Exploit: Phishing attack
Carle Foundation Hospital: Regional, not-for-profit healthcare provider
Three company employees fell victim to a phishing scam that gave hackers access to their email accounts containing patient data. Although the hospital immediately secured the accounts, the easily preventable incident will expose Carle Foundation Hospital to intense regulatory scrutiny and cascading costs related to the breach.
The compromised email accounts belonged to three physicians, and they included data from patients that received cardiology or surgery services at Carle. The data includes patient names, medical record numbers, dates of birth, and clinical information. Fortunately, patients’ Social Security numbers and financial data were not included in the breach. However, personal data is a widely accepted currency on the Dark Web, since personally identifiable information(PII) can be used to facilitate additional cybercrimes. Therefore, those impacted by the breach need to closely monitor their accounts for usual activity while being mindful of other malicious uses of that information.
Exploit: Malware attack
Miracle Systems: IT services provider for government contracts
Using stolen credentials, hackers gained access to several databases that store company data related to the US military. The breach, which occurred on three separate occasions between November 2018 and July 2019, was enabled by a malware attack that was distributed via a malicious email attachment. Although the stolen data was years old, the company was closely scrutinized by the Secret Service, and company leaders estimate that they’ve lost as much as $1 million because of the breach. Of course, this doesn’t include the opportunity costs associated with a loss in trust and business with the government.
Several email account credentials were stolen during the breach, and their accessibility was broadly advertised on the Dark Web. Although the company believes that this information is outdated, all employees.