At a glance.
- Conti takes credit for Snap-on Tools data breach.
- Okta attack leads US HSS to issue warning about Lapsus$.
- Logan Health sued by data breach victims.
Conti takes credit for Snap-on Tools data breach.
The prolific Conti ransomware gang claims to have attacked another victim: Snap-on Tools, a Wisconsin-based high-end transportation tool manufacturer. Forbes explains that last month 1GB of files allegedly stolen from Snap-on appeared on Conti’s data leak website. Snap-on has disclosed that a data breach occurred between March 1 and March 3, though the company has not confirmed that Conti was the perpetrator. The notification letter explains that after detecting suspicious activity “in some areas of [Snap-on’s] computer systems environment,” the company took the impacted systems offline, and subsequent analysis revealed that the threat actors had exfiltrated “some personal data relating to our Snap-on people.” The compromised data includes names, Social Security numbers, dates of birth, and employee identification numbers for Snap-on associates and franchisees. Interestingly, Conti has since removed the Snap-on data from the leak site, which typically indicates that the target has agreed to pay a ransom, but Snap-on has not disclosed whether any ransom negotiations have taken place.
Okta attack leads US HHS to issue warning about Lapsus$.
As we noted last month, US identity management firm Okta suffered a cyberattack at the hands of the Lapsus$ extortion group resulting in the compromise of several healthcare organizations. SC Magazine reports that in response to this incident, the US Department of Health and Human Services (HHS) has issued a report warning the healthcare sector of the threat group’s tactics. In the alert, HHS notes that Lapsus$ sets itself apart by relying on extortion rather than traditional ransomware encryption, and appears to be motivated by notoriety and destruction rather than financial gain. The report warns of Lapsus$’s typical tactics: credential theft, compromise by bypassing multi-factor authentication, phone-based social engineering, and the more unusual method of “self-injection into ongoing crisis-communication calls of their targets.” The report goes on, “While law enforcement has begun pressuring the group and even arresting some alleged members, operations are expected to continue…The diversity of their tactics, and their lack of reliance on specific malware variants, make them very difficult to detect or stop.” HHS encourages healthcare entities to strengthen their defenses by using passwordless and/or multi-factor authentication and OAuth or SAML, bolstering their current network segmentation strategies, and educating employees about social engineering attacks.
Logan Health sued by data breach victims.
Western News reports that the November data breach of Logan Health, a nonprofit research and academic medical center located in the US state of Montana, has resulted in a class-action lawsuit. Former patients impacted by the breach claim that the incident represents negligence, breach of contract, and breach of fiduciary duty on the part of the healthcare organization. According to court documents, private data including Social Security numbers, addresses, and treatment codes for more than 213,000 patients were compromised in the attack, and Logan Health is being accused of failing to adequately protect patient data and delaying notification of the victims. The lawsuit reads, “The data breach was a direct result of [Logan Health’s] failure to implement adequate and reasonable cybersecurity protections and protocols that were necessary to protect the sensitive information of patients who entrusted it into [the facility’s] custody and care.” The suit alleges that the breach has left the victims at increased risk of identity theft, and some plaintiffs claim they have already seen an increase in phishing attempts. It’s worth noting that this is not the healthcare provider’s first breach-related lawsuit; in 2020, Logan Health agreed to establish a $4.2 million settlement fund for individuals impacted by a breach the previous year.