Everyone knows that a data breach can negatively affect the health of your computer system and your brand reputation. However, new research suggests that cyberattacks can also adversely affect the health of your body. A recent study published in Health Services Research found a link between health care provider breaches and fatal heart attacks.
According to the research, death rates among heart attack patients at hospitals increase in the months following a data breach. This increase occurs because hospitals tend to strengthen security in the aftermath of a cyberattack, which slows down the entire process. Researchers found that it takes patients 2.7 minutes longer to receive an electrocardiogram at hospitals that suffered breaches. This slowdown leads to an additional 36 deaths per 10,000 heart attacks. Over 700,000 Americans experience a heart attack in an average year.
Of course, it doesn’t help that cyberattacks on SMBs continue to rise as they also grow more targeted and sophisticated. According to “The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses,” cyberattacks on SMBs increased for the third straight year. Other findings from this report commissioned by Keeper Security and conducted by the Ponemon Institute:
- 66% of SMBs worldwide reported a cyberattack within the past 12 months
- 76% of SMBs in the U.S. reported a cyberattack within the past 12 months
- 88% of U.S. respondents spend less than 20% of overall IT budget on security
Now for this week’s collection of cyberattack news stories.
U.S. DATA BREACH NEWS (Oct. 9-31, 2019)
Better late than never, as far as the City of Baltimore is concerned. After a May cyberattack crippled city services, Baltimore leaders finally approved the purchase of a $20 million cyber liability insurance policy. The term of the policy only lasts one year, but a Mayor’s Office spokesperson says the city will maintain cyber insurance coverage moving forward. Baltimore also approved $3.7 million to pay the contractors who helped the city recover from the attack. This remains one of the most prominent cyberattack news stories of 2019, and we will continue to provide updates.
Gary, IN-based Methodist Hospitals recently alerted patients about a data breach caused by a compromised employee email account. Methodist first noticed the issue in June, and eventually found that two employees took the bait in a phishing attack. Compromised patient data includes names, addresses, health insurance information, Social Security numbers, medical record numbers, financial account numbers and more.
All current and former patients of North Florida OB-GYN received a notice that their PII and PHI got exposed. North Florida OB-GYN became aware of the attack on July 27, although the breach started three months earlier. The clinic notified the FBI and shut down network systems before launching a “confidential forensic investigation.” Compromised data includes names, dates of birth, Social Security numbers, drivers’ license numbers, health insurance information and more.
A Pennsylvania law firm filed a class-action lawsuit against Hy-Vee for its role in a seven-month-long data breach. That breach occurred between Dec. 14, 2018, and July 29, 2019, and affected Hy-Vee gas pumps, drive-thru coffee shops, Market Grille, Market Grille Express and Wahlburgers locations. The lawsuit accuses Des Moines-based Hy-Vee of failing to “implement adequate data security measures.”
Updating one of our cyberattack news stories from September, an attack Denver-based Regis University still affects students, faculty and staff. Despite an ongoing investigation, Regis University does not know the source or scope of the attack. As of mid-October, IT staff still worked to rebuild print services on campus and address over 100 data restoration requests.
About four weeks ago, hackers breached the computer system of Jasper County in South Carolina. Although still gathering information on the attack, Jasper County already spent thousands of dollars to get connected again. County employees continue to backfill data from when the computers went down, which might delay county tax and bill payments.
Even cyberattacks that don’t make the headlines can negatively affect a business’s bottom line. A September malware attack on the servers of Wisconsin-based Patrick Industries disrupted operations for two business days. Even though the attack went mostly unreported, Patrick Industries still took a $1.5 million hit in the incident.
A “public data tool” built by the Philadelphia Department of Public Health inadvertently compromised addresses, Social Security numbers, dates of birth and test results of thousands of people receiving medical care. The data covered people who received new diagnoses of hepatitis between 2013 and 2018. A Philadelphia Inquirer employee found the exposed database and notified the Health Department.
A ransomware attack on San Bernadino County Unified School District left servers inoperable and severed network access. However, most student and family data got stored on a third-party platform, so it remained unaffected by the attack. SBCUSD is working with law enforcement and security experts to restore access to the network.
Danville, PA-based Geisinger Health started notifying patients on Oct. 18 about a phishing attack on a third-party vendor. An employee at Magellan National Imaging Associates fell victim to a phishing attack, leading hackers to send emails from the affected accounts. Patient data exposed in the attack might include names, patient ID numbers, types of services and diagnoses.
On June 14, Louisville-based Insuramax discovered a data breach that allowed hackers access to certain employee email accounts. This attack affected not only customers but also people who submitted a claim or even just requested a quote. The type of exposed information varies by individual, but it could include names, dates of birth, drivers’ license numbers, Social Security numbers, financial account data and protected health information.
Eddie Bauer LLC agreed to a settlement that resolves a data breach which affected all American and Canadian stores. The agreement, which got approved on Oct. 25, earmarks $2 million for attorneys’ fees and $5 million for improved cyber security. Hackers installed malware on the Eddie Bauer system in Jan. 2016, then stole and sold customer payment card data.
Betty Jean Kerr People’s Health Center in St. Louis, which serves needy and uninsured patients, got locked down last month in a ransomware attack. After becoming aware of the attack, the clinic contacted the police and refused to pay the ransom. The exposed information includes names, addresses and Social Security numbers of patients. Information on medical providers and health center employees also got compromised in the attack.
Security researcher Bob Diachenko and Comparitech discovered a vulnerability that exposed the accounts of nearly 7.5 million Adobe users. An incorrectly configured database containing user information was left accessible through a web browser. Although the compromised data did not include passwords or payment information, it did include email addresses, subscription information and payment statuses.
South Carolina-based health system Prisma Health confirmed that compromised login credentials led to an August breach at six hospitals. The credentials allowed hackers to access patient and volunteer registration forms. Some of the personal information on the registration forms included names, addresses, dates of birth and Social Security numbers.
Check back later this month for more cyberattack news stories from across the United States. Meanwhile, if you’re concerned about the security of your business network, call Capital Network Solutions at (916) 366-6566.