Tag Archive for: Numbers

ECHN cyberattack compromised Social Security numbers, medical records


The cyberattack against the Eastern Connecticut Health Network in August resulted in the theft of employee and patient names and Social Security numbers, as well as patients’ confidential health and financial information, according to an attorney representing Prospect Medical Holdings — ECHN’s parent company.

In a letter to the Connecticut attorney general’s office on Friday, Sarah Goldstein, an attorney representing the California-based Prospect, provided an update on the attack.

In the letter, which was obtained by CT Insider, she wrote that Prospect’s computer network was infiltrated and the hackers “accessed and/or acquired files that contain information to certain current and former employees and dependants” of Waterbury Hospital, Rockville General, and Manchester Memorial hospitals.

“For Prospect Medical employees and dependents, the information involved may have included their names and Social Security numbers,” Goldstein wrote.

Patients’ compromised information varied, she wrote, but it includes names, addresses, dates of birth, diagnosis, lab results, medication, and other treatment information, along with insurance information, doctors and facilities visited, dates of treatment, and financial information.

Source…

MGM Hack Exposes Social Security Numbers – 24/7 Wall St.


Business

For more than a decade, Americans have worried that hacks of big companies might expose some of their confidential data. According to LifeLock, this has happened with the huge MGM hack, which included six terabytes of data from MGM and Caesars. Members of the loyalty club of the companies had Social Security numbers and driver’s license data exposed. It is unclear whether any of those people face identity theft. (These are 22 notorious unsolved crimes in American history.)

Some hacks that exposed a huge amount of data are over a decade old. The Sony PlayStation network was hacked in 2011, exposing 77 million personal records. Experian, the credit rating agency, was hacked earlier this year. Given the business it is in, it should have the best anti-hacking system in the world.

In the dark world of hackers, efforts have not stopped at companies. City software systems and hospitals have been hacked, in some cases affecting patient data and the ability of metros to operate key services.

Hackers have started to ask for large amounts of money as ransom, which can stretch into millions of dollars. These payments must be made for organizations with essential parts of the systems taken down.

Consumer and business concerns extend beyond identity theft. A major hack of banks threatens deposits. The FDIC protects deposits up to $250,000, but what if businesses have more than that at stake?

The cold truth about hacks is that software protection companies meant to shield clients are not good enough. The skills of hackers have stayed one step ahead. There is no reason to think that will stop.

Source…

MOVEit, the biggest hack of the year, by the numbers


The mass-exploitation of MOVEit Transfer software has rapidly cemented itself as the largest hack of the year so far. While the full impact of the attack will likely remain untold for months to come, there are now more than 1,000 known victims of the MOVEit breach, according to cybersecurity company Emsisoft.

This milestone makes the MOVEit breach not just the largest hack of 2023 — but also one of the largest in recent history.

The fallout began in May when Progress disclosed a zero-day vulnerability in MOVEit Transfer, its managed file transfer service used by thousands of organizations around the world to move large amounts of often-sensitive data over the internet. The critical-rated vulnerability allowed attackers — specifically the notorious Clop ransomware and extortion gang — to raid MOVEit Transfer servers and steal customers’ sensitive data stored within.

Since then, Clop’s attacks and threats to publish the stolen data if it doesn’t receive payments have continued unabated, as have the number of known victim organizations, known impacted individuals and the costs associated with the fallout.

We take a look at the MOVEit mass hack by the numbers.

60,144,069

Just as the number of known victim organizations crossed the 1,000 milestone on August 25, the number of impacted individuals also surpassed the 60 million mark.

This figure, published by Emsisoft, is sourced from state breach notifications, SEC regulatory filings and other public disclosures. Emsisoft notes that while there will invariably be some overlap in terms of individuals impacted, the number is only likely to increase as more organizations continue to confirm MOVEit-related data breaches.

83.9%

U.S.-based organizations account for 83.9% of known MOVEit corporate victims, according to Emisoft’s researchers. Organizations in Germany account for about 3.6% of total victims, followed by Canadian companies at 2.6% and firms in the United Kingdom at 2.1%.

11 million

In July, U.S. government services contracting giant Maximus became the largest victim of the MOVEit breach after confirming that hackers accessed the protected health information — including Social Security numbers — of as many as 11 million…

Source…

Hatch Bank says hackers used Fortra bug to steal 140,000 customer Social Security numbers


Hatch Bank, a digital-first bank that provides infrastructure for fintech companies offering their own brand credit cards, confirmed hackers exploited a zero-day vulnerability in the company’s internal file transfer software that allowed access to thousands of customer Social Security numbers.

The vulnerability in Fortra’s GoAnywhere file-transfer software came to light on February 2 after security journalist Brian Krebs publicly shared details of Fortra’s security advisory because the tech company had put the advisory behind a login prompt.

The Clop ransomware gang claimed to have exploited the zero-day flaw, tracked as CVE-2023-0669, to steal data from more than 130 organizations. Community Health Systems, one of the largest healthcare providers in the United States, was the first victim to publicly disclose it had fallen victim to the zero-day bug. Hatch Bank, this week, became the second known victim.

In its data breach notification filed with Maine’s attorney general this week, Hatch Bank said that attackers exploited the vulnerability in its GoAnywhere system to steal the names and Social Security numbers of close to 140,000 customers, including 630 individuals based in Maine.

Hatch Bank said that while Fortra (previously known as HelpSystems) learned of the vulnerability in its GoAnywhere software on January 29, the tech company didn’t notify Hatch Bank until February 3 — one day after Krebs revealed news of the GoAnywhere flaw. It’s unclear if these incidents are linked and Fortra declined to answer TechCrunch’s questions.

The notification warned that hackers had unauthorized access to Hatch’s account from January 30 to January 31. “Hatch Bank immediately took steps to secure its files and then launched a diligent and comprehensive review of relevant files to determine the information that may have been impacted,” the bank said in a letter sent to impacted customers on Monday. The bank says that it has also notified federal law enforcement.

The bank says it’s providing those affected by the breach with access to free credit monitoring services. It also said it is working to implement unspecified “additional safeguards”…

Source…