At a glance.
- New York City schools cut ties with academic software firm.
- Hive ransomware hits healthcare provider.
- Unprotected MySQL servers.
New York DOE says it’s lights out for Illuminate.
The New York City Department of Education (DOE) has decided to pull the plug on academic software company Illuminate Education after the third party vendor’s January data breach compromised the data of over 820,000 students. Illuminate provides grading, attendance, and messaging platforms used widely by public schools across New York, and the DOE yesterday announced schools will be required to terminate use of all Illuminate Education products and services by the end of the school year. The DOE has been investigating the breach since its discovery in January, and the decision to discontinue use of Illuminate’s services was based on the inquiry’s findings. First Deputy Chancellor Dan Weisberg told the New York Post, “We do not take this step lightly because we understand that this is going to create some disruption and challenge for some schools and families, and I want to be clear: DOE made this decision after extensive investigation and deliberation, and based on our deep commitment to protecting the privacy of our families and students.” The DOE has launched its own alternative products to replace Illuminate’s offerings and has told school leaders a list of approved vendors should be available by early summer.
Hive ransomware group behind Partnership HealthPlan breach.
Partnership HealthPlan of California (PCH) has confirmed that the cyberattack it experienced in March was the work of the Hive ransomware group. SC Media reports that the data of over 850,000 patients were compromised in the attack, which led to network disruptions that prevented PCH from receiving or processing treatment authorization requests. At the time of the attack, screenshots of stolen data surfaced on Hive’s underground website, but PCH is still working to determine exactly what data was stolen and exactly how many patients were impacted. It’s worth noting that one patient has already filed a lawsuit over the breach, and the law firm representing the individual is soliciting other patients to join the suit.
Millions of MySQL servers found unprotected.
Cybersecurity research group The Shadowserver Foundation has discovered more than 3.6 million MySQL servers publicly exposed on the web. 2.3 million are connected over IPv4, while the other 1.3 million are connected over IPv6. The servers are actively responding to queries, which Bleeping Computer explains makes them easy targets for cybercriminals, as unprotected databases are one of the most common vectors for data theft. "While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed," the Shadowserver report explains. At over 1.2 million, the US is the country with the most accessible MySQL servers, followed by China, Germany, Singapore, the Netherlands, and Poland. Shadowserver recommends that potentially impacted organizations filter out traffic to their MySQL instance, implement authentication on the server, and reference MySQL’s deployment guides for further guidance.