At a glance.
- Former Credit Suisse employee steals salary data.
- Advice for health organizations responding to data breaches.
- Community Health Systems impacted by GoAnywhere MFT bug.
Former Credit Suisse employee steals salary data.
Global investment bank Credit Suisse has disclosed that a former staff member took personal employee data when departing the company. The India-based employee had legitimate access to the data at the time but left the bank in 2019. Reuters reports that the compromised data include salary details collected between 2013 and 2015, as well as bank account information, Social security numbers, and addresses. Impacted employees have been notified. A Credit Suisse spokesperson stated, “To date, there is no evidence of any onward transmission or intent to use the data in any way…Having investigated it thoroughly, we have taken and are continuing to take steps – including legal remedies – to adequately contain the incident."
Code42 CEO Joe Payne put the incident in the context of insider risk (and drew attention to the importance of offboarding):
“The recent incident with Credit Suisse is one of many high-profile insider data exfiltration or IP theft events we have seen in the past few months, and this problem is only expected to worsen. The data is clear: 60% of employees take data when they change jobs. This is happening in all industries because the advent of new technology makes it easier than ever to take source code, customer lists, and product plans. Most companies haven’t kept up. An astonishing 71% of organizations are unaware of how much sensitive data their departing employees take with them. We get their badge; we get their laptop; but they take company data. Insider risk is a material problem where a single incident can cost upwards of $15 million — not including the loss of competitive advantage and reputational damage, which can be multiples of the direct costs.”
Advice for health organizations responding to data breaches.
Healthcare providers have been increasingly targeted by cybercriminals looking to nab valuable medical data. Health Exec sat down with Rob Kim, chief technology officer at digital solutions provider Presidio, to discuss how US health organizations should respond to data breaches to contain the damage, expedite recovery, and protect their patients from further exposure. Kim states, “Cyber-recovery planning must be a core component to incident response (IR), with regular testing of IR plans to ensure rapid incident preparedness. This will also improve cyber insurance coverage, as the ability to demonstrate recoverability will help lower premiums and increase coverage amounts by lowering overall risk for the carriers.”
Kim adds that organizations are required to notify their patients within 60 days of the breach, are expected to inform the Federal Trade Commission. In some cases they need to talk to the media. To prevent security incidents, organizations should invest in a managed detection and response (MDR). Kim says, “MDR solutions decrease the mean time to detect and respond to potential incidents, reducing risk and overall business impacts. Implementing this solution also allows for increased visibility and stronger security insights that can guide healthcare organizations on what remediation actions to take if an attack does occur.” He also notes that the best handled data breaches are the ones you never hear about. “When a company can quickly and quietly contain a breach, small or large, this signals that they had a strong incident response plan in place and were prepared as soon as it occurred,” Kim explains.
Community Health Systems impacted by GoAnywhere MFT bug.
Staying on the topic of healthcare data breaches, healthcare provider Community Health Systems (CHS) has disclosed it was one of several organizations compromised by a recent series of attacks targeting a zero-day bug in Fortra’s GoAnywhere MFT secure file transfer platform. CHS, which operates over one thousand healthcare sites across the US, says that on Monday Fortra informed them that CHS data had been exposed in a “security incident." An investigation was launched revealing that the data of up to one million CHS patients were potentially compromised. CHS stated in an 8-K filing with the SEC, "While that investigation is still ongoing, the Company believes that the Fortra breach has not had any impact on any of the Company's information systems and that there has not been any material interruption of the Company's business operations, including the delivery of patient care."
The Clop ransomware gang, which has claimed responsibility for the GoAnywhere attacks, told BleepingComputer that they've breached over one hundred thirty organizations, though they provided no evidence to back up their claims. It’s unclear whether they have begun extorting victims or what sort of ransom demands they’ve made. It’s worth noting Clop was behind the wave of attacks exploiting the zero-day bug in Accellion's legacy File Transfer Appliance (FTA) in 2020. Forta disclosed the GoAnywhere MFT vulnerability to its customers last week, and the Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its Known Exploited Vulnerabilities Catalog on Friday. CISA has ordered US federal agencies to secure their systems by March 3rd.