Data Breach at Norton Healthcare After Ransomware Attack 

ALPHV, Data Backup, Data Breach, Employee Training, Norton Healthcare, partition hard drives, Ransomware, , , , , ,
30
Jan 2024

Healthcare data is some of the most sensitive and confidential data to exist in IT systems, so the ransomware attack at Norton Healthcare is a big deal. 

Based in Kentucky, Norton Healthcare is a provider who delivers health services to adults and children in over 40 clinics. Their objective, as with all healthcare providers, is to improve the lives of their patients. However, a recent data breach has done little to inspire a sense of wellness in their patients. The breach, which occurred in May this year but is only just being reported, was part of a ransomware attack. Norton Healthcare’s network was breached for two days, but there appeared to be no evidence that their medical record system had been accessed. 

Nonetheless, healthcare data should always be secure, and breaches in local networks represent a major cause for concern. 

The Norton Healthcare Attack 

The exact nature of the attack has, at present, not been released. But we do know what the impact of the breach was. After discovering that an attack was taking place, Norton was forced into turning its network off, the last thing a healthcare provider wants to do. As the attack was unfolding, Norton received, in a novel twist, a faxed ransom note featuring threats and demands. Later that month, a ransomware group known as ALPHV claimed responsibility for the attack. 

ALPHV released a statement to the dark web which claimed that they had managed to compromise 4.7TB worth of data from Norton Healthcare’s servers. As proof, ALPHV uploaded numerous files – containing patients’ bank statements and Social Security numbers – to backup their claims. Norton’s official line is that only some network storage devices were breached, and these only contained identifying information rather than any medical data. 

How Can Healthcare Providers Protect Themselves?

With more and more healthcare providers coming under attack from threat actors, it’s important that they understand how to minimize their risk. In fact, these lessons are valuable for any business running an IT network, so it’s time to find out how. So, to stay safe from ransomware attacks, make sure you follow this best guidance: 

  • Regular backups: it’s vital that you perform regular backups of your data to ensure, if it becomes encrypted by ransomware, you still have access to it. Ideally, these backups should be completed daily at the very least, and they should always be saved to secure locations. It’s important to keep copies of your backups offline as well, this will allow you to access your data even if you need to take your network down. 
     
  • Partition your hard drives: to minimize the impact of a breach, it’s a good idea to partition you hard drives and data storage. By separating these from your main network, and from each other, you’re limiting the files and data that malware can access. This minimizes the risk of data loss and allows you to keep important systems online. 
     
  • Employee training: educating your staff about the dangers of social engineering and phishing emails is one of the most important steps you can take. Ransomware, such as the strain encountered by Norton Healthcare, is often spread through emails and your employees need to be able to identify these threats before clicking on them. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

The Dangers of SIM Hijacking

Data Breach, Data Security, Ophtek, SIM Hijacking, TMobile Breach, , , ,
23
Aug 2021

A recent security breach of the T-Mobile network has resulted in two issues: the loss of confidential data and the risk of SIM hijacking.

Data breaches are commonplace in the world of hacking, but SIM hijacking is less familiar outside of the telecoms industry. SIM cards, of course, are used in mobile phones to identify users to networks and allow them to make calls. These SIM cards are highly secure given the amount of data they contain and the finances associated with them e.g. contracts. And mobile phones are now a crucial part of any modern business for communications to run smoothly. Accordingly, protecting SIM cards for organizations should be a major concern.

But what is SIM hijacking? And what can you do to protect your SIM cards?

The T-Mobile Breach

In what is the fourth such attack in 18 months, around 48 million customers – many of them former customers – have been affected by the latest T-Mobile breach. Quickly Check If You’re Email Was BreachedThe cause of this breach has not, as of yet, been identified, but the data in question has. Stolen data includes:

  • Names
  • Social security numbers
  • Birthdates
  • Driver’s license details

Around 850,000 customers who hold pre-paid accounts have also had their names, phone numbers and account PINs stolen. All of this data is currently being sold online and represents a major security threat to those involved. And, for those whose number has been exposed, there is also the very real risk of falling victim to SIM hijacking.

What is SIM Hijacking?

SIM hijacking is a process where a hacker attempts to obtain control over a mobile phone account by moving the associated number to a new device. This is achieved by contacting a service provider – such as T-Mobile – and adopting a false identity. You may wonder why people want to steal a mobile number. After all, having access to a set of phone numbers isn’t overly exciting for a hacker. But we live in a world where mobile phones are regularly used for two-factor authorization. Therefore, having access to a phone number can open all manner of opportunities to a hacker.

How Do You Prevent SIM Hijacking?

Once a hacker has your phone number there is little you can do to stop them attempting to hijack your SIM. Naturally, the simplest option is to limit the number of times you give out your mobile number. But this is difficult when we live in an age when so many companies request your number for contact purposes. Nonetheless, it is possible to limit the damage by carrying out the following:

  • Certain service providers such as T-Mobile and Verizon offer security features which block SIM swaps by either requesting a security PIN or using the existing device to authorize the swap

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Benefits of Cyber Security Insurance for Your Business

Cyber Attack, Cyber Security, Cyber Security Insurance, Data Breach, Data Security, Ophtek, , ,
18
May 2021

We’re all used to dealing with insurance for both our personal and business needs, but did you know it was possible to arrange cyber security insurance?

2020 saw financial losses caused by cyber crime topping $1 trillion. Yes, you read that right, $1 trillion. This is a phenomenal figure and one which underlines the damage that cyber breaches can cause. Ransomware, as you would expect, is a major contributor to this figure of $1 trillion and confirms just how important cyber security is. However, no set of defenses are 100% perfect. Accordingly, it’s possible for any organization to suffer financial losses. And this is where cyber security insurance comes in.

To help you understand the benefits of cyber security insurance and how it works, we’re going to take a quick look at the subject.

What is Cyber Security Insurance?

The impact of a data breach can be catastrophic for a business. Not only is there the damage to your reputation, but there are also the financial effects. Ransomware, of course, can pose an immediate financial risk. And many organizations feel pressured into paying the ransom fees demanded by hackers. There’s also the major risk of hackers causing direct damage to your hardware which, in turn, may need replacing. Compounding the impact even further is the threat of legal action from customers who feel as though their data has not been protected effectively.

Clearly, a cyber attack can quickly become very costly for your business. And it won’t be covered by your general liability insurance. This is why cyber security insurance has been developed. It serves to protect your business by covering your organization’s liability for any cyber attacks. This insurance is available from a wide range of vendors and is similar to almost all other forms of insurance. Each policy, which can be tailored to your specific needs, is costed accordingly and then registered against your business.

The Benefits of Cyber Security

But what exactly are the benefits of cyber security? Let’s take a look:

  • Recover Ransomware Losses: The funds demanded by ransomware can be costly and, if paid, can put a serious dent in your finances. Thankfully, with cyber security insurance in place, you can recoup any ransom funds through your insurance vendor.
  • Help Notifying Customers: By law, an organization needs to contact all affected parties when a data breach occurs. The time and energy required to carry out such a communication can be expensive. But the cost behind this exercise can be negated when you have taken out cyber security insurance.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What Should You Do AFTER a Data Breach?

Data Breach, data recovery, Data Security, Hackers, Hacking, Ophtek, , ,
04
May 2021

One of IT security’s main aims is to avoid data breaches. However, breaches are inevitable in the modern age. Therefore, you need to know how to recover.

The impact of a data breach can be huge and catastrophic for all involved; organizations and their clients can be equally affected when data is stolen. And, in many cases, the clients are the ones who have the most to lose e.g financial and personal data being leaked and spread by hackers. Accordingly, if your organization finds itself in the unenvious position of experiencing a data breach, there is a lot of work to do.

A data breach is a stressful event and cleaning up afterwards can be a real struggle. But, with our tips on what you need to do after a data breach, you should find it a little easier.

Coping with a Data Breach

Once a data breach is confirmed then it’s crucial that you carry out the following:

  • Identify the Stolen Data: Understanding exactly what has been breached is vital when it comes to evaluating the extent of the attack. As long as you have a suitable set of defenses in place, you should have access to intrusion detection systems. These tools will provide an insight into which files were accessed and what the hackers did with them e.g. deleted or copied them. Putting this picture together will allow you to determine your next steps.
  • Prepare a Fix and Test It: A data breach indicates that there is a hole in your defenses, so you should act quickly to plug this. It may involve installing a security patch or it may require a more in-depth response from your IT team. Whatever the solution, you need to put it in to place as soon as possible. This will protect your data and limit any further damage. But you need to make sure this fix works. Test the solution several times to guarantee that the attacker cannot launch the same attack again.
  • Advise All Your Customers: It’s essential that, once your fix has been established, you inform your customers of what has happened. Naturally, they will be anxious as the phrase “data breach” carry a certain amount of dread. Honesty, therefore, is the best policy. Advise your customers of the data that has been breached and how it could affect them. This may be as simple as asking them to change their passwords, but could also extend to contacting their financial providers if the relevant information has been compromised.
  • Evaluate and Build Stronger Defenses: The one benefit (and we’re using that verb lightly) of a data breach is that it prompts you to strengthen your IT defenses. Your organization will need to carry out a full investigation to understand exactly what happened. Was, for example, the breach able to succeed due to out-of-date software? Or was it down to a lack of staff training on the dangers of social engineering? Regardless of the cause, the solution will need to be determined and put in place to prevent future breaches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Email Phishing Scam Steals Snapchat Employees Data

Security, ,
19
Apr 2016

SNapchat620px

Phishing scams are well known within technology circles, but this doesn’t mean those in the tech industry are immune as Snapchat discovered in February.

Snapchat, for those of you who are not aware, is a social media app which allows users to send each other photos and videos with a limited viewing time. Once that time is up then the media disappears forever. It’s proved to be phenomenally successful and the company is estimated to be worth $20 billion.

However, even with the funds available to invest in state of the art cyber security, they still found themselves falling foul of a good old fashioned phishing scam. We are going to show you what happened in order to equip you with the knowledge needed to avoid a similar occurrence.

How Was Snapchat Hacked?

6357613873537576411298140331_snapchat-app_500-100224643-large.imgopt1000x70

The hack at Snapchat used a relatively simple phishing scam to gain access to sensitive employee data. The payroll department at Snapchat received an email which claimed to be from the company’s CEO requesting payroll information on employees. Unfortunately for the payroll department, this email was not genuine. It was a scam.

Not realizing the fraudulent nature of the email, an employee duly forwarded the required information to the hacker. The nature of the data disclosed has not been confirmed by Snapchat, but it’s suspected that it would include the following:

  • Bank details
  • Social security numbers
  • Salary information
  • Personal ID and addresses

Why Do People Still Fall for Phishing Scams?

Computer-Hacker

It may seem strange that such a master of modern technology can fall victim to such a simple phishing scam, but it’s by no means unthinkable. These scams have evolved over time to become more sophisticated and it’s often their simplicity which makes them so deceptive.

In the case of the email sent to Snapchat purporting to be from their CEO, it’s more than likely that it genuinely appeared to have been sent by the CEO. With even the most basic software, it’s possible to fake outgoing email addresses and, if I wanted, it wouldn’t be difficult for me to send an email apparently from bill.gates@microsoft.com

And although this particular Snapchat employee was left thinking “I should have known better”, they most likely thought they were being a helpful employee and were keen to impress their CEO. However, it’s this type of tempting payoff which makes phishing scams so hard to resist.

The Aftermath of the Scam

To Snapchat’s credit, they responded fairly quickly and within four hours they had managed to confirm this was an isolated attack. A report was filed with the FBI and employees affected by the scam were offered two years’ worth of identity theft insurance and monitoring. More importantly, Snapchat underlined their determination to increase the intensity of their security training within the next few weeks.

Snapchat’s case highlights just how vulnerable even multibillion dollar corporations can be when confronted with even the simplest hacks. The importance of good quality security training which focuses on even the most intricate details of phishing scams is paramount to ensure yours and your customer’s data.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2