Tag Archive for: Ransomware
Hackers accessed data on 270,000 patients from Louisiana hospital system in attempted ransomware attack
Lake Charles Memorial Health System, which includes a 314-bed hospital, thwarted the hackers’ attempt to encrypt its computers and prevented any disruption to patient care, according to spokesperson Allison Livingston. The health care provider’s own security team detected the hack, Livingston said in an email.
Phishing, ransomware continue to hinder email security through 2022
In 2022, security practitioners struggled to address the growing attack surface created by their rapid push to remote work and cloud-based operations during the previous two years. Cyber criminals exploited new vulnerabilities — including those introduced by the growing use of third-party software — to launch ransomware and other attacks.
But with tools like zero trust, XDR and more automated threat intelligence tech to bolster vulnerability management, cloud, email and endpoint security, organizations fought back – and established plans to invest more to secure networks and data in the next two years.
The following is the third of a seven-part series about where security practitioners struggled and, in many cases, made headway throughout 2022. Here, we focus on their email security challenges.
Click here to download the full 2022 Cybersecurity Year in Review Report from SC Media.
Consequences of email insecurity
Security teams devoted much attention to email security in 2022, but attackers continued to have the edge, exploiting the vulnerabilities that come with remote work and it’s the explosion of business and personal devices.
Consider the compromise reported by American Airlines in September 2022. The company informed customers that a bad actor breached the email accounts of some employees in July, which led to the personal information of customers and employees potentially being exposed and accessed.
Also in September, a credential phishing attack targeted 16,000 emails at a nonprofit agency. The fraudster in that incident claimed to be the prominent charge card brand American Express and demanded that cardholders open an attachment and contact the card company immediately regarding the cardholder’s account.
Such incidents demonstrate that email security is at its core a people problem, requiring security teams to address risks that can often linger beyond the realm of their control.
The uphill struggle with email security was also captured in a CyberRisk Alliance (CRA) Business…
Ransomware attacks hit Iowa schools, including Davenport, although public often left in dark
In the summer of 2019, school Superintendent Devin Embray learned the Glenwood District in Mills County, Iowa, was being held hostage by foreign ransomware attackers.
The hackers encrypted student data that included schedules, contact information and demographic information, making it inaccessible to the school’s administrators, Embray said. They demanded $130,000 worth of cryptocurrency from the school district to unlock the data.
Glenwood paid $10,000 in ransom.
“There was really nothing we could do on our end,” Embray said.
The 2019 Glenwood attack was one of the first known examples of a surge in ransomware attacks on Iowa schools. While Glenwood chose to publicly acknowledge it, many schools targeted by cybercriminals do not.
Most ransomware attacks go unreported and communities are left in the dark about what may have happened to their private information and their taxpayer dollars.
People are also reading…
When the Davenport School District was targeted in September, school officials said they thought they were dealing with computer-server glitches as the district’s internet, phone and email systems experienced disruptions.
Later in the month, signs of a cyber invasion became more evident, but the district declared it had “thwarted” an attack.
A data-extortion group known as “Karakurt” has since claimed to have stolen huge amounts of personal data from the Davenport district. Though the attack first was detected in early September, state officials were not notified of the breach until the end of October.
In early November, a district spokesman first acknowledged the hackers had demanded a ransom, but the district did not pay.
Schools advised how to handle attacks
Increased ransomware attacks bring steep insurance costs, rigorous requirements to qualify for insurance and, in some cases, disruptions in students’ education.
Aaron Warner, CEO of ProCircular, a…