In 2020, healthcare provider EyeMed was breached and exposed 2.1 million patient records. The intrusion lasted a full week and the cyber criminals were able to obtain personal information that went back 6 years. The cyber criminals then used the data to launch a phishing attack on 2000 of those patients.
“Attackers gained access to an EyeMed email account to which EyeMed clients sent sensitive consumer data relating to vision benefits enrollment and coverage.”
In court last week, it was revealed that EyeMed didn’t maintain proper password management. EyeMed agreed to pay $600,000 going to the State of New York. The breach affected 98,632 residents of New York – where the lawsuit took place. (Infosecurity-magazine)
My question to you: How much is personal data worth? It’s difficult to quantify -the type of information and its quantity is different from one account to another. In this case, they determined each person’s data was valued to be $6! Furthermore, that compensation was not given to the individual, but rather to the state of New York. What are your thoughts?
Personal information of 515,000 people was accessed through Red Cross. An unknown attacker accessed over half a million accounts of people from around the world, “including those separated from their families due to conflict, migration, and disaster, missing persons and their families, and people in detention.” Although the data doesn’t seem to have been exposed to the public, the article states how upset they are that a humanitarian organization would be attacked.
Robert Mardini, the ICRC's director-general, said in a statement, “We are all appalled and perplexed that this humanitarian information would be targeted and compromised.” (EuroNews)
My question to you: Hackers attacked hospitals during the pandemic. Are you shocked they targeted a humanitarian organization? Do they have any limits?
I stumbled upon this article about the creepiest technologies in the world. Obvious nominations are deepfakes, self-driving cars and sophisticated robots. However, the second nominee is smart speakers. So we’re talking about Amazon Echo, Google Home devices and others. What’s really scary is that we are only considering this may be “creepy” technology after millions of devices have already been sold and used. I think this will be a lesson for legislators and companies in the future because if something goes wrong, companies won’t be allowed to sell smart devices without some kind of certification of safety. (Business Insider)
My question to you: What are your thoughts on smart speakers?
QNAP specializes in network-attached storage appliances used for file sharing, virtualization, storage management and surveillance applications. The privately owned company has over 1000 employees.
Last week, ransomware gang called DeadBolt targeted QNAP NAS storage devices using a zero-day vulnerability. "According to ransom notes posted by alleged victims and security researchers, DeadBolt is demanding 0.03 bitcoin from victims (currently valued at just over $1,100 USD)."
One user on the QNAP NAS forums, "citgtech," wrote Wednesday that they had paid the ransom and were given an invalid decryption key.
My question to you: Have you been affected by this attack? What would you do in this situation?
In last week’s Cyber Weekly, I wrote about the Canadian Centre for Cyber Security. Well, on the same day, Canada’s foreign affairs department experienced a cyber attack. It’s still being investigated but it seems like no data was leaked.
“At this time, there is no indication that any other government departments have been impacted by this incident,” Monday’s statement said. (CTV News)
My question to you: Do you think cyber criminals have a wicked sense of humor? It’s looking like it.
Update: One prediction I made earlier at the beginning of 2022 was that cloud providers are likely to become a huge target for cyber attacks this year. I found an article talking about this idea as well. They also predict an increase in cryptojacking, and insider threats. Click here for more insights.
Access The Untold Stories of IT Professionals.
Assurance IT launched IT Spotlight - a weekly newsletter putting the spotlight on IT professionals. Get the inside scoop on their careers, their predictions in the industry and more. Once a week, every week, find out what other IT professionals are up to. Learn more here.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.