Security Breach – 1 Dec 2023

With the number and frequency of ransomware attacks growing constantly, it’s no surprise that many small businesses fall victim to one.

Security Breach – 1 Dec 2023

In an era dominated by digital landscapes and interconnected networks, the ominous shadow of ransomware looms larger than ever over businesses of all sizes. As the threat landscape continues to evolve, ransomware attacks continues to morph into new forms while remaining a formidable and pervasive menace. Businesses face a complex web of risks in the wake of escalating ransomware attacks. From crippling financial implications to the potential compromise of sensitive data, the stakes are higher than ever.

With the number and frequency of ransomware attacks growing constantly, it’s no surprise that many small businesses fall victim to one. Many business owners concede that it could be possible to fall victim to a ransomware attack in the next 12 months and that it would have a significant impact on their organisation.

Businesses must take every precaution to put themselves in the best possible position to recover from a ransomware attack. Having a business continuity and disaster recovery (BCDR) solution, a ransomware-specific incident response plan and endpoint detection and response (EDR) with a ransomware rollback feature will go a long way toward mitigating disaster.

Recent Breaches

 

United States – Idaho National Laboratory (INL) – Nuclear Research Laboratory

Exploit: Hacking

Risk to Business: Extreme: SiegedSed, a hacktivist collective that claims to be made up of “furries” says that it has stolen an assortment of data from the Idaho National Laboratory (INL). Officials at INL confirmed that it has experienced a data breach after bad actors infiltrated its Oracle HCM system. The exposed data belongs to employees of the facility and includes employees’ full names, dates of birth, email addresses, phone numbers, Social Security Numbers (SSN), physical addresses and employment information. INL has been in touch with the U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to investigate.

United States – Welltok – Software Service Provider

Exploit: Hacking

Risk to Business: Severe: Healthcare Software-as-a-Service (SaaS) company Welltok has disclosed that it experienced a data breach thanks to the MOVEit file transfer exploit. The company said that its MOVEit transfer server was breached on July 26, 2023, exposing the personal data of nearly 8.5 million patients in the U.S. Patient data exposed during the breach, included full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information. The breach impacted institutions in various states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois and Massachusetts.   

Talk to a TCT team member today about implementing cyber security plan for your business.

Robert Brown
1/12/2023

Related Articles:
Cybersecurity Mistakes of Small Business
Using Threat Modelling to Reduce Your Cybersecurity Risk