Tag Archive for: records

Ransomware Gang Has 6M Life and Annuity Client Records

/in


What You Need to Know

  • Federal investigators say the MOVEit attack organizer is great at what it does.
  • The biggest victim may be the U.S. Department of Health and Human Services.
  • A flood of stolen data has cut the price of a Social Security number on the dark web to $1.

Companies that write and reinsure your clients’ life insurance policies and annuity contracts say the Clop Ransomware Gang has stolen personal records for at least 6 million people, and that many of the stolen records include Social Security numbers.

The life and annuity issuers are caught up in a massive cyberattack that has affected hundreds of companies and government agencies throughout the world since late May. Affected life insurers and reinsurers use a file transfer system called MOVEit to exchange data with PBI Research Services. Since January, the Clop gang has been using a vulnerability in the file transfer system to install ransomware software on organizations’ computers.

Clop announced on June 7 in a blog post that it would begin publishing stolen client information if affected companies did not make ransom payments by June 14. The organization appears to be continuing to negotiate with some victims, but it has started posting some of the affected records on a site on the “dark web,” according to press reports.

The total number of affected life and annuity customers may be much smaller than the number of records affected. Some people may have had two or more life or annuity products included in the hacked data. A life insurer and a reinsurer also may have had separate affected records related to the same underlying product.

What It Means

Thieves, blackmailers and other foes who want to see your clients’ personal information and get into their retirement accounts, annuity accounts, life insurance accounts and other accounts may now find it cheaper and easier to accomplish those tasks.

Known Life, Health & Annuity Clop Victims

Here’s a look at some of the companies affected by the Clop attack and the number of policyholders and other customers who might have been involved, based on SEC filings and reports to the Maine attorney general’s office, which has an especially…

Source…

Records of more than 181,000 patients, others at Scranton cardiology group latest to be hacked in NEPA

/in


Jun. 12—Hackers breached a Scranton cardiology group’s computer network and potentially obtained the private data of 181,764 patients and others, the Commonwealth Health System announced Monday.

It is the latest in a series of breaches targeting Northeast Pennsylvania medical providers, including one involving Commonwealth Health hospitals.

The breach of the cardiology group first occurred Feb. 2 in data maintained by Commonwealth Health Physician Network-Cardiology, also known as Great Valley Cardiology (GVC). The breach wasn’t discovered until April 13, the system said in a news release.

In explaining why the health care system did not announce the breach until Monday, officials said they needed two months to conduct a forensic investigation to identify everyone affected.

The information exposed, which varied from person to person, included: names, addresses and demographic information such as dates of birth; Social Security, driver’s license and passport numbers; credit card or debit card and bank accounts; and health insurance, claims and medical information. The medical information includes dates of service, diagnoses, medications and lab results.

In an email, Commonwealth Health spokeswoman Annmarie Poslock said the cardiology group has no indications the hackers used the information “in any way.”

Poslock said the group learned of the incursion from the U.S. Department of Homeland Security, which tracks potential cyber threats.

The cardiology group disconnected its network from the internet, disabled VPN access to prevent further access and referred the matter to law enforcement, according to the news release.

“The unauthorized parties no longer have access to the GVC (Great Valley Cardiology) network,” Poslock said.

The forensic investigation found that the hackers used a “‘brute force’ access attempt.”

“This is where the unauthorized party uses specialized software to generate passwords until one is successful,” she said. “Once the computer software found a real password, the unauthorized parties used that password to enter the GVC network. Where an unauthorized party has access to a network through a real set of credentials, it is often difficult to detect their presence…

Source…

JBS’s cybersecurity was unusually poor prior to 2021 ransomware attack, internal homeland security records show

/in


Key takeaways

* JBS’s cybersecurity was “outside the typical range” for food production companies, experts told the federal government following the 2021 attack. (JBS did not respond to requests for comment.)

* Experts said the range of devices connected to the internet at food companies leaves them vulnerable.

* It’s difficult to gather information on cyberattacks, and they happen more often than what is reported, experts said.

A May 30, 2021, ransomware attack on JBS, one of the world’s largest meat companies, disrupted the company’s operations internationally and ended when the company paid an $11 million ransom to Russian hacker group REvil. 

While food production companies are potentially lucrative targets for cyberattacks, JBS was poorly protected against them compared to similar companies, according to cybersecurity experts.

The food and agriculture industry is designated as a Critical Infrastructure Sector by the U.S. Department of Homeland Security, meaning its “incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety.”

The whole industry is vulnerable to attacks like the one on JBS — and they happen quietly and often, according to John Hoffman, senior research fellow at the Food Protection and Defense Institute at the University of Minnesota. 

In the aftermath of the JBS ransomware attack, a representative of cybersecurity risk management firm BitSight told national security officials that JBS had “many many issues” with its computer system.

“Overall rating was poor and outside the typical range for Food Production companies,” wrote BitSight Vice President Jake Olcott in a June 2, 2021, email to Jeffrey Greene, who served as the National Security Council chief of cyber response and policy at the time. 

The emails obtained by Investigate Midwest via a public records request shed light on the federal government’s and private industry’s response to the JBS attack. 

“We’ve observed a massive number of malware infections on JBS over the last year (including Conficker),” Olcott wrote in the email. “JBS has been…

Source…

‘Daam’ virus can steal all records from your phone, alerts cyber security agency

/in


New Delhi:An Android malware called ‘Daam’ that infects mobile phones and hacks into sensitive data like call records, contacts, history and camera has been found to be spreading, the national cyber security agency has said in its latest advisory.

The virus is also capable of “bypassing anti-virus programs and deploying ransomware on the targeted devices”, the Indian Computer Emergency Response Team or CERT-In said.

The agency is the federal technology arm to combat cyber attacks and guard the cyber space against phishing and hacking assaults and similar online attacks.

The Android botnet gets distributed through third-party websites or applications downloaded from untrusted/unknown sources, the agency said.

“Once it is placed in the…

Source…