Security Breach Update
27 August 2020

Healthcare breaches climb as attackers branch outHealthcare breaches climb as attackers branch out

When we think about a healthcare data breach, we’re often thinking about someone stealing payment information or personal data from a healthcare facility.

But that’s not all hackers are looking for anymore, and they’re ranging far outside the usual setting to find the information that they want – leading to a huge cybersecurity headache for healthcare organisations.

Just last week, hackers launched ransomware attacks against a device manufacturer and several healthcare providers, and they weren’t just targeting patient information – they were also looking for treatment and testing data related to COVID-19, a hot commodity on the Dark Web.

Recent Breaches

Australia – Canva – Digital Design Platform

Exploit: Unauthorized Systems Access

Risk to Small Business: Severe: Digital design powerhouse Canva found itself in hot water this week as hackers accessed the platform and used it to facilitate spear phishing attacks. Canva unwittingly provided phishing campaigns with graphics that then made the threat actors’ attacks appear more legitimate to facilitate pilfering credentials through social engineering trickery. The problem was first noted in February but has accelerated since.

The hack may be related to a significant May 2019 data breach that Canva has not confirmed but was widely reported.

Risk to Exploited Individuals: Moderate: At this time, Experian is not reporting that any sensitive financial or personal data was stolen, but this is an incident that could have long-reaching implications for South African consumers and businesses, and there is no guarantee that PII or financial data wasn’t compromised. Consumers and businesses should use caution in communications around financial topics and be alert for fraud, identity theft or spear phishing attempts

Customers Impacted: Unknown

United States – Carnival Corporation – Cruise Line

Exploit: Ransomware

Risk to Small Business: Severe: Carnival has released a statement noting that on August 15 attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network.

Preliminary assessment of the incident, Carnival said it expects that the attackers gained access to some guest and employees’ personal data, but it is still investigating the incident. This is Carnival’s second breach this year after another breach was disclosed in March.

Risk to Exploited Individuals: Severe: The investigation into exactly what data and what kind of data was stolen is ongoing. Carnival expects that both passenger and employee data has been impacted, but has offered no specifics. Anyone who has travelled on a Carnival cruise and staffers should be wary of phishing and identity theft attempts.

Customers Impacted: Unknown

Ensure you’re protecting your data and systems from common sources of credential compromise and data loss by implementing a solid cybersecurity plan.

Talk to a TCT sales team member today and we can show you how.

Robert Brown
27/08/2020

Follow us on LinkedIn:

Related Articles:
Cyber criminals need hosting and cybersecurity protection, too
Cyber Security and the Changing Threat Landscape

Written by