At a glance.
- Suncrypt ransomware gang takes credit for health clinic breach.
- Families urged to protect themselves after NYC school data breach.
Suncrypt ransomware gang takes credit for health clinic breach.
Oklahoma City Indian Clinic (OKCIC) has disclosed that it suffered a cyberattack, and the Suncrypt ransomware group is claiming they’re behind it. After discovering earlier this month that some of its systems were inaccessible, the Oklahoma-based nonprofit healthcare facility enlisted the help of a third-party forensics team to investigate. OKCIC released a statement explaining, “While our investigation remains ongoing at this time, we currently do not have evidence of unauthorized access to patient information.”
Suncrypt, on the other hand, says they nabbed 350 gigabytes of data, including health records and financial documents. Some of OKCIC’s computer systems and its auto-prescription refill system were disrupted as a result of the attack. Patrick Allmond with Focus Marketing told KFOR News, “Before this happened, they probably didn’t know that that backdoor was there, so hackers, unfortunately, have a lot of time and resources to find backdoors. Once they do, unfortunately, it’s profitable,” he said. “Unfortunately, ransomware often works, and so, to get access to that information, I wouldn’t be surprised if this clinic actually has to pony up the money in whatever currency it is.” Additional details will be released as the investigation unfolds.
Families urged to protect themselves after NYC school data breach.
As we noted yesterday, the data of 820,000 former and current New York City public school students were exposed in a third-party cyberattack, and some experts are saying that it could be the largest breach of K-12 student info in US history. The incident was the result of an attack on education services firm Illuminate Education, developer of popular grading and attendance platforms Skedula and PupilPath, and Chalkbeat New York offers advice for caregivers who are concerned their family data might have been compromised. Doug Levin, the national director of K-12 Security Information Exchange, recommends that students change their passwords, including those attached to accounts unrelated to school platforms, as many individuals reuse their login credentials across multiple sites.
Families are also advised to set up credit monitoring for both parents and students, as minors are often attractive targets for credit fraud. As well, families should be on the alert for suspicious emails, calls, or texts, as they might likely be targeted with phishing operations. “Parents should probably be on the lookout for getting calls that say, ‘We’re missing critical information to get your child enrolled in school. We need you to call us back ASAP and give us their social security number,’” explained Hannah Quay-de la Vallee, a senior technologist at the Center for Democracy & Technology. She added that families will likely be dealing with the consequences of the incident for a long time: “Being part of these data breaches just means you have to be vigilant about it, going forward and in perpetuity, unfortunately.”