A new ransomware group makes a splash and more supply chain security problems.
OneTouchPoint
Exploit: Ransomware
OneTouchPoint: Business Services
Risk to Business: 1.772 = Severe
OneTouchPoint, a provider of mailing and printing services, fell victim to a ransomware attack that has resulted in the compromise of personally identifiable information (PII) stored on its system. The company discovered encrypted files on some of its systems on April 28. It was later determined that the attackers had accessed its network on April 27 determined that the compromised systems contained PII provided by its customers.
Individual Risk: 2.335 = Severe
Exposed information includes names, addresses, birth dates, date of service, description of service, diagnosis codes, information provided as part of a health assessment and member ID. OneTouchPoint lists 34 healthcare insurance carriers and healthcare services providers that have been impacted, but the number appears to be larger.
How It Could Affect Your Business: This is going to end up costing this company a fortune in both incident costs and regulatory penalties.
NetStandard
Exploit: Ransomware
NetStandard: MSP
Risk to Business: 1.672 = Severe
Kansas-based managed service provider NetStandard suffered a cyberattack that resulted in the company pressing pause on its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint and CRM services. The MSP detected signs of a cyberattack last Tuesday morning and quickly shut down cloud services to prevent the attack’s spread. The company announced that only the MyAppsAnywhere services are affected, but news outlets report that the attack may have had a broader impact, with the company’s main site shut down as well.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business MSPs have been squarely in cybercriminals’ sights as they concentrate firepower on the supply chain.
WordFly
Exploit: Ransomware
WordFly: Business Services
Risk to Business: 2.773 = Moderate
Email list provider WordFly has been the victim of a ransomware attack. WordFly’s main website is unavailable and has been offline for the past two weeks. The company says that they discovered the problem on July 10. WordFly said that they believe that customer data was accessed but they didn’t specify the nature of that data. The Smithsonian Museums, Canada’s Toronto Symphony Orchestra and the Courtauld Institute of Art in London are among the company’s clientele.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: Ransomware attacks on service providers in the supply chain are an ongoing problem that won’t be going away anytime soon.
DuPage Medical Group
Exploit: Hacking
DuPage Medical Group: Healthcare Organization
Risk to Business: 1.619 = Severe
Illinois-based DuPage Medical Group, an organization with more than 700 doctors in 100 locations, has been the victim of a cyberattack that exposed patient data. The incident occurred between July 12-13 and caused a network outage. An investigation determined that bad actors had likely accessed patient data. The medical group is notifying 600,000 patients that their personal information may have been compromised.
Individual Risk: 1.619 = Severe
Illinois-based DuPage Medical Group, an organization with more than 700 doctors in 100 locations, has been the victim of a cyberattack that exposed patient data. The incident occurred between July 12-13 and caused a network outage. An investigation determined that bad actors had likely accessed patient data. The medical group is notifying 600,000 patients that their personal information may have been compromised.
How it Could Affect Your Business: Healthcare is the industry with the highest data breach cost, and its’ been beleaguered by ransomware.
United Kingdom – Wooton Academy Trust
Exploit: Ransomware
Wooton Academy Trust: School Operator
Risk to Business: 2.304 = Severe
The Hive ransomware group is claiming responsibility for a ransomware attack against the Wooton Academy Trust, operators of Wooton Secondary School and the Kimberley college for 16-19-year-olds. The gang is demanding a $500,000 ransom, the amount it claims the school has available in cyber insurance. In an unusual twist, the gang allegedly messaged students and parents, informing them that they had stolen the students’ home addresses, bank details, medical records and even psychological reviews. The school says that the incident has affected scheduling for next year, along with the production of some grade sheets. It hopes to retrieve lost data from backups in order to resume normal operations within 10 days.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Cybercriminals have been going after schools consistently for the last few years as virtual learning pens up profit opportunities for them.
United Kingdom – Bromford Housing Association
Exploit: Hacking
Bromford Housing Association: Housing Assistance Organization
Risk to Business: 1.929 = Severe
Bromford Housing Association, a housing program with tenants across Gloucestershire, has been the victim of a cyberattack. Bromford manages 40,000 homes across central and southwest England, providing services for around 90,000 people. The company says it was forced to shut down its technology systems including communications, appointments and online payments. Clients are limited to service and payments by phone. There’s been no word on what if any data was stolen.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Service disruptions from cyberattacks can cost companies big in both productivity and reputation.
France – MDBA
Exploit: Hacking
MDBA: Defense Contractor
Risk to Business: 2.017 = Severe
A new cybercrime group claims that it has snatched data from European missile developer and manufacturer MDBA. The bad actors call themselves Adrastea and claim to have obtained 60GB of confidential data by exploiting vulnerabilities in the company’s network. Adrastea claims to have taken information about the company’s projects, OT, defense systems the company has worked on, and other sensitive data about military matters.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Cybercriminals are hungry for OT information and similar proprietary data, especially of this sensitive nature.
Italy – Italian Revenue Agency (Agenzia delle Entrate)
Exploit: Ransomware
Italian Revenue Agency (Agenzia delle Entrate): Government Agency
Risk to Business: 2.017 = Severe
A ransomware attack has hit the town of St Mary’s in Ontario, locking staff out of internal systems and encrypted data. The ransomware group LockBit has claimed responsibility. The cybercriminals uploaded a sample to their leak site containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Town officials were quick to reassure citizens that essential municipal services like transit and water systems haven’t been impacted. No word on any ransom demand or if the municipality plans to pay. LockBit is also responsible for another attack on a small town this week, hitting Frederick, Colorado on July 14. The group is demanding $200,000 not to publish the data snatched from Frederick, CO.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business The bad guys know they have a higher chance of getting paid thanks to the time-sensitive nature of government services, making them prime targets
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident