top of page
  • OpaCyber

Cyber Security Incidents Updates wk31

Here’s your Cyber Security Incidents Update for wk31 2024


(a once-a-week on Monday glimpse into just a fraction of the Cyber Security events of the previous week to inform regarding the depth and breadth of the incidents world-wide)


-Organisation

⦿ HSA provider HealthEquity, Utah, USA (HSA = Health Savings Account, basically pre-paying into a savings account for when those very expensive US medical bills arrive)

-Data compromised

⦿ The information of 4,300,000 people, believed to include protected health information and/or personally identifiable information. This data was not directly accessed from HealthEquity but from an unstructured data repository outside its core systems



-Organisation

⦿ OneBlood, a non-profit blood bank which provides blood services to more than 300 hospitals in Florida, Georgia and the Carolinas in the US

-Data compromised

⦿ A ransomware attack impacted OneBlood's operations causing it to operate at a significantly reduced capacity, resulting in it asking the hospitals it serves to activate their critical blood shortage protocols


-Organisation

⦿ Cencora, a Pennsylvania-based Fortune 50 corporation, confirmed that personal health data was exfiltrated during a previously reported cyberattack in February. However the organisation stated that "there is no evidence that any of the data has been or will be publicly disclosed”. Meanwhile (in what I'm sure is an entirely unrelated report) cyber security firm Zscaler identified a $75 million ransom payment made to the Dark Angels ransomware gang in early 2024 by a Fortune 50 company



One piece of good news 👍:

Vinoth Ponmaran the leader of a tech support fraud scheme was sentenced to seven years in prison, plus a fine of $6M, in the US. The scheme targeted at least 6,500 elderly victims in the United States and Canada by falsely claiming, via pop-up windows, that their computer was infected with malware



One final note:

The UK's Information Commissioner’s Office (ICO) has found that the UK's Electoral Commission (EC) had basic security failings which allowed hackers to access the personal details of 40 million British voters. The incident, which occurred in Aug 2021, was a result of the commission not updating its servers with patches for vulnerabilities released in April and May 2021 and having weak password-management policies

Comments


bottom of page