IN alignment with the global observance of Safer Internet Day 2024, premier telecommunications company Eastern Communications steps forward to highlight the critical issue of online security.
Amid the growing prevalence of online scams, particularly through work emails and misleading links, Eastern Communications is at the forefront of educating and protecting businesses and individuals alike.
(Moorhead, Minn.) — Clay County officials say they discovered a cyber incident involving personal information relating to individuals the county serves.
According to a letter sent to Clay County residents, the county says they “are not aware of any misuse of any information involved in this incident.” Beginning on December 22, 2023, Clay County mailed notifications to individuals whose protected health information and/or personal information was impacted by this incident.
On October 27, 2023, Clay County determined that its network had been impacted by a ransomware attack that affected the electronic document management system (“CaseWorks”), which is hosted by Clay County and used by other Minnesota County social services entities. Clay County immediately initiated its incident response process and began working with its local information technology partner to investigate, to securely restore operations, and determine the effects of the incident. Clay County also worked with a nationally recognized digital forensics firm to assist with the investigation and notified federal law enforcement and the Minnesota Department of Human Services.
Through the investigation, Clay County determined that there was unauthorized access to its network between October 23, 2023 and October 26, 2023, and that the cyber criminals responsible for this attack took some data from Clay County’s network. As soon as Clay County learned this, it started notifying the other impacted counties and began an extensive review to determine what information may have been involved and who may have been affected, so that we could provide notice.
LockBit, a notorious ransomware group, has reportedly released all data stolen from Boeing in a recent ransomware attack. This follows Boeing’s apparent refusal to meet the ransomware group’s demands. The leaked data, amounting to approximately 50GB, was made public early Friday, consisting of compressed archives and backup files related to various systems.
Prior to this full release, LockBit had uploaded files allegedly linked to Boeing’s financial and marketing activities, as well as supplier details. The exposed data also includes Citrix logs, raising speculation that the ransomware group exploited the Citrix Bleed vulnerability to infiltrate Boeing’s systems. Boeing, however, has not confirmed the initial entry point used in the attack.
Independent verification of the data dump’s authenticity is pending, as reported by The Register. Boeing has remained tight-lipped about the specifics of the stolen files. In a statement, a Boeing spokesperson acknowledged a cybersecurity incident affecting the parts and distribution business. They emphasized ongoing investigations in collaboration with law enforcement and regulatory authorities, asserting that the incident poses no threat to aircraft or flight safety.
Security researcher Dominic Alvieri noted that the files include corporate emails, which could be particularly useful for malicious actors. “I haven’t gone over the whole data set but Boeing emails and a few others stand out as useful for those with malicious intent,” Alvieri told The Register.
LockBit first listed Boeing on its dark-web site on Oct. 28. Boeing confirmed an IT intrusion affecting its parts and distribution business to The Register on Nov. 2. Initially, Boeing was removed from LockBit’s leaks site amid purported negotiations, but it appears these discussions either failed or didn’t occur, leading to Boeing’s reappearance on the LockBit extortion website.
In a related development, China’s largest bank, ICBC, also fell victim to ransomware attacks this week, disrupting its financial services. LockBit claimed responsibility for this attack as well.
Austin, Texas-based Bay Bridge Administrators, a third-party administrator of insurance products, recently began notifying more than 251,000 patients that their data was stolen after a network hack in September 2022.
The “network disruption” was first detected on Sept. 5, which prompted BAA to secure the network and engage with an outside cybersecurity firm to investigate. Forensics showed that the attacker had gained access more than a week before being discovered, which enabled them to exfiltrate “certain data” from the network on Sept. 3.
BBA appears to explain the lengthy delay in notifying patients to a “thorough investigation” that concluded on Dec. 5. Under the Health Insurance Portability and Accountability Act, covered entities have 60 days without undue delay to inform patients of possible data exposure.
The notice uses language to suggest that the breach was not discovered until months after the initial hack and data theft. The Department of Health and Human Services has warned against this type of notice, urging providers to inform patients of possible privacy violations “even if it is initially unclear whether the incident constitutes a breach as defined in the rule.”
For patients tied to BBA, the compromised data was tied to “individuals enrolled in some employment insurance benefits administered” by the business associate in 2022.
The stolen data varied by individual and could include Social Security numbers, contact details, driver’s licenses or state identification numbers, medical data, health insurance information, and/or dates of birth.
In a similar notice to BBA, Circles of Care in Florida is beginning to notify 61,170 patients that their data was stolen after a network hack detected on Sept. 21, 2022.
An investigation deployed with support from a third-party independent cybersecurity team found the attacker first accessed the network on Sept. 6 and used the access to obtain certain information. The investigation concluded on Nov. 29, 2022.
The…