Please fill in the form below to subscribe to our blog

The Week in Breach News: 02/07/24 – 02/13/24

February 14, 2024

This week: Ransomware snarls operations at 21 hospitals in Romania and a children’s hospital in Illinois, an unsecured database exposes user data from a popular casino app and a look at the Valentine’s Day message that no one wants to receive: a deepfake (plus how a deepfake cost a Hong Kong company $25 million).

AI phishing represented by a robotic face behind several conversation bubbles

See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>

Lurie Children’s Hospital

Exploit: Ransomware

Lurie Children’s Hospital: Medical Center

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.771 = Severe

Lurie Children’s Hospital in Illinois has been experiencing cyber trouble that has impacted its services for more than a week after a suspected ransomware attack. The Chicago-area hospital was forced to take some of its systems offline to curtail the spread of the incident, resulting in limited access to medical records in the facility as well as hampering communication by phone or email. The disruption has been going on since the middle of last week. The hospital assured the public that it remains open and in operation.  

How It Could Affect Your Customers’ Business: Medical centers like hospitals and clinics are treasure troves of data for the bad guys.

Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>

Service Employees International Union (SEIU) Local 1000

Exploit: Ransomware

Service Employees International Union (SEIU) Local 1000: Trade Union

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.691 = Moderate

The LockBit ransomware group is claiming responsibility for a ransomware attack that hit Service Employees International Union (SEIU) Local 1000 in California. The gang says that they have captured 308GB of data, including employees’ salary details, financial documents and Social Security numbers. The union has confirmed that it has experienced a disruptive cyber-attack, stating that they are working with a third-party cyber forensics firm to determine exactly what data was stolen in this incident.  

How It Could Affect Your Customers’ Business: Trade unions can be an attractive target because they hold a myriad of personal and financial information about their members.

Kaseya to the Rescue:  Ransomware is often an email-based cyberattack. Our 5-Minute Guide to Phishing Attacks and Prevention offers a quick guide to stopping phishing. DOWNLOAD IT>>

Middletown Area School District (Pennsylvania)

Exploit: Hacking

Middletown Area School District (Pennsylvania): Regional Education Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.643 = Severe

Middletown Area School District in Pennsylvania is still working on restoring some of its systems after a cyberattack last week. The school district said that it noticed that two of its information systems were not working right last week and took immediate action to disconnect those systems. As a result, students and teachers experienced some technological difficulties leading to learning disruptions. District officials said that they do not believe that any data was stolen.

How It Could Affect Your Customers’ Business: Schools have been firmly in cybercriminals’ sights because they can’t afford downtime, making them more likely to pay a ransom.

Kaseya to the Rescue: Learn more about the cybersecurity threats that K-12 schools are experiencing in our infographic The Top Cyber Threats Schools Face and How to Stop Them. GET IT>> 

Bank of America

Exploit: Supply Chain

Bank of America: Bank

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.862 = Severe

Bank of America is informing customers that their personal information may have been exposed in a data breach. The breach occurred when one of its service providers, Infosys McCamish Systems (IMS), was hacked on November 3, 2023. The bank said that some customers’ personally identifiable information (PII) was exposed in the security breach including names, addresses, social security numbers, dates of birth and financial information, including account and credit card numbers. Bank of America said in a filing that 57,028 people were directly impacted. 

How It Could Affect Your Customers’ Business: Cyberattacks on suppliers and service providers can be a fast path to cybersecurity trouble for the businesses they have relationships with.

Kaseya to the Rescue:  Get tips for mitigating risk created by business relationships in our eBook The Comprehensive Guide to Third-Party and Supply Chain Risk. DOWNLOAD IT>> 


Exploit: Misconfiguration

WinStar: Casino Group

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

Oklahoma-based casino and resort operator WinStar has announced a data breach that impacts users of its My WinStar app. The app was developed by a software startup in Nevada, Dexiga. Unfortunately, the startup accidentally left one of its logging databases on the internet unsecured, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored there. The unsecured database contained customer data including full names, phone numbers, email addresses and home addresses.

How it Could Affect Your Customers’ Business: Human error is the top cause of a data breach, and security awareness training helps mitigate that risk.

Kaseya to the Rescue:  Our infographic walks you through exactly how security awareness training prevents the biggest threats that businesses face today. DOWNLOAD IT>>

Romania – Slobozia County Emergency Hospital

Exploit: Ransomware

Slobozia County Emergency Hospital: Medical Center

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.336 = Extreme

A ransomware attack took down the health management system used by 21 Romanian hospitals including Slobozia County Emergency Hospital. Officials said that Backmydata ransomware was used. The health management system, Hipocrate Information System (HIS), is used to manage medical activity and patient data. The system was knocked overnight between February 11 and 12, 2024 after its databases became encrypted. Medical personnel have been forced to return to writing prescriptions and keeping records on paper. The list of impacted hospitals includes Pediatric Hospital Pitesti, Buzău County Emergency Hospital, Slobozia County Emergency Hospital, “Sf. Apostol Andrei” Emergency County Clinical Hospital Constanta, Pitești County Emergency Hospital, Military Emergency Hospital “Dr. Alexandru Gafencu” Constanta, Institute of Cardiovascular Diseases Timișoara, Emergency County Hospital “Dr. Constantin Opriș” Baia Mare, Sighetu Marmației Municipal Hospital, Târgoviște County Emergency Hospital, Colțea Clinical Hospital, Medgidia Municipal Hospital, Fundeni Clinical Institute, Oncological Institute “Prof. Dr. Al. Trestioreanu” Institute Bucharest (IOB), Regional Institute of Oncology Iasi (IRO Iasi), Azuga Orthopaedics and Traumatology Hospital, Băicoi City Hospital, Emergency Hospital for Plastic, Reconstructive and Burn Surgery Bucharest, Hospital for Chronic Diseases Sf. Luca, C.F. Clinical Hospital no. 2 Bucharest and Medical Centre MALP SRL Moinești.

How it Could Affect Your Customers’ Business: attacks like this that impact regional healthcare can be dangerous for the community.

Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>> 

Austria – The Government of Korneuburg

Exploit: Ransomware

The Government of Korneuburg, Austria: Municipal Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.442 = Extreme

The municipality of Korneuburg in Austria said it was hit by a ransomware attack, resulting in a loss of government services that has reportedly resulted in the cancellation of local funerals. The city government confirmed the ransom attack affected all the data held by the administration, including the backup system. Officials also said that they received a ransom demand, but they stopped short of disclosing the amount of the extortion demand. One result of the incident is that local funerals have been canceled because of the city’s inability to issue death certificates. Citizens are also unable to print out forms or pay bills.  

How it Could Affect Your Customers’ Business: Governments and government agencies are a major target for ransomware groups looking to profit from a high-profile attack.

Kaseya to the Rescue: Every organization needs to be ready for trouble with an incident response plan in place. This checklist can help. DOWNLOAD CHECKLIST>> 

In The Educator’s Guide to Cybersecurity, see the cyber threats that schools face & how to mitigate them. DOWNLOAD IT>>

South Korea – Hyundai

Exploit: Ransomware

Hyundai: Carmaker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.602 = Severe

The Black Basta ransomware group claims that it has stolen 3TB of data from Hyundai Motor Europe. The carmaker confirmed that it is investigating a cybersecurity incident in which an unauthorized third party accessed a limited part of its network. As proof of the supposed hack, the group shared images of folders related to various departments at the company, including legal, sales, human resources, accounting, IT and management. No extortion demand was made public, and the incident remains under investigation.

How it Could Affect Your Customers’ Business: Consumer data isn’t theonly thing bad actors are hunting for – corporate data is also attractive and valuable.

Kaseya to the Rescue: Learn more about the trade in data and credentials on the dark web and how bad actors make a profit in our infographic 5 Ways the Dark Web Endangers Businesses. DOWNLOAD IT>> 

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>

3 new phishing simulation kits are available now!

Phishing threats never stop evolving. Prepare employees for sophisticated phishing attacks with these three new phishing simulation kits that reflect the types of threats employees encounter all the time.

  • Norton – Free Offer
  • Xfinity – You’re Receiving a Credit
  • World Health Organizations – Safety Measures

Learn more about these new phishing simulations and other updates in the BullPhish ID Release Notes. LEARN MORE>>

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

6 confusing cybersecurity solutions, explained

Cybersecurity is awash with confusing acronyms. In the 6 Confusing Cybersecurity Solutions infographic, we break down six cybersecurity acronyms that can leave you flummoxed, like automation and response (SOAR) and endpoint detection and response (EDR). Gain clarity for smart decision-making with this infographic. Great for educating decision-makers! DOWNLOAD IT>>

Did you miss… our 5-Minute Guide to Phishing Attacks and Prevention infographic? DOWNLOAD IT>>

Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>

a red fish hook on dark blue semitransparent background superimposed over an image of a caucasian man's hands typing on a laptop in shades of blue gray

Deepfakes Take Center Stage in the New Era of Email Phishing

In today’s digital age, where technology continues to evolve at a rapid pace, cybersecurity threats like phishing have become increasingly sophisticated. While traditional phishing emails often relied on fraudulent links or deceptive language, a new and more sinister trend has emerged: the use of deepfakes. A deepfake is a false piece of media, typically audio or video, in which bad actors manipulate or replace content to serve their purposes by making it appear as though it is authentic and created by the depicted individual. The advent of artificial intelligence (AI), especially generative AI, has helped cybercriminals create highly believable, sophisticated deepfakes that can fool even savvy victims. 

Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>

Deepfakes can be distributed over email, messaging, phone calls, even video. One of the most dangerous gambits in deepfake email phishing is employing deepfakes to conduct successful business email compromise (BEC) attacks. A recent example of this is the disaster that recently befell a company in Hong Kong. The company recently lost $25 million to deepfake phishing after a worker in the finance department was taken in by a deepfake phishing scam. The attack started with email phishing, then evolved into an astonishing tale of deepfake phishing using a video call. 

Here’s how the incident breaks down: 

  • An employee received an email purporting to be from the company’s UK-based chief financial officer (CFO).  
  • The employee was initially suspicious of this email, which showed indications of phishing.  
  • Specifically, the message directed the employee to transfer $25 million to an offshore account, raising the employee’s suspicions that this might be a scam.  
  • After expressing his concerns, the employee was invited to a video call with the CFO to prove the transfer request was genuine.   
  • On the video call, the participants’ voices and faces seemed genuine, allaying the employee’s suspicions. 
  • The employee then transfers the $25 million as directed.  
  • But the whole thing was a sophisticated scam, and the supposed video call was actually a deepfake.  

Every business faces insider risk, from employee mistakes to malicious acts. Learn how to mitigate it. DOWNLOAD EBOOK>>

Imagine receiving an email from your bank or a trusted colleague asking for sensitive information or requesting urgent action. The email appears legitimate, complete with the usual branding and language and even a video attached to increase its believability. There are no telltale signs of phishing. Wouldn’t you be likley to determine that teh email is genuine? Many people would fall for this scam. Deepfake emails exploit the trust individuals place in familiar senders and their susceptibility to social engineering tactics. By leveraging deepfake technology, cybercriminals can manipulate audiovisual content to deceive recipients into believing they are interacting with a trustworthy source, thereby increasing the likelihood of successful phishing attacks. 

The implications of deepfakes including those used foremail phishing are far-reaching and potentially devastating. Cybercriminals can use deepfakes to steal sensitive information, perpetrate financial fraud, sow distrust in institutions, damage someone’s reputation or even deploy ransomware. Deepfakes have long been a concern during election season because they can be used to spread fake information and sway voters. Thesedangeous message could also be used to erode the trust between a company’s staffers or damage its business relationships. The possibilities are limitless – making deepfakes incredibly dangerous.


See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>

Deepfake use in cybercrime like BEC is a fairly new development that has only really become a major concern in the past few years. However, it is ramping up quickly. In fact, there were ten times more cybercrimes like identity theft fueled by deepfakes in 2023 than in the previous year. Deepfake-fueled attacks grew the most in North America and in the Asia-Pacific region in 2023, but there were major increases around the world.  

Regions with the largest percentage of increase in deepfakes between 2022 and 2023 

Region % increase in deepfake phishing 
North America 1740% 
Asia-Pacific 1530% 
The Middle East and Africa 450% 
Latin America 410% 

Source: Infosecurity Magazine 

What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>

Given the sophisticated nature of deepfake technology, combating phishing with deepfakes requires a multi-faceted approach that incorporates both technological solutions and user awareness

Advanced Detection Techniques: Implementing advanced email security solutions equipped with artificial intelligence and machine learning capabilities can help detect and block deepfake emails before they reach their intended targets. 

Employee Training and Awareness: Educating employees about the dangers of email phishing, including deepfake-based attacks, and providing training on how to identify suspicious emails can empower them to recognize and report potential threats. 

Email Authentication Protocols: Implementing email authentication protocols such as DMARC (Domain-based Message Authentication, Reporting, and Conformance) can help verify the authenticity of email senders and prevent domain spoofing. 

Vigilance and Verification: Encouraging recipients to verify the authenticity of email communications through alternative channels, such as phone calls or in-person interactions, can help mitigate the risk of falling victim to deepfake email phishing. 

As deepfake technology continues to evolve and proliferate, the threat of email phishing with deepfakes will likely persist and escalate. By leveraging a combination of advanced technologies and employee education, companies can mitigate their risk of trouble from threats like deepfakes, pursing safer email communication and safeguarding individuals and organizations from cybercrime. 

Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>

Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate cyber risk without breaking the bank.  

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.    

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.   

Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.     

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.     

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).     

Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams. 

See why EDR is the perfect investment to make in your future right now in our buyer’s guide. DOWNLOAD IT>>

Practical Tips for Raising Cyber Resilience With Phishing Simulations 

Wednesday, March 6 |1 PM EST / 10 AM PST

You won’t want to miss getting actionable advice on running an effective and easy-to-manage phishing simulation and security awareness training program from an expert! Phishing defense advisor Brian Doty will share his expertise including: 

  • Tips for setting up and running your phishing simulations for maximum effectiveness.
  • How to use campaign reports to track progress and identify vulnerable users.
  • Ways to reduce cyber risk with follow-up training for high-risk users and new hire training.


February 20: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>

February 22: Kaseya + Datto Connect Local Tampa REGISTER NOW>>

March 7: Kaseya + Datto Connect Local Symposium NJ REGISTER NOW>>

March 12: Kaseya+Datto Connect Local Security & Compliance Series Toronto REGISTER NOW>>

April 29 – May 2: Kaseya Connect Global (Las Vegas) REGISTER NOW>>

June 11 -13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>

October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>

November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!