Tag Archive for: california

More than 42,000 affected by ransomware attack on pro bono California law firm

/in


More than 42,000 people had their information exposed during a ransomware attack on a California law firm that provides free services to those in need.

The Law Foundation of Silicon Valley notified regulators in California and Maine this week that the February ransomware attack on their offices resulted in the leak of Social Security numbers and other personal information.

The breach affected both clients and staff members. The law firm said it has about 90 attorneys, social workers, staff, and volunteers while helping about 10,000 people each year.

The firm, which has existed for nearly 50 years, posted a message on its website last week about the incident, confirming that they were the “victim of a sophisticated ransomware attack.”

“While operations were back up and running when offices reopened from the [Presidents Day] holiday weekend, data on one server was later discovered to have been compromised. The Law Foundation immediately engaged cybersecurity specialists who conducted an extensive forensic investigation,” they said.

“The investigation revealed that certain information within the Law Foundation’s system was unlawfully accessed and that the breach compromised the personal information of more than 40,000 clients, staff, and others.”

Information accessed includes: Social Security numbers, medical records, immigration numbers, financial data, driver’s license numbers, financial account/payment card information, passport/government identification, taxpayer-identification numbers, dates of birth and digital signatures.

The investigation into the incident ended on June 1 and the law firm spent another 30 days looking for addresses and contact information for victims, who are now being offered 12 months of identity protection services and identity theft insurance.

The victims involved included both adults and minors.

“We are in the business of helping people with important and sensitive life issues. The breach impacts the core of our nonprofit mission to help low-income individuals and families with serious issues to improve their lives. We have partnered with experienced vendors to notify and assist those who are impacted,” said Alison Brunner, CEO of…

Source…

California county paid $1.1 million ransom to hacker of Sheriff’s Department computers

/in


San Bernardino County acknowledged this week that it has paid a $1.1 million ransom to a hacker who uploaded malware to the Sheriff’s Department’s computer system.

In a ransomware attack, a criminal enters a system and encrypts the data, leaving the owner unable to access it. If a ransom is paid, usually in cryptocurrency, the criminal will provide a decryption key to unlock the data.

For weeks, the county said little publicly about the hack, other than to call it a “network disruption.”

David Wert, a county spokesman, said the county had anticipated such a computer invasion and had taken out insurance. He said that of the $1.1 million payout, the county’s share was $511,852 and that the insurance company paid the rest.

Sheriff Shannon Dicus said Wednesday that the cyberattack did not compromise public safety but workarounds were required for certain tasks. For instance, he said, deputies could not access the California Law Enforcement Telecommunications System, which can tell deputies when a person is wanted for crimes elsewhere in the country. So deputies would request other agencies check the CLETS records.

It was unclear Thursday whether any information was stolen. The department is still going through its systems to learn what has been affected. Those that have been determined to be safe and functioning are being turned back on, said Mara Rodriguez, a sheriff’s spokeswoman.

No other county department computer systems were affected, Wert said.

Chuck Brooks and some other cybersecurity experts say paying a ransom is a bad precedent.

“Generally, businesses should not pay for ransomware as they will likely be hit over and over again as it will be shared and sold by criminal hackers on the dark web,” Brooks said in an email on Thursday, May 4.

Brooks, in a story he wrote that appeared in Forbes magazine, said ransomware has been around since the late 1980s and “it has become a trending and more dangerous cybersecurity threat.”

Wert said there was a discussion about whether to pay but declined to elaborate beyond this statement:

“The decision whether to render payment was the subject of careful consideration,” Wert said. “On balance, and…

Source…

California Dairies Chooses Veeam to Secure Critical Data, Ensure Business Continuity and Protect Against Ransomware

/in


COLUMBUS, Ohio–()–Veeam® Software, the leader in Modern Data Protection, today announced it was selected by California Dairies, Inc. (CDI) to protect their Microsoft 365 data and mitigate cyberattacks. Veeam is also ensuring business continuity through verified disaster recovery (DR) strategies, fast-tracking data protection for multi-cloud ecosystems and offering additional ransomware resilience for the #1 dairy processing cooperative in California that produces safe, fresh milk for all 50 states and more than 50 countries.

CDI is the largest farmer-owned milk-processing cooperative in California, producing approximately 40% of the state’s milk and 20% of the nation’s butter. The company is comprised of more than 300 dairy farms producing nearly 17 billion pounds of milk annually, which CDI processes to make butter, fluid milk products and milk powders. CDI’s production of fresh, high-quality dairy products every day is key to its ongoing success, but this can be a challenge if there’s an unforeseen IT incident.

After facing a near-catastrophic failure where an on-premises Microsoft Exchange server became unavailable, CDI was able to restore data using Veeam Backup & Replication™. Following this incident, CDI recognized the benefits of migrating its on-premises environment to the cloud and decided to deploy Veeam Backup for Microsoft 365 for its ease of use, simplicity and reliability.

“Each dairy farm is integral to everything we do as an organization, so protecting the data that helps us collect, market and process milk while providing services to our members is critically important,” said Matthew Prieto, Director of Infrastructure and Security at CDI. “From the first time we started using Veeam solutions, we have not been let down. We know our data is protected and always available when we need it. Veeam has been absolutely core to business continuity, so as we’re moving more backups to the cloud, we know we’re covered.”

Like many manufacturing companies, CDI was an early adopter of virtualization. After CDI determined that backing up physical servers to tape, wasn’t suitable for virtual machines, CDI chose Veeam…

Source…

California health plan facing network disruptions after alleged Hive ransomware attack

/in


This week’s healthcare data breach roundup is led by the ongoing network disruptions at Partnership HealthPlan of California, allegedly caused by the Hive ransomware group. (Sarah Stierch, CC BY 4.0 https://creativecommons.org/licenses/by/4.0, via Wikimedia Commons)

Partnership HealthPlan of California (PHC) is currently experiencing computer system disruptions and working to recover its network with support from third-party forensic specialists. Multiple reports allege the Hive ransomware group is behind the attack.

Its official website notice does not explain the underlying cause, but DataBreaches.net was first to report that Hive ransomware actors have taken responsibility for the attack. The post has since been removed, but screenshots of its dark web leak site previously displayed data proofs  allegedly exfiltrated from the PHC network before ransomware was deployed.

The proofs contained approximately 850,000 unique records, containing 400GB of data. Hive claimed to have deployed the ransomware on March 19. Again, the official website makes no such statement, nor did the ransomware group reveal any alleged patient data on the site before it was taken down.

The notice shows the health plan is currently investigating the incident and working to “safely restore full functionality to affected systems, and determine whether any information may have been potentially accessible as a result of the situation.”

PHC will notify relevant parties if any patient information was potentially accessed during the incident. The health plan has also established a number of helplines for specific medical needs or questions.

It appears the network disruption has disabled PHC’s ability to receive or process Treatment Authorization Requests, the form required to gain pre-approved funding for treatment, including the Medi-Cal approved assistive technology. Providers are being asked to to provide the necessary treatment for the next two weeks, and the TARs will be retroactively completed.

PHC is the second healthcare entity to report ongoing network outages in the last week, bringing the total number of healthcare provider disruptions to four this year, so far.

Portions of the Oklahoma City Indian…

Source…