The Week in Breach News: 05/16/24 – 05/21/24
This week: Hundreds of thousands of records were exposed in three medical breaches, customer data was exposed at a Spanish bank, an employee data breach at Nissan, three new phishing simulations in BullPhish ID and 12 questions to ask when buying an endpoint detection and response (EDR) solution.
DocGo
https://healthitsecurity.com/news/patient-data-stolen-in-docgo-cyberattack
Exploit: Hacking
DocGo: Medical Service Provider
Risk to Business: 1.901 = Severe
DocGo, a provider of mobile medical services, has disclosed to the U.S. Securities and Exchange Commission (SEC) that it experienced a cyberattack that resulted in a data breach. The incident only impacted its U.S.-based ambulance transportation business. In the filing, DocGo stated that a threat actor accessed its network and acquired data that included protected health information. DocGo said that the company currently does not expect that the cybersecurity incident will have a material impact on its overall financial condition or on its ongoing results of operations.
How It Could Affect Your Customers’ Business: A breach that involves sensitive medical data is an expensive proposition for a business or medical system.
Kaseya to the Rescue: Learn about the growing list of cybersecurity challenges that organizations face in the Kaseya Security Survey Report 2023. DOWNLOAD IT>>
Affiliated Dermatologists and Dermatologic Surgeons (AD)
Exploit: Ransomware
Affiliated Dermatologists and Dermatologic Surgeons (AD): Medical Practice
Risk to Business: 1.856 = Severe
Affiliated Dermatologists and Dermatologic Surgeons (AD), a New Jersey-based healthcare practice, has admitted that it experienced a data breach as the result of a March 2024 ransomware attack. Between May 2 and May 3, the threat actor accessed AD’s systems, copied data pertaining to over 300K patients and employees and deployed ransomware. Stolen patient data includes names, dates of birth, Social Security numbers, health insurance claims information, treatment information and mailing addresses. Employee data was also exposed including names, dates of birth, addresses, driver’s license numbers, passport numbers, and Social Security numbers.
How It Could Affect Your Customers’ Business: The data that was stolen from this medical group will be profitable for cybercriminals on the dark web.
Kaseya to the Rescue: Learn how to protect businesses from dark web danger and mitigate cyberattack risk with the insight we share in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
MedStar Health
https://www.medstarhealth.org/notice-of-data-incident
Exploit: Hacking
MedStar Health: Healthcare System
Risk to Business: 1.721 = Severe
Washington D.C. area hospital system MedStar Health has disclosed that it has suffered a data breach due to someone gaining unauthorized access to employee email accounts. Bad actors used compromised accounts to access MedStar’s systems between January 2 and October 18, 2023. The hospital system said that in March 2024 it determined that that patient information was included in the emails and files that were accessed. MedStar said that the exposed data included patient names, addresses, provider names, dates of service, and health insurance information.
How It Could Affect Your Customers’ Business: It’s critical that every organization conduct regular security awareness training to avoid email security problems
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents the biggest cyber threats that businesses face today. DOWNLOAD IT>>
Rockford Public Schools (MI)
Exploit: Ransomware
Rockford Public Schools (MI): Regional Education Authority
Risk to Business: 1.203 = Extreme
An early May cyberattack on Rockford Public Schools took out computers, internet service and phones at all district buildings. The loss of technology disrupted the learning environment, causing teachers and students to have to resort to using old-fashioned pencil and paper for lessons. Even with the disruptions, classes remained in session. The district has not provided a timeline for recovery.
How It Could Affect Your Customers’ Business: Bad actors will seek out any opening to exploit, making penetration testing a must-have to close gaps.
Kaseya to the Rescue: Our Penetration Testing Buyer’s Guide walks you through the pentesting process to help you find the right pentesting solution for your needs. GET THE GUIDE>>
The American Radio Relay League (ARRL)
https://www.bleepingcomputer.com/news/security/arrl-cyberattack-takes-logbook-of-the-world-offline
Exploit: Hacking
The American Radio Relay League (ARRL): Membership Association
Risk to Business: 1.712 = Severe
The U.S. national association for amateur radio operators has experienced a cyberattack that has disrupted its IT systems and online operations, including email. The attack also took down its online database Logbook of The World (LoTW), an online database that allows amateur radio enthusiasts to submit electronic logs of successful contacts (QSO) and confirmations (QSL) between other users worldwide. The group did not specify what if any data was exposed but admitted that its member database includes members’ names, addresses and call signs.
How it Could Affect Your Customers’ Business: It’s essential to remember that any organization of any size in any industry is at risk of a cyberattack
Kaseya to the Rescue: An endpoint detection and response solution can help businesses stop the spread of cyberattacks fast. This checklist helps you find the right one. DOWNLOAD IT>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
Spain – Banco Santander
Exploit: Hacking (Supply Chain)
Banco Santander: Bank
Risk to Business: 2.376 = Severe
Banco Santander, one of Spain’s largest bans, has disclosed that it has experienced a data breach. The bank said that employee data in a database hosted by an outside provider was accessed by an unauthorized party. Santander specified that the exposed data belongs to clients in Spain, Chile and Uruguay, but customer data in other markets and in Santander’s other business units were not affected.
How it Could Affect Your Customers’ Business: Worldwide, the financial services sector has been a favorite target of cybercriminals for the past three years.
Kaseya to the Rescue: See how Datto EDR’s Ransomware Rollback helps companies reset their systems to where they were before the attack to get right back to work, minimizing downtime. LEARN MORE>>
Australia – MediSecure
https://www.mobihealthnews.com/news/anz/e-scripts-platform-medisecure-hit-large-scale-ransomware
Exploit: Ransomware
MediSecure: Prescription Platform
Risk to Business: 1.866 = Severe
MediSecure, an Australian provider of a digital prescription platform, has disclosed that it has experienced a ransomware attack on May 16. Bad actors gained access to the personal and health information of individuals in its systems. The company did not offer specifics. The company’s website and phone lines were also knocked offline. Officials from the office of the National Cyber Security Coordinator (NCSC) reassured the public that no current e-prescriptions have been impacted or accessed.
How it Could Affect Your Customers’ Business: Healthcare providers often hold very sensitive data that can be used for nefarious purposes like blackmail if it falls into the wrong hands.
Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
See the challenges companies face & how they’re overcoming them in The Kaseya Security Survey Report 2023 DOWNLOAD IT>>
Japan – Nissan
https://www.cbsnews.com/news/nissan-data-breach-cyberattack
Exploit: Ransomware
Nissan: Carmaker
Risk to Business: 1.602 = Severe
Nissan North America has announced that they have suffered a ransomware attack that exposed the Social Security numbers of thousands of former and current employees. Cybercriminals compromised data belonging to more than 53,000 current and former workers. Nissan said that a bad actor slipped in through a virtual private network (VPN). The company did not clarify the exact data stolen or any ransom demand.
How it Could Affect Your Customers’ Business: Companies not only have an obligation to protect customer data, but they also need to protect their employees’ data.
Kaseya to the Rescue: This infographic includes 10 handy tips to help you get the most out of your security awareness training solution and run an effective program. GET INFOGRAPHIC>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
4 new phishing simulation kits are here
Bad actors never stop coming up with new phishing schemes to trap unwary employees. These four new phishing simulation kits can help keep users alert and help them learn to spot trouble.
- National Bank of Canada – Security Alert: Account Suspended
- Laurentian Bank of Canada – Security Alert: Account Suspended
- Canadian Imperial Bank of Commerce – Contact Information Is Expired
Learn more in the Release Notes LEARN MORE>>
How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
What can penetration testing do for your security?
Have you considered the benefits of ongoing penetration testing? Penetration testing is a security game-changer. Learn more about the exploits our testers found during 3,000 penetration tests conducted in the past year to see why you’ll want to add pentesting to your defensive array. In Vonahi’s new report Top 10 Critical Pentest Findings 2024, you’ll discover the exploits that bad actors are using to sneak inside of a company’s security.
Did you miss…The Top Cyberthreats Schools Face and How to Stop Them? DOWNLOAD IT>>
Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>
12 Questions to Keep in Mind When Shopping for an EDR Solution
Cyber threats are becoming increasingly sophisticated thanks to the advent of advanced technologies like artificial intelligence. That evolution means that traditional security measures are no longer sufficient to combat advanced threats. Modern cybersecurity solutions like Endpoint Detection and Response (EDR) solutions offer tools that can keep up with today’s threats. However, choosing the right endpoint detection and response (EDR) solution can be a daunting task. Here are 12 questions to keep in mind to narrow your choices.
Why choose Endpoint Detection and Response (EDR)?
Endpoint Detection and Response (EDR), sometimes known as Managed Detection and Response (MDR), has become a crucial tool for IT professionals, aiding in both robust defense strategies and incident response. EDR solutions offer advanced threat detection, real-time monitoring, and automated response capabilities essential for safeguarding endpoints against sophisticated attacks. Here are ten key points every IT professional should know about EDR:
EDR solutions are designed to monitor endpoints, such as computers and mobile devices, to detect and respond to cyber threats. They gather and analyze data from endpoints to identify suspicious activities and potential security incidents. Utilizing behavioral analysis and threat intelligence, EDR tools can detect anomalies that traditional security measures might overlook. For instance, up to 77% of advanced threats bypass updated antivirus products, but they are effectively identified by EDR.
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
12 Questions to ask when shopping for an EDR solution
There are a number of EDR solutions on the market. These questions can help you find the right one.
Does the solution that you’re considering…
Really cover detection and response? While you may think that antivirus software (AV) has you covered, it’s just a protection tool and simply not enough to counter today’s sophisticated cyberattacks. A quality EDR solution takes care of detection and response, giving you accurate insights into an incident and what you can do to address it.
Generate an excessive number of alerts? Alert fatigue is real, and it can lead to real problems. Look for a solution that features a correlation engine to minimize the number of alerts analysts have to sift through and maximize the quality of alerts to ensure that analysts get the ones that really matter.
Provide reports that non-tech decision-makers understand? The right solution should generate reports in plain language accompanied by graphics that make it easy to demonstrate the solution’s value. Tell your defensive success story by showing the cyberattacks that have been prevented in an easy-to-understand graphic report.
Map to the MITRE ATT&CK framework? The EDR solution you choose should generate smart recommendations in context, mapped to the MITRE ATT&CK framework. This ensures that when something bad happens, you have actionable guidance on how to fix it.
Detect fileless attacks? Fileless malware attacks reside in memory and are not written to disc, keeping them hidden away from most EDR solutions and making them extremely hard to detect. The ideal EDR solution detects fileless attacks quickly and accurately.
Have click-to-respond capability? When a business is under attack, there’s no time to spare, especially not for finding the right sequence of buttons to click to deal with a problem. Look for a solution that gives you the ability to isolate an endpoint, terminate a process and reinstall deleted files in a single click from the console.
Slow down your machines? When a business is under attack, there’s no time to spare, especially not for finding the right sequence of buttons to click to deal with a problem. Look for a solution that gives you the ability to isolate an endpoint, terminate a process and reinstall deleted files in a single click from the console.
Integrate with other tools quickly and easily? No one has the time or budget to waste hours trying to configure and integrate a solution that doesn’t play well with other solutions in your security stack. The right EDR solution for you smoothly integrates with other tools.
Save you money? Everyone’s stretching their budgets to the max. Don’t choose a solution with potentially unpleasant pricing surprises. Instead, look for a solution with affordable pricing that also saves you money as you add more endpoints. Some EDR solutions slow down users’ laptops, causing a poor experience. Look for a lightweight EDR agent that doesn’t hinder endpoint performance and uses less than 3% of disc I/O, making it unnoticeable by users.
Improve security compliance? The right EDR solution will offer smart recommendations for security best practices to make security standard compliance easy. Many cyber insurance policies require minimum endpoint protection standards that a good EDR solution fulfills.
Utilize the latest technology to keep up with the pace of threats? The bad guys are definitely making the most of evolving technologies. Utilize AI, machine learning and the latest in threat intelligence to proactively identify and block zero-day and polymorphic threats.
Mesh seamlessly with a next-gen antivirus solution? Next-generation antivirus (NGAV) uses advanced technologies like machine learning and artificial intelligence to identify and block new threats that traditional antivirus software might miss.
Kaseya’s Security Suite helps IT pros mitigate cyber risk
Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate all types of cyber risk including email-based threats effectively and affordably without breaking a sweat.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
RocketCyber Managed SOC — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
See how our Security Suite can be put to work for you with a personalized demo.
- Book a demo of BullPhish ID, Darl Web ID, RocketCyber Managed SOC andGraphus. BOOK IT>>
- Book a demo of vPenTest BOOK IT>>
- Book a demo pf Datto AV and Datto EDR BOOK IT>>
May 30 – Kaseya+Datto Connect Local Sydney REGISTER NOW>>
June 5 – Balancing Cybersecurity: Building Your Own SOC vs Partnering With a Managed SOC REGISTER NOW>>
June 11-13: Kaseya DattoCon Europe (Dublin) REGISTER NOW>>
June 18: Kaseya+Datto Connect Local Toronto (Security and Compliance Series) REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!