United States - DeBella’s Subs
Exploit: Malware Attack
DeBella’s Subs: Rochester-Based Restaurant Chain
Credential stealing malware was discovered in the restaurant chain’s information systems almost a year after the initial incident. However, the company acknowledged that the breach investigation was completed well before the company notified the public, a misstep that will undoubtedly mar the recovery process. The company is taking steps to ensure that this type of attack won’t be successful in the future, but that won’t help the hundreds of thousands impacted by this data breach.
United States - Great Plains Health
Great Plains Health: Local Hospital
A ransomware attack disrupted many services at Great Plains Health, including email and other internal communication technologies. As a result, the healthcare provider has cancelled some procedures and appointments, while continuing to provide emergency services as needed. Whether Great Plains Health ultimately decides to pay the ransom or to attempt a recovery from backups, the result will undoubtedly be expensive. Especially when coupled with the opportunity cost and reputational damage that accompanies a data breach, the consequences of a ransomware attack can be financially devastating and long-lasting.
United States - Magellan Rx Management
Exploit: Phishing Scam
Magellan Rx Management: Full-Service Pharmacy Benefit Manager
An employee fell for a phishing scam that provided hackers with access to his account, which contained health plan member data. The breach occurred back on May 28th, and it wasn’t identified until July 5th. However, it’s unclear why the company waited until November before disclosing the breach to the public. Officials haven’t found any evidence that the data was misused, but the lengthy response time makes it more difficult for those impacted by the breach to secure their information before it’s used for nefarious purposes.