardino-housing-authority-cyberattack
Exploit: Hacking
Housing Authority of the County of San Bernardino, California (HACSB): Regional Government Agency
Risk to Business: 1.840 = Severe
The Housing Authority of the County of San Bernardino in California has announced that it has experienced a data breach that impacted an estimated 19,000 people. Officials say that their investigation revealed that hackers gained access to an employee email account in June 2023, leading to the exposure of residents’ personal data including names and Social Security numbers. HACSB has operated for more than 80 years and now serves about 26,000 people.
How It Could Affect Your Customers’ Business: Government agencies are prime hacker attack targets because of the wide variety of data they hold.
Kaseya to the Rescue: Read our case studies to see how MSPs and businesses have overcome their cybersecurity challenges with the solutions in Kaseya’s Security Suite. EXPLORE CASE STUDIES>>
Orrick, Herrington & Sutcliffe
https://thecyberexpress.com/orrick-data-breach/
Exploit: Hacking
Orrick, Herrington & Sutcliffe: Law Firm
Risk to Business: 1.723 = Severe
San Francisco-based international law firm Orrick, Herrington & Sutcliffe is informing people that it has experienced a data breach as the result of a February 2023 hacking incident. Clients affected included individuals with vision plans from EyeMed Vision Care, dental plans from Delta Dental, health insurer MultiPlan, behavioral health giant Carelon and the U.S. Small Business Administration (SBA). The firm said that the intrusion, discovered in March 2023, led to the exposure of sensitive health information for more than 637,000 people. The stolen data includes a variety of PII including names, dates of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license and tax identification numbers. Health information and financial data were also compromised, including medical treatment details, insurance claims information, healthcare insurance numbers, provider details, online account credentials, and credit/debit card numbers. Orrick says that it notified victims by mail starting in October 2023. The firm is offering victims two years of identity theft protection services through Kroll.
How it Could Affect Your Customers’ Business: The business effects of a cyberattack like this can have a wide ripple effect leading to customer irritation and loss of revenue.
Kaseya to the Rescue: This infographic shows you the benefits businesses gain by choosing a managed security operations center instead of building their own. DOWNLOAD IT>>
See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>
France – Pays Fouesnantais, France
https://therecord.media/france-cyberattack-local-government-pays-fouesnantais
Exploit: Ransomware
Pays Fouesnantais, France: Municipal Government
Risk to Business: 1.736 = Severe
The French town of Pays Fouesnantais is experiencing a major outage of local services after it was hit by a cyberattack. Town officials informed residents that the entire municipal IT system was down, with only nationally run services like is the passport and national identity card service functioning. Community buildings like the community center and the leisure center are still open to the public but only function in a limited capacity.
How it Could Affect Your Customers’ Business: Bad actors have been stepping up activity toward governments and government agencies of every size on the hunt for a quick payout.
Kaseya to the Rescue: Learn how Datto EDR with Ransomware Rollback helps organizations including medical centers recover from ransomware faster. REGISTER NOW>>
Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>
South Korea – Orbit Chain
Exploit: Hacking
Orbit Chain: Blockchain Platform
Risk to Business: 1.301 = Extreme
Korean DeFi company Orbit Chain has experienced a hacking incident that led to the loss of an estimated $86 million for users. The company sent out an urgent alert on X (formerly Twitter) warning users of the incident. Orbit Chain is a blockchain platform designed to function as a multi-asset hub, supporting interoperability between various blockchains, decentralized applications (DApps), and services. The first of the hacker attacks that caused the loss was logged on December 31. Experts suspect that North Korea is likely behind the hack.
How it Could Affect Your Customers’ Business: This kind of loss will be hard for this DeFi platform to come back from.
Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>>
Japan – Ateam
Exploit: Misconfiguration
Ateam: Game Developer
Risk to Business: 1.433 = Extreme
A Google Drive configuration error at Japanese Android game studio Ateam has led to data exposure for an estimated one million people. a misconfigured server left data available for anyone for more than six years. The company informed users of its apps and services that in November 2023, it discovered that in March 2017, technicians had mistakenly set a Google Drive cloud storage instance to “Anyone on the internet with the link can view”. That misconfigured Google Drive instance contained 1,369 files with personal information on Ateam customers, Ateam business partners and Ateam’s former and current employees. The data exposed by this blunder may include a customer, partner or employee’s full name, email address, phone number, customer management number and terminal (device) identification numbers.
How it Could Affect Your Customers’ Business: Human error is a top cause of data breaches and cybersecurity trouble because of carelessness.
Kaseya to the Rescue: Learn more about what cybercriminals are looking for and how they make a profit in our infographic 5 Ways the Dark Web Endangers Businesses. DOWNLOAD IT>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
BullPhish ID releases 10 new & updated phishing simulations
Just in time to kick off your new year of training, we’ve released 10 new and updated phishing simulations for BullPhish ID. Check out these fresh kits:
- USPS – Mail-In Ballot
- USPS – Delivery Notification
- State Farm – Discount Offer
- Vote.Org – Donate To Election
- Venmo – Gift Card Offer
- Venmo – New Device Alert
- Spotify – Account Suspended
- Barclays – Ultimate Prize (new)
- Twitter – Locked Account
- Southwest Airlines – Discount Offer (new)
Learn more in the Release Notes LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
4 essential cybersecurity resources for K-12 schools
Did you know that the education sector is the top target for ransomware? We have two eBooks, a checklist and an infographic available now that can help faculty, staff and stakeholders at K-12 schools understand the danger they face and the steps they can take to mitigate their risk. MSPs: These are perfect for starting profitable conversations with schools and school districts!
- eBook: The Comprehensive Guide to Ransomware & Phishing For K-12 Schools
- eBook: The Educator’s Guide to Cybersecurity
- Checklist: 10 Ways to Protect Your School from Ransomware and Phishing
- Infographic: The Top Cyberthreats Schools Face and How to Stop Them
Did you miss: Datto’s Global State of the MSP Report: Trends and Forecasts for 2024? READ IT>>
Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>
MSPs Face a Complex Web of Service Demands in 2024
In our fast-paced, interconnected world, MSPs find themselves at the forefront of innovation, managing a myriad of responsibilities ranging from cybersecurity to cloud integration. At the same time, the demands on their expertise and resources have never been greater. As cyber threats to businesses grow and evolve, clients look to their MSP or MSSP to keep their systems and data safe from cyberattacks and provide proactive and responsive solutions for a spectrum of complex technology needs. For Datto’s Global State of the MSP Report: Trends and Forecasts for 2024, we polled 1,575 MSPs about the services that they provided for their customers in 2023 and the challenges they expect to see ahead in 2024.
Excerpted in part from Datto’s Global State of the MSP Report: Trends and Forecasts for 2024
Customer nonchalance about cybersecurity is a problem for a quarter of MSPs
Cybersecurity remains a top concern for respondents, with computer viruses emerging as the most prevalent cybersecurity issue. North American respondents cite the widest range of cybersecurity challenges, with computer viruses, phishing messages and endpoint threats leading the list. Despite the importance of offering cybersecurity protection, respondents face challenges. Chief among them (across all regions) are the complexity of cybersecurity products and the challenge of hiring skilled cybersecurity professionals. However, the advent of AI and automated security technology like the smart managed security operations center (SOC) has helped alleviate a portion of the pressure caused by the talent shortage. Our survey report offers insight into the major challenges MSPs conquered in 2024.
Highlighted within the survey results is a critical concern — 28% of respondents cited a major cybersecurity challenge — their customers’ lack of concern about cyber risks. This statistic isn’t just a data point; it’s a ticking time bomb. It underscores the pressing need for MSPs to be equipped with the tools and knowledge to educate their customers effectively. The 28% of customers who do not prioritize cybersecurity present a massive vulnerability, directly impacting MSPs who bear the responsibility for their clients’ safety.
Source: Datto Global State of the MSP Report: Trends and Forecasts for 2024
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
MRR rules the roost
Managed security services primarily rely on monthly recurring revenue (MRR) across all regions, ensuring a consistent and predictable revenue stream for both providers and customers. While smaller MSPs may occasionally employ break-fix or project fees, MRR remains the prevailing model for mature and larger MSPs.
Source: Datto Global State of the MSP Report: Trends and Forecasts for 2024
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
This is a great time to be an MSP
Managed security services are on the rise across all regions, with an increasing number of MSPs offering them. Of the MSPs that do not currently offer managed security services, over half plan to offer them in 2024. Email security, two-factor authentication, password policy management, and security framework and compliance auditing are among the top services offered across all regions.
Source: Datto Global State of the MSP Report: Trends and Forecasts for 2024
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
MSPs saw a more than 50% revenue increase in 2023
Respondents in North America cited increasing cybersecurity risk concerns and the need for more expertise than they have internally as the top reasons to turn to an MSP. Revenue associated with managed security services has increased across regions after a drop in 2022. Year-over-year increase in revenue from managed security services by region
Source: Datto Global State of the MSP Report: Trends and Forecasts for 2024
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Where do SMB workloads live?
Approximately half of the respondents report that 50% or more of their clients are shifting their workloads to the cloud. MSPs in North America anticipate the most significant shift in cloud migration in the next three years, driven by clients adopting Infrastructure as a Service (IaaS) and migrating databases and email servers to the cloud. Nearly half of the respondents (47%) predict that 75% to 99% of their client base will move workloads to the cloud in the next three years. This shift underscores the critical need for flexibility in backup solutions as well as the importance of choosing smart cloud-native security solutions that leverage AI technology.
As MSPs transition from on-premises to cloud-based workloads, they encounter new challenges, including ensuring the continuity of data protection and investment security. To combat these concerns, MSPs should explore solutions that offer the ability to seamlessly transition between backup solutions without the fear of sunk costs. This ensures that MSPs can effectively adjust to changing client requirements, safeguard their investments and confidently drive their business growth within the context of the modern, cloud-centric IT landscape.
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
Use cases remain for on-premises workloads
While the cloud is an attractive option, there are still compelling reasons for clients to maintain on-premises workloads, particularly in North America, where 18% of MSP respondents anticipate workloads shifting to the client’s data center in the next year. The evolving landscape underscores the importance of flexible, hybrid workloads. MSPs are increasingly transitioning environments iteratively from on-premises to the cloud, recognizing that this shift won’t happen all at once and is unlikely to reach 100% in the near future. Protecting this data with strong security is vital.
Source: Datto Global State of the MSP Report: Trends and Forecasts for 2024
Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>
Why do companies choose on prem instead of cloud?
Clients maintain on-premises workloads due to various factors, including concerns about trust and security in the public cloud, the need for operational transformation and compliance requirements. This strategic hybrid approach enables MSPs to address immediate client needs while maintaining the flexibility to adapt as their journey to the cloud continues. The majority of respondents expect their clients’ use of business-critical apps or servers to decline in the next three years, although North America expects more increases compared to other regions.
Source: Datto Global State of the MSP Report: Trends and Forecasts for 2024
Find the solutions you need to grow your MSP in Kaseya’s Security Suite
Kaseya’s Security Suite has the tools that IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>
Decoding Email Threats: Navigating the Spectrum of Spam and Phishing with Graphus
January 17 | 1 PM ET / 10 AM PT
Dive into the nuances that differentiate spam from phishing and gain a new understanding of the evolving tactics bad actors use in today’s sophisticated email threats. Discover how Graphus, equipped with advanced AI technology, provides robust protection against phishing attacks and efficiently manages the influx of unwanted spam. REGISTER NOW>>
January 28 – 30: Schnizzfest (Arizona) REGISTER NOW>>
April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>
June 11 – 13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!