At a glance.
- Healthcare data breaches.
- LockBit threatens to dox Bridgestone.
Healthcare data breach round-up.
Another week, another wave of notifications go out to victims of cyberattacks targeting healthcare organizations.
Security Week reports that an intruder infiltrated the systems of South Denver Cardiology Associates (SDCA), a specialist center located in Colorado, and succeeded in stealing the data of 287,000 patients. Fortunately, HIPAA Journal notes, no medical records were exposed, nor was the patient portal compromised, but stolen data might have included patients’ names, birth dates, drivers’ license numbers, and Social Security numbers. The incident occurred between January 2 and January 5, and SDCA began notifying those impacted on March 4.
Norwood Clinic, located in Birmingham, Alabama, notified the Maine Attorney General’s office that over 228,000 individuals were potentially compromised in a data breach that took place last September. However, the subsequent investigation was unable to determine exactly what data might have been accessed, so all of Norwood’s patients have been notified out of an abundance of caution.
Houston, Texas-based Memorial Village ER is notifying 80,000 patients that their data might have been compromised in a February cyberattack. Though the server was secured with HIPAA-compliant safeguards, the hacker accessed and possibly acquired patient names, addresses, birth dates, and COVID-19 test results.
James McQuiggan, security awareness advocate at KnowBe4, commented on the distinctive challenges healthcare organizations face:
“Healthcare organizations are a prime target for criminal groups because of sensitive personal data kept in their systems. Data like Social Security numbers, names, addresses, driver licenses, phone numbers are all used for identity theft or spear phishing attacks against compromised individuals.
"Having a dedicated management team to respond to incidents is critical in reducing other risks to the organization. It must collaborate with all aspects of the organization from the C-suite to legal, communications and the impacted businesses to resolve the issue and restore operations quickly and efficiently.
"Healthcare organizations have a culture of helping patients and saving lives. Establishing a cybersecurity culture can prevent data breaches due to phishing attacks and protect sensitive data from being stolen by criminals.
"Organizations that suffer a data breach discover the costs to recover have a significant financial impact. In comparison, the costs to implement a security awareness training program for their employees are lower. Investing in the employees and providing an engaging training program to help spot social engineering scams, such as phishing emails, can considerably reduce the risk of a compromise.”
LockBit deflates Bridgestone’s tires.
Security Week reports that Bridgestone Americas, one of the largest tire manufacturers in the world, has confirmed it was hit by a ransomware attack last month that exposed the data of a “limited number” of systems. When the attack was detected, Bridgestone disconnected many of its manufacturing and retreading facilities in the Americas from its network in order to contain the impact of the attack, resulting in the shutdown of some of the company’s plant operations. The notorious LockBit 2.0 ransomware gang has taken credit for the attack, and a timer on the gang’s website is counting down the seconds until the cybercriminals promise to publish “all available data.” It’s unclear just how much money LockBit is demanding from Bridgestone, but based on the gang’s modus operandi, tens of millions of dollars could be at stake. It’s worth noting that LockBit is the same outfit allegedly responsible for last year’s far-reaching attack on Accenture, as well as the recent breach of France’s Ministry of Justice, and the US Federal Bureau of Investigation issued an alert in February warning of the group’s activities.