Tag Archive for: info

City of Modesto says ransomware attack accessed personal info

/in


The city of Modesto revealed new details regarding a ransomware attack that targeted victims through the city’s digital network. On Thursday, the city said that it has been responding to a ransomware attack since last month and that a “limited amount” of the personal information of some people was compromised.That information included social security numbers, state-issued identification numbers, phone numbers, and driver’s license information. The city said it would begin notifying by mail next week those who may have been impacted by the attack and will provide them with free credit monitoring services.City Spokesperson Andrew Gonzales said the attack was limited to the police department and that no other residents, agencies or members of the public were threatened.When asked, Gonzales said he could not state how many people may have been impacted.There was never a threat to public safety systems for 911 calls or emergency services, though police had to “pull the plug” on parts of their network and go back to “old school policing,” Gonzales said.The police department has since returned to its usual technologies, he added. The city said its training preparedness exercises before the attack happened and its incident response plan helped to “contain the threat more quickly.”“Our information technology department began disconnecting portions of our digital network,” Gonzales said. “We then launched an investigation with leading cybersecurity experts, forensics teams, law enforcement to determine what we were dealing with.”Officials apologized to those who were affected and said it “has been and will continue to enhance security measures and protocols to help prevent an incident like this from happening again in the future.”Christos Kalantzis is the chief technology expert at a company called Security Scorecard. This company evaluates cybersecurity for over 12 million entities daily.Kalantzis said that he and his team were notified of the ransomware attack in Modesto. “It seems Modesto has suffered a ransomware attack as the result of a phishing or spear phishing exercise where they were able to infiltrate certain systems, lock them out and hold the…

Source…

Protect Your Data From Hackers Check this Right Now #privacy #protection #data #security #shorts

/in



Ransomware crooks steal 3m+ patients’ medical records, personal info • The Register

/in


Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection in December.

According to the Southern California health-care organizations, which include Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical, the security breach happened around December 1, 2022. 

“After extensive review, malware was detected on some of our servers, which a threat actor utilized to access and exfiltrate data,” according to a notice posted on Regal’s website and filed with the California Attorney General’s office [PDF]. 

The medical outfit said it hired third-party incident responders to assist and worked with security vendors to restore access to its systems and determine what data was impacted.

Judging from the filings with various state and federal agencies, the news wasn’t good. 

Extortionists stole, among other things, from the medical groups: patients’ names, social security numbers, addresses, dates of birth, diagnosis and treatment information, laboratory test results, prescription data, radiology reports, health plan member numbers, and phone numbers.

And according to the US Department of Health and Human Services, which is investigating the database breach, it affected 3,300,638 people. 

“Regal is taking steps to notify potentially impacted individuals of this breach to ensure transparency,” the company’s notification stated, adding it notified law enforcement and regulatory agencies about the ransomware attack.

Regal did not immediately respond to The Register‘s questions, including who is responsible for the attack and how they gained entry, how much money the crooks demanded and whether the health network paid the ransom.

As is typically the case in these types of incidents, the medical groups say they will pay for affected customers to receive one year of Norton LifeLock credit monitoring. They also urged patients to register a fraud alert with various credit bureaus, and closely monitor account statements as well as explanation of benefit…

Source…

The Rise of Info Stealing Malware

/in


Cybercrime
,
Cybercrime as-a-service
,
Cyberwarfare / Nation-State Attacks

Also: Holiday Cybercrime Defense; Palo Alto’s New Acquisition

Anna Delaney (annamadeline) •
November 25, 2022    

Clockwise, from top left: Anna Delaney, Mathew Schwartz, Michael Novinson and Tom Field

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity and privacy issues, including advice for security leaders and their teams on strengthening off-hours defenses during the holiday season, emerging cybercrime trends in 2022, and Palo Alto’s first big M&A since early 2021.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies



The panelists – Anna Delaney, director, productions; Mathew Schwartz, executive editor of DataBreachToday and Europe; Michael Novinson, managing editor of business; and Tom Field, senior vice president, editorial – discuss:


  • Highlights from an interview with Sam Curry of Cybereason who shares recommendations to security leaders to bolster off-hours defenses as we enter the holiday season;


  • Two emerging cybercrime trends of 2022; a surge in data stealing malware and cryptocurrency-targeting attacks;

  • How Palo Alto Networks will make its first major acquisition in nearly two years, scooping up application security startup Cider Security for $250 million.

The ISMG Editors’ Panel runs weekly. Don’t miss our previous installments, including…

Source…