At a glance.
- Hackers publish stolen AvidXchange data.
- Two US medical data breaches.
- Western Digital cyberattack resulted in data theft.
Hackers publish stolen AvidXchange data.
Sensitive data stolen from AvidXchange, a US payments solutions software giant, has been published on the dark web, indicating the company has suffered its second cyberattack since the start of 2023. The RansomHouse ransomware gang has taken credit for the attack, stating on their leak site, “Dear AvidXchange, We strongly recommend you to contact us to prevent your confidential data, documents from being leaked.” TechCrunch reports that the stolen data include non-disclosure agreements, employee payroll information, and corporate bank account numbers, as well as login credentials for several of the company’s systems including cloud accounts and security software. What’s worse, many of the leaked passwords are embarrassingly weak – versions of the company’s name and the word “password” – and are likely still in use. AvidXchange has confirmed it detected the data were stolen in April and that an investigation is ongoing, but has declined to state whether any ransom demands have been made. Just a few weeks ago, the company disclosed it was one of the many victims of the attack on Fortra’s GoAnywhere file transfer tech.
Roy Akerman, Co-Founder & CEO of Rezonate, wrote about the vulnerabilities poor practices expose organizations to compromise. “Compromised accounts, protected by weak passwords, serve as an easy targets for attackers to breach in. A beginner Whitehat pen-tester or a Blackhat attacker learn how to use a password cracker in minutes to brute force their way in to an organization and since not monitored, easily gain access without being noticed," he said. “AvidXchange unfortunately have not taken sufficient steps since their recent breach to secure their most critical attack surface which is identity and access. Going back to the basics is critical in these cases to make sure best practices and processes are built with strong password policy, MFA, complete visibility across your identity fabric to know who can do what, who is doing what, and pinpoint any malicious exploitation or anomalous behavior.”
Morten Gammelgard EVP, EMEA, at BullWall, also commented on the importance of sound practices. "AvidXchange falling victim to a second ransomware attack highlights the importance of good password policies and a comprehensive security strategy. If, as reported, the attackers were able to easily guess passwords that were iterations of the company's name and included the word 'password,' that is unforgivable. The first rule of passwords is strong and complex passwords," Gammelgard wrote. “In addition to strong password policies, companies must have a robust security stack, backups, and a ransomware containment system in place. The publication of sensitive data stolen from a variety of AvidXchange's systems emphasizes the need for securing not just IT systems, but also physical infrastructure such as smart locks and cameras. Regular testing of backup plans is also crucial to ensure their effectiveness. Cyber threats are constantly evolving and all organizations must be vigilant and proactive in securing their systems.”
Mark Bermingham, VP at Cyware, sees a role for threat intelligence in addressing this challenge. “Making sense of threat intelligence is a critical add for ensuring diligent security. Lessons ignored can become lessons learned and then applied thru the security stack by automating the ingestion of relevant threat intel, enriching and correlating, and subsequently automating actioning based on insights gleaned from threat intel. Common tactics and techniques (TTPs) readily emerge from threat intel analysis that can prevent or significantly limit the effectiveness of subsequent attacks.”
Two US medical data breaches.
McPherson Hospital, a healthcare system based in the US state of Kansas, has disclosed it suffered a ransomware attack last July that resulted in a data breach. The compromised data include patient names, Social Security numbers, dates of birth, medical treatment information, medical billing information, and health insurance information. JDSupra reports that the hospital began notifying impacted individuals last week.
Ani Chaudhuri, CEO of Dasera, finds the breach at McPherson troubling:
"It's deeply concerning to see another healthcare provider, McPherson Hospital, Inc., fall victim to a ransomware attack, exposing sensitive patient data. As a data security professional, I empathize with the breached organization and the patients affected by this incident. Healthcare providers are becoming prime targets for cybercriminals due to the wealth of personal and medical information they hold.
"Healthcare organizations must prioritize data security measures and invest in robust cybersecurity solutions to safeguard their valuable and sensitive patient data. A comprehensive data security approach should include continuous data access, usage, and sharing monitoring to identify and remediate risks in real-time. By implementing a solution that combines automated discovery, classification, and protection of sensitive information with advanced analytics and policy enforcement, healthcare providers can ensure that their patients' data remains secure, compliant, and well-managed. A strong emphasis on data-centric security and collaboration between IT, security, and compliance teams will significantly reduce the likelihood of data breaches and the potential exposure of patients' confidential information."
"For the patients impacted by the McPherson Center for Health breach, taking immediate steps to mitigate the potential risks of identity theft and fraud is essential. This includes monitoring credit reports, placing fraud alerts on credit files, and staying vigilant for any suspicious activity related to personal information.
"While McPherson Hospital has taken steps to investigate the breach and notify affected individuals, it serves as a stark reminder to all healthcare providers to continuously assess and improve their cybersecurity posture. Implementing multi-layered security strategies, including data encryption, access control, and network segmentation, can significantly reduce the risk of similar incidents in the future.
"In an age where cyber threats are ever-evolving, it is vital for organizations across all industries, especially healthcare, to remain proactive and adaptive in their approach to data security."
In the state of Tennessee, Murfreesboro Medical Clinic & SurgiCenter experienced a cyberattack last month that compelled system administrators to shut down the network temporarily. The Shelbyville Times-Gazette explains that the healthcare provider is in the process of investigating the incident in order to restore its systems, but in the meantime all operations have been closed. CEO Joey Peay stated, “I want to thank our patients and employees for their understanding and patience while we work to make sure our computer infrastructure is secure and free of any harmful software.” Details are scarce due to the ongoing investigation, so it is unclear whether any patient data were compromised. However, patients have been urged to monitor their accounts for suspicious activity.
Western Digital cyberattack resulted in data theft.
Digital storage solutions provider Western Digital has confirmed that sensitive customer data were stolen in a recent cyberattack. Cyber Security Connect says the company sent out breach notification emails on Friday to the impacted individuals stating, "Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers.” The compromised data include customer names, billing and shipping addresses, email addresses, telephone numbers, hashed and salted passwords, and partial credit card numbers. As the investigation continues, Western Digital has temporarily taken its store offline, and customers have been warned of potential spear-phishing attacks. At the time of the breach, TechCrunch reported that an unidentified hacking group claimed to have stolen ten terabytes of the company’s data. Despite the fact that the cybercriminals used the ALPHV ransomware gang’s leak site, they claim they are not members of that operation. In late April the hackers published screenshots of stolen Western Digital information, indicating they still had access to the company’s systems. However, Bleeping Computer notes, no new data have been released since then, which could mean a ransom demand is still on the table.