Get Started Today!  732-747-9373   

Fotolia 68929807 M new

DeckerWright Corporation Blog

The Week In Breach: 9/18/2019 - 9/24/2019

United States - Carle Foundation Hospital

Exploit: Phishing attack
Carle Foundation Hospital: Regional, not-for-profit healthcare provider

Three company employees fell victim to a phishing scam that gave hackers access to their email accounts containing patient data. Although the hospital immediately secured the accounts, the easily preventable incident will expose Carle Foundation Hospital to intense regulatory scrutiny and cascading costs related to the breach.

The compromised email accounts belonged to three physicians, and they included data from patients that received cardiology or surgery services at Carle. The data includes patient names, medical record numbers, dates of birth, and clinical information. Fortunately, patients’ Social Security numbers and financial data were not included in the breach. However, personal data is a widely accepted currency on the Dark Web, since personally identifiable information(PII) can be used to facilitate additional cybercrimes. Therefore, those impacted by the breach need to closely monitor their accounts for usual activity while being mindful of other malicious uses of that information.

 

United States - Miracle Systems

Exploit: Malware attack
Miracle Systems: IT services provider for government contracts

Using stolen credentials, hackers gained access to several databases that store company data related to the US military. The breach, which occurred on three separate occasions between November 2018 and July 2019, was enabled by a malware attack that was distributed via a malicious email attachment. Although the stolen data was years old, the company was closely scrutinized by the Secret Service, and company leaders estimate that they’ve lost as much as $1 million because of the breach. Of course, this doesn’t include the opportunity costs associated with a loss in trust and business with the government.

Several email account credentials were stolen during the breach, and their accessibility was broadly advertised on the Dark Web. Although the company believes that this information is outdated, all employees.

The Week in Breach: 9/30/19 - 10/4/19
Cyber Criminals Business Models

Mobile? Grab this Article!

Qr Code

Latest Blog

United States - Zynga Exploit: Unauthorized Database Access Zynga: Social Game Development CompanyHackers gained access to the company’s database, which exposed the personally identifiable information (PII) for millions of customers. The company discovered the brea...

Account Login