HIPAABreachCyber SecurityHealthcare ITInformation SecurityPodcast

ProactiveIT Ep 26 – Is Ransomware a Data Breach?

By April 24, 2020 No Comments
Ep 26 Google & Fitbit Becoming More Involved with PHI, and Is Ransomware a Data Breach FB

This is the ProactiveIT Podcast.  This Week: The latest in IT and Cyber Security news plus More Updates and Warnings, Google & Fitbit Becoming More Involved with PHI, and Is Ransomware a Data Breach?

This is Episode 26!  

Intro

 Hi Everyone and welcome to the Proactive IT Podcast.  Each week we talk about the latest in tech and cyber news, compliance, and more.  We also bring you real-world examples to learn from so that you can better protect your business and identity. 

This podcast is brought to you by Nwaj Tech – a client-focused & security-minded IT Consultant located in Central Connecticut.  You can find us at nwajtech.com.

 Thanks for listening to this podcast.  Show us some love on Apple or Google Podcasts.  Subscribe and leave us some positive feedback.  What are you waiting for?

Also, go join the Get HIPAA Compliance Facebook Group.  Search for Get HIPAA Compliance

Patch Tuesday Update:

Chrome 81 Released With 32 Security Fixes and Web NFC API
Firefox 75 released with Windows 10 performance improvements
Juniper Networks Releases Security Updates
Microsoft releases April 2020 Office updates with crash fixes
Hackers Can Compromise VMware vCenter Server Via Newly Patched Flaw
Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update
Microsoft April 2020 Patch Tuesday fixes 3 zero-days, 15 critical flaws
Intel April Platform Update fixes high severity security issues

New Updates This Week

Apple Releases Security Update for Xcode
More Updates
Apple Patches Two iOS Zero-Days Abused for Years

Cyber Security News

IT services giant Cognizant suffers Maze Ransomware cyber attack 

Hackers selling 267 million Facebook records on hacker forum

Hacker returns $25 million after their IP address is exposed

DoppelPaymer Ransomware hits Los Angeles County city, leaks files

New Orleans Hit With Ransomware Again

Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online

US #COVID19 Relief Fund Leaks Data on Thousands of Firms

Topic 1: Scripps, Stanford working with Fibit to assess wearables’ COVID-19 tracking abilities

Topic 2:  Google wants to make it easier to analyse health data in the cloud

Topic 3:  Is it Time to Call Ransomware Attacks Data Breaches?

HIPAA Corner: 

https://www.phe.gov/Preparedness/planning/405d/Documents/resources-templates-508.pdf

Breaches

https://www.hipaajournal.com/category/hipaa-breach-news/

Ep 26 Google & Fitbit Becoming More Involved with PHI, and Is Ransomware a Data Breach PIN

Transcription (Unedited)

This is the proactive IT podcast this week the latest 19 cybersecurity news plus more updates and warnings Google and Fitbit becoming more involved with PH I, and is ransomware. a data breach. This is Episode 26 Hi everyone and welcome to the productive IoT podcast each week we talk about the latest in tech and cyber news compliance and more. We also bring your real world examples to learn from so that you can better protect your business and your identity. This podcast is brought to you by wash tech, a client focused and Security minded IT consultant located in Central Connecticut. You can find us at and wash tech.com that’s NWA Aj tech.com Hi, welcome to another episode of the productivity podcast. As always, wherever you’re listening to this, if you could like, comment, share, or review the podcast and it is available on almost every major podcast platform, all that I know of anyway, that would be awesome. We would greatly appreciate it because it does help us to spread the word and get new audience and so forth and you know, hopefully help someone out there to prevent a catastrophic cyber attack or compliance issue. And if you want speaking of compliance, if you’re in a HIPAA compliant business, please go to Facebook and in a search type in get HIPAA compliance join that group because there we share all kinds of HIPAA information and anything related to healthcare it and it will help you to remain compliant and Do your job, protect your patients. Ultimately, that’s what HIPAA comes down to. Let’s jump into it. We don’t have a question of the week, let’s jump into the Patch Tuesday updates. And last week was Patch Tuesday. So we had a number of updates that needed to be addressed. So if you missed that, make sure you go back to Episode 25. And listen to that. But we do have a number of patches again this week. So we have first of all Apple releases security update for Xcode, Apple has released a security update to address vulnerabilities in Xcode that a remote attacker could use to exploit the vulnerability. So if you’re using Xcode, make sure you move up to Xcode 11 point 4.1. We have a Google Chrome update that also needs to be addressed that was you know, that’s I think it’s been updated three times this month, but the the most recent update is at 1.0 point 404 4.1 to two so you should end in one to two So make sure you take care of that immediately. Open SSL has released some security updates. So you should be on version 1.1. point one G. Microsoft released security updates for multiple products around the Autodesk FB x library. So any of their products that use Autodesk FBX library have vulnerabilities in them. Those products include office 2016 2019, office 365, Pro Plus, and paint 3d. And it can be used to to remotely attack your systems. So get that updated. What else do we have? I think that’s the updates. We have a couple of warnings as well that we’re going to talk about. We have one other update I’m sorry. So Apple did release or has updated to iOS zero days that have been abused for a while. They affect Apple Mail and on Apple, iOS Apple versions, I’m sorry, iOS version six in 13 point 4.1 you should be on 13 point 4.5 that is in beta right now. And it will eventually be updated to 13 point 4.5. And that will be a full release. So the vulnerability does allow for someone to take over mail and remove emails, delete emails, send emails and so forth. So you should address that ASAP. 13 point 4.5 for iOS. Right as I said, we have a couple of warnings one, the first one from the NSA in the Australian Signals Directorate, which is ASD. They jointly released a cybersecurity information sheet on mitigating web shell malware, malicious cyber attack, cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system commands by deploying web shell malware cyber attackers can gain persistent access, persistent meaning they’re going to On to compromise networks. The information sheet provides techniques to detect and recommendations to prevent malicious web shells. And this is on the system’s website. So there is a link from that posting to the to the information sheet. So if you’re using web shells in your environment, check that out. Also IC three which is an FBI agency, the internet crime complaint center, has released an alert warning of recent increase in extortion, email scams, cyber criminals threatened to release sexually explicit photos or videos of victims unless they agree to send payment. So I’ve I’ve I’ve shared that information, I don’t know probably four or five times on this podcast, or on a daily podcast. No. So I’m sharing it again because I continue to get questions around it. You know, from people that would never or at least I hope they wouldn’t go to porn sites. Things like that. So it’s a scam. And it usually winds up in your spam folder. So if you’re looking for it, and you find it in your spam folder, then it just tells you even more so that it’s a scam. If you’re getting into your inbox, and we need to talk because then you’re getting phishing emails and scams into your inbox, and that’s a problem. But those are the two warnings that came out this week. One from the NSA and one from the FBI. I see three. All right, let’s do a little news. Round up. We have some big news actually. This is on bleeping computer but it’s been reported all over the place and I’ve been trying to get some updates for you. I have not gotten much more in the way of updates but one of the world’s largest msps it may be the largest MSP out there. It service Giant Cognizant suffers Mays ransomware cyber attack and we’re gonna talk a little bit about me as ransomware when we get to the hot topics, more about more along the lines of data breaches, but Cognizant has been hit by what is suspected to be major ransomware. There is not a whole lot more information than not accept them that Cognizant has started to alert their clients and alert them as to how to determine if they have any ransomware. But specifically, mais ransomware on the network, on their networks. Now, because I’m going to talk more about this in a few minutes. I will just say this maze ransomware is one of those ransomware operators that does steal your data before encrypting your network and then telling you if you don’t pay up, we’re gonna release your data to on hacker form, and it will be available to the public. So this will this is this just happened this week over last weekend. So we will see how this plays out. I have not been able to uncover any more information as of yet. On hackery to have hackers selling 267 million Facebook records on accurate form. Currently the trove of 267 million Facebook records are being sold for around $600 on a hacker forum. Fake Facebook has more than 2.5 billion billion monthly active users and when its data is breached, that’s bad news for everyone today is one of those days where personal data of millions of unsuspected users has been put at risk. In December, hacker read reported that a misconfigured Elasticsearch server exposed the personal information of 267 million users. These records mostly belong to users in the United States and included Facebook profiles, full names a unique ID for each account and a timestamp. The good news is it does appear that passwords were not included in that breach. So there’s that but You can expect some spear phishing to come out of this. Also on hacker read a hacker, who got caught basically returned $25 million after his IP address was exposed. This This occurred in China. This was reported on April 21. So this happened on April 20. A Chinese lending platform named lend f.me, using a lending protocol by de force was hacked, resulting in a loss of $24.36 million worth of ether and Bitcoin and USD stable coins. Now in a shocking twist of events, the entire sum has been returned by the attacker. And the reason is because their system was set up to retrieve IP address information. Once he was exposed, the the website Lund f.me said hey, we have your information, you might want to think twice about what you’re doing. And so he returned the money in two different installments. So, you know, if you’re going to hack disguise where you’re hacking from on bleeping computer double pay Merlin’s. So we have two municipalities that got hit this week that we know of. One of those was Los Angeles County called Torrance, the city of Torrance of Los Angeles much upon area. California has allegedly been attacked by a double payment ransomware having encrypted unencrypted data stolen and devices encrypted. So again, the trend is still the data, encrypt everything and then demand money. So in this case, they’re demanding about $690,000 in in Bitcoin to get the decrypter. And of course, what will happen is if Torrance doesn’t pay up, which is as of right now it doesn’t look like to have then the top hammer gang will release the data that they have stolen, they have 20 gigs worth of files. They did release a little bit to show that they do have it. Basically they released the the hierarchy of the files system that was stolen. So they it looks like they stole the entire file system, whatever it was, and they’re sharing some of that on their forum and saying don’t pay us the $690,000. We’re going to release the rest. Not to be outdone New Orleans once again in the ransomware news department. I’m getting this there isn’t a lot of information on this for some reason, but I’m getting us on wwL tv.com. Orleans Parish assessor’s office hit by ransomware attack official said no personal info lost, which is probably why it’s not showing up on any of the ITC cites It is unclear when the ransomware was discovered and what kind of damage it did to the system. New Orleans, the Orleans Parish assessor’s office is latest government agency to be hit with a cyber attack the agency which handles property assessments and taxes in the city of New Orleans said in a statement Friday that it was working with the FBI to investigate the security breach. The Orleans Parish assessor’s office is working closely with Federal Bureau of Investigation after our server was breached by ransomware official said in a statement no personal or confidential information was stolen due to the multiple levels of authentication in the assessor system and all all the office functions will continue as the data critical to the operation of the office is still accessible. The office said it would continue to reevaluate homes for the 2021 tax year and the public facing sections of the assessor’s office website would not see any changes. It is unclear when the ransomware was discovered and what kind of damage it did to the system. The city of New Orleans was crippled at the end of 2019 by a severe ransomware attack that forced the city to reform are all government computers delaying all levels of city governance. The state of Louisiana suffered a similar attack which shut down OMB services for several weeks, there’s no indication of whether the latest attack was related to either of the previous ones. So New Orleans seems to be right in in the targets of the ransomware operators for summary On MSN, we reported this on our daily show. MSN reports nearly 25,000 email addresses and passwords allegedly from NIH, who gates Foundation’s are and others are dumped online. Unknown activists have posted nearly 25,000 email addresses and passwords allegedly belonging to the National Institutes of Health, World Health Organization, the Gates Foundation and other groups to combat the Coronavirus pandemic, according to the site intelligence group, which monitors online extremism and terrorist groups. Now when you hear who did this, where they suspected this I should say, you’re gonna be you’re gonna be a little surprised while site was unable to verify whether the email addresses and passwords were authentic, the group said that the information was really Sunday and Monday and almost immediately used to ferment attempts at hacking and harassment by far right extremists. In Australian cybersecurity expert Robert Parker Potter said he was able to verify that the who email addresses passwords were real little whose origins are unclear appear to have first been posted to 4chan a message board notorious for its hateful and extreme political commentary and later to paste into tech storage site to Twitter and too far right extremist channels on telegram in a messaging app so most of us probably know what telegram is. Think think Twitter would not really twitter twitter owns it’s encrypted trying to think of it what am I trying to think of think WhatsApp, but but not video calls and neo nazis and white supremacist capitalized on the lists so that’s the surprising part to me anyway, and publish them aggressively across their venue said read a cat sites executive director using a data far right extremist work calling for a harassment campaign while sharing conspiracy theories about the Coronavirus pandemic. The distribution of these alleged email credentials were just another part of months long initiative across the far right to weaponize the COVID-19 pandemic. The report by site based in Bethesda, Maryland said the largest group of allegedly emails and passwords was from the NIH with 9938. Found in this list posted online, the Centers for Disease Control and Prevention had the second highest number with 6857. The World Bank with 15 and 20 in the list of who addresses and passwords total 20 732. smaller numbers of entries were listed for the Gates Foundation, private philanthropic group whose co founder Microsoft co founder Bill Gates last week, announced 150 million dollars in new funding to combat the pandemic. Also targeted was the Wu Han Institute of biology, a Chinese Research Center in the city where the pandemic began, that has been accused of a role in triggering the outbreak. So here we go. With white supremacists getting involved in online extortion and hacking and data breaches and so forth. It’s kind of scary to be honest with That, you know, most people don’t think of these groups as being as having high levels of access to tools and ability to do these things. And it’s that’s actually not true. So it’s going to be interesting as we move forward, because there is a lot, a lot of conspiracy theories are out there around COVID-19. And there seems to be an increasing number of hostility on both sides of this thing. So hopefully, we can all calm down and come to cool level heads and stuff like this doesn’t continue. Also, speaking of COVID-19, the SBA was breached. And as we know, the SBA is giving out loans and in some cases on grants to help small, small businesses and you know, I’m not going to get political here on this but it didn’t really work the way they expected. I don’t think but anyway, US COVID-19 relief On the x data on thousands of firms This was reported on info security magazine calm but it’s been reported in a few different places. Thousands of us businesses may have had personal information PII leaked online after a government agency error led problems with applications for economic relief. The Small Business Administration admitted the error and your letter to affect a company’s widely reported in the us this week. It claimed that a problem was discovered with the online portal used by businesses to apply for economic injury disaster loans, which is idle for sure. Ideal. unspecified personal Identifiable Information link to 7900 businesses may have been disclosed to the other applicants of the program. So it wasn’t it wasn’t malicious attack. It was an error, but it may have exposed information to other businesses. They do say that the PPP portion of the of the stimulus stimulus package was not impacted. So that is good news. I suppose. But beyond the walk, you know, just watch your credit, watch your, your banking information and so forth. Make sure that your business does not become compromised from this Get, get some identity monitoring some breach monitoring going on if you need some breach monitoring, if you want me to check since and an email to support at and wash dot tech and wha tech, and we’ll be happy to check for you. And if you want monitoring, we could talk about that too. But we’ll check once for free. No problem. I have no problem doing that. So just reach out to us. Or you can just message us on Facebook. It’s m.me dot Hold on. I’m gonna mess that up. I was getting the Facebook address wrong. It’s m.me slash and wash tech m.me slash NW AJ tech. That’s our Facebook Messenger. You can also message us there We got a few hot topics two of them are these mega corporations trying to get involved or more involved I should say in healthcare. The first one being reported in healthcare IT news calm scripts Stanford working with Fitbit to assess wearables COVID-19 tracking abilities. We see an enormous opportunity to enhance disease tracking for improved population health during the COVID-19 pandemics at Scripps Research translational Institute’s Dr. Eric Topol, Scripps health and Stanford medicine have joined with Fitbit for a new study to gauge how well wearable devices can help track trace and isolate COVID-19 and other infectious diseases. The Scripps Research translation translational Institute recently launched an app based research program called detect that can analyze wearable health data, such as activity levels, heart rate and sleep and to more quickly detect viral illnesses caused by Coronavirus, influenza or other infectious diseases. The Stanford healthcare Innovation Lab, meanwhile, recently launched its own COVID-19 wearable study, which is exploring how data collected from wearables like heart rate, heart rate, skin temperature and blood oxygen saturation can be used to predict the onset of an infectious disease before symptoms start. So not just COVID-19. But other things like the flu. With Fitbit scripts in Stanford, other institutions are welcome to join in a consortium they say plan to assess how well such device driven approaches could be scaled up for public health response to outbreaks like COVID-19. Earlier this year, Scripps published evidence that wearables can help predict onset flu and similar diseases before symptoms start. The goal of the new consortium is to build on that research. With special focus on public health emergencies like this one, researchers will run many studies independently with a findings aggregated and shared across the consortium. Fitbit will help boost consumer awareness and help its customers participate in the effort so you will have to opt in. opt in. It will also donate wearable devices to scripts Stanford and others Fitbit users can learn how to participate in the studies through the company’s COVID-19 resource web. And there is an article on this page on this post, which will be a link to on the show notes. It’s looking like consumers devices will have a big role to play in any large scale track and trace effort to stem the tide of COVID-19. This past week, Apple and Google announced plans to develop API based API enabled interoperability between iOS and Android products and eventually build Bluetooth based contact tracing functionality into their respective operating systems to give public health officials better visibility into how Coronavirus might be spreading. Fitbit, meanwhile, also rolled out a new feature this week that can connect you To telemedicine services through its partnership with vendor plus care. From our previously published work, we know that data collected from consumer wearables can significantly improve the prediction of influenza like illnesses, said Dr. Eric Topol, director and founder of SRT AI. In a statement we see an enormous opportunity to enhance disease tracking for improved population health during the COVID-19 pandemic, and are pleased to join this new consortium to bring value to the research community. By bringing together these and other leaders in scientific research, we hope to rapidly advance science and innovation in the fight against COVID-19 by promoting consumer participation and critical release research efforts, supporting frontline health care workers and donated wearable devices and sharing learnings quickly and openly across research partners added James Park, co founder and CEO of Fitbit. So it’s interesting because you know, we’re you have to opt in so both the Fitbit thing and The Apple and Google thing you have to opt in even once the app on Google thing is OS based, you have to opt into it now, so not everybody’s gonna opt in. And I think a big part of that is do we trust Fitbit, Google and Apple to not release our PHR to people we don’t want it to get in, get in the hands of and then there’s the whole tracking piece so now we’re giving it not that it doesn’t already exist, because it absolutely does GPS is on all smartphones now. And you can be tracked, even if you turn GPS off, you could still be tracked, it’s not as accurate but you could still be tracked. But we’re essentially saying yes go ahead and track me track my movements track you know, so there’s there’s some gray area there that I’d like to see them address if they’re going to move forward with this because that those areas kind of scare me. You know, there’s even some talk online of, of using a chip implant. To track things and I know for a fact that is not going to sit well in America. So I would like to see more information as to how they plan to roll this out what safeguards are in place, there’s a lot of interoperability going on here. That tends to lead to potential breaches. And so obviously, there’d be a lot of concerns in that area. Speaking of Google, on Zd net, Google wants to make it easier to analyze health data in the cloud. google has opened up its cloud healthcare API to allow doctors to analyze data using cloud computing technologies. So you know, another API in place here. And if you know anything about API’s, you know that they are historically not secure. So this is another issue to consider with with these these large mega companies work together to you know, under the under the Healthcare umbrella. Trying to choose my words carefully here under the healthcare umbrella. There may be some opportunities here for the bad guys to sneak in. And I think that’s the concern that I have with a lot of this. But anyway, Google has expanded the availability of its cloud healthcare API in a bid to improve healthcare interoperability, and help providers drive insights from a myriad sources of medical data. Google’s cloud healthcare API allows healthcare organizations to collect and manage various types of medical data via the cloud, including digital imaging and communications in medicine. Also, daikon for short di c om, alpha level seven and East healthcare interoperability resource standards that’s Did I say East it’s fast healthcare interoperability resource. fH IR standards. This data can be fed through analytics and machine learning programs so that healthcare providers can identify patterns that could help improve patient care, which, you know, if that’s, that’s great, you know, let whatever we could do even if it’s to take a few minutes off of somebody’s healthcare that could save lives. As Google notes gathering a unified view of the multitude of data formats and inputs often possesses a Herculean Herculean effort, not least due to the highly fragmented nature of the healthcare systems, meaning the different systems use different formats and different EMRs EHR. So they’re not it’s going to take a lot of effort to have them all. All become the same format, all readable for everybody, which is something that HHS and OCR and other organizations have been trying to accomplish for years now. This is not new on C was trying to work on this as well. interoperability was always in place doesn’t always work well because you know the same reason that information isn’t always easily translated to whatever system the next doctor in the next healthcare system might use. It is hoped that running capture data through AI and machine learning while identify patterns that could help improve patient outcomes, which is an issue that has taken center stage as healthcare providers around the world scramble to react to the COVID-19 pandemic. We know that the pandemic is impacting every aspect of the healthcare industry differently and that needs organizations that the needs organizations are rapidly evolving Google said in a blog post. Our goal is to bring our technology expertise to bear in helping with experts, your experts so that healthcare organizations can focus on providing the best care to as many people as possible. Google launched its cloud healthcare API in early access release in March of 2018. The company has been working on partnership with Mayo Clinic since 2019. To demonstrate how cloud based AI technology could transform healthcare delivery. Mayo Clinic has since been using Google’s cloud API healthcare API to enable the storage and interoperability of its clinical data. Google said dr. john Halla, Maka allama halamka, President of mayo clinic platform said, we’re in a time where technology needs to work fast, securely and most importantly in a way that furthers our dedication to our patients. Google clouds healthcare API accelerates data liquidity among stakeholders and in return will use will help us better serve our patients. The issue of interoperability remains a tricky subject with healthcare battles over data formats and ownership stymies efforts to join up healthcare systems and make patient data available to healthcare professionals whenever the end whenever wherever they need it. So imagine, you know, two giant healthcare systems that use different data formats. They’re not going to want to budge and change those formats because of the massive costs that would be involved and the training That would be involved in the US. inroads have been made recently through the passing of rules by centers of Medicare and Medicaid Services, and National Coordinator for Health Information Technology OMC to make it easier for healthcare organizations to exchange patient data for patients to access their own information. So we’ve talked about that before but rights of access so Google said its cloud healthcare API was designed to scale and support interoperability and patient access. It added that the COVID-19 pandemic had made the need for increased data interoperability more important than ever. elsewhere. The Internet giant has been harnessing its mobile technology to aid effort to track the corona virus outbreak. We talked about that a couple times already. In a partnership with Apple and the COVID-19 tracking via smartphones, the operating systems through Bluetooth are not out yet. But that is something that is being worked on. So again, Google to go dipping your hands into healthcare. And you know, it might be prime time that it happens because of COVID-19. And because it’s not even just the outbreak right now it is the concern that fall in winter might be worse when combined with the flu. So we’ll see what comes with that. I’m sure there’ll be more talk around that as well. I’d love to hear your thoughts. If thoughts and concerns, you know, what do you think? What do you think about Google Cloud healthcare API, working with more healthcare providers to try to slow down this pandemic? What do you think about them? We’re going with Apple tech to come up with a way to trace people who may have COVID-19 what do you think about Fitbit? It’ll be interesting to see what people think and where it goes from here. And, you know, obviously, there are some, some concerns some risk factors involved too. So we’re going to try something a little different here. We’re going to talk about whether or not ransomware attacks should be coming. a data breach indices. This is not a new topic. It’s been around for a little while. It’s been kicked around for a little while. But this comes up this week because of the ransomware attack on Cognizant, know, Cognizant is a very large, it vendor, an MSP. They have, I believe 300,000 employees, and I think I saw $15 billion in revenue last year. They were hit with a ransomware attack and have lots of customers and they’ve warned their customers that this has happened. So now they’re dealing with the ramifications of that. What are the ramifications? So the attack was maze ransomware maze was the first one, I believe to say the maze ransomware operators were the first one to say if you don’t pay up, we’re going to release the data we have stolen to the public. So In some cases, not a big deal, because, you know, the company probably doesn’t have any sensitive information, but maybe they do. Who knows. But in some cases like Cognizant boot can just about guarantee they have health care providers and other, you know, law firms and financial firms that probably have some sensitive information and have some compliance issues. So now it becomes an issue. So now, maze ransomware. And now some others. So don’t mcareavey Doppel primer and a few others have said, we’re going to hit you a ransomware. But before we hit you with the ransomware, we’re going to steal your data. And if you don’t pay that ransom demand, we’re going to post that data on our hacker forums. And so now you’re releasing your sensitive information and potentially client sensitive information to the world. That is a data breach by definition that is a data breach. So if if in the case, let’s say Cognizant here, has, I don’t know, let’s say they have 500 gigs of data, client data sensitive data could be you know, credit card information, PII in some cases, it could be pH I if to have this information, and it gets shared to the world. That is a, I mean, it’s already been breached. So Mase already has it, that is the definition of a data breach. the theft of data from one company to one company is a data breach. So it means has gone in, taken the data, taking it off of cognizance network, brought it to wherever they’re going to store. That is a data breach. You know, a data breach could be as simple as a thumb drive that goes missing or a laptop that goes missing all the way to something like this where or a data breach could be, you know, you’re left to an Elasticsearch database or an s3 bucket open to the public. On the internet. That’s a data breach because Now it’s available to more people that shouldn’t be seeing it. And so we hear these things all the time. They’re all data breach, they all qualify as data breaches. And we don’t. We don’t have data breach laws everywhere yet, it will, it will eventually happen to us, we’ll have to catch up and have their own version of GDPR, which would which this would fall under GDPR. In Europe, this would fall under the ccpa, California Consumer Protection Act. New York has the New York shield law. So all of these things would fall under, under if Cognizant, and I’m not even sure Cognizant is based, I believe they’re based somewhere in Europe. But this would fall under data breach for those, those you know, whether it’s Europe or the states, individual states, um, it qualifies as a data breach and because of the size of the organization, you can bet there would be significant penalties in any of the cases. So Mays ransomware in the last few months. has hit South wire which is down south, I believe in Georgia and demanded a significant amount of money. I believe it was $6 million in Bitcoin. And there hasn’t been an update to that. But they did the same thing. They leaked the data on their forms, and said pay up. Oh, we’re gonna release more. They don’t release it all at the same time. Yeah, it was $6 million. They don’t release it all at the same time, but they do release some just to show that they have and then they keep releasing a little bit at a time to say we do have it. Eventually did publish 14 gigs worth of files, which is, you know, if it’s just documents, that’s a lot of files. chub was it just was in March earlier this year. Earlier this month, they were hit. Allied universal was breached. Chubb is an insurance carrier, by the way, they they’re a big cyber Insurance Agency. They sell a lot of cyber insurance. That’s their main focus, I believe, and they were hit with Mays ransomware. So that means their data was pulled off of Chubbs internal network. And Mays kept it and Mays again, there hasn’t been a lot of updates since since the last one at the end of March. I’m sorry, it was last month, not this month. So it’s been about a month since we’ve gotten an update on that. But chub was also hit and chub if you’re in the IT world, you know that they’re one of the one of the players in cyber insurance. Now they’ve been breached, do you trust someone who sells cyber insurance to provide cyber insurance to you if you’re in it or any business for that matter, when they have been breached? now it becomes a reputation issue as well, not just a data breach, but it is a data breach. They took the data off of their network, they now know who has potentially now know who has cyber insurance from Chubb. And what does that mean? That means now that that those companies, those individuals could become phishing attacks and nine we all know it’s 90% of ransomware attacks begin with a phishing attack. And if it’s made, it becomes a data breach if it’s if it’s Doppel paper or soda mcareavey, it becomes a data breach. Allied universal. I don’t have a lot of detail on that one. But they were also hit with a data breach, major ransomware attack, which was a data breach. They did leak the stolen data. And now we have cognitive so Cognos, it just happened a few days ago. And there are others. These are some of the bigger ones. Cognizant just happened. Or, Oh, I forgot one. In December we had one for city of Pensacola. Right. Do you remember that was $1 million ransom request. City of Pensacola in a few days later, there was a shooting on I believe a military base wasn’t related. So Mays was quick to point out they had nothing to do with that. But city Pensacola really, really took a big hit in that one week period and their data was breached their data was stolen and leaked. So then and what does this tell us? So we have a municipality. Well there’s one on Italy as well. There’s South wire which is a what it sounds like they make they make wires and things like that. There’s one here. Allied Where did it go? allied universal which I’m not sure what allied universal is. You have Chubb which is a cyber cyber insurance carrier provider. Allied universal is a security company it says facility like physical security. You we did have one on Hammersmith It was called which was a facility in the UK that was preparing to test COVID-19 vaccines and this As I said, we’re not going to attack healthcare facilities during this pandemic. And they had attacked right before the period before this was called a pandemic. They, so, that aspect of it, they said, we’re not going to do it. They did it before they said they weren’t going to do it. But they released the data on their forms after they said they would not attack any healthcare facilities. So what what is the point I’m trying to make here? And then of course, you have Cognizant, they don’t care what industry you’re in, they’re going they’re opportunists. They’re going to attack whatever they can get. And they’re going to try to make money off of whatever they can get. The question here is, is this such as should this be considered a data breach? And if you think about the basic, very basic definition of a data breach, is when someone breaks in, steals your data, and leaves what that data and then does whatever they do plan to do it that data right. The data is no longer in your control. That is is a data breach. Mais Sodano KB Doppel payment and a few others now are doing just that they break in, they don’t do a physical break in and do it through your, you know, a lot of times through phishing, or some other vulnerability that they’ve they’ve found on your, your systems. They steal the data. Then they encrypt everything. And they leave you a message saying pay this ransom, or we’re going to start releasing data. So in that now that the ransom amounts have gone up, because they’re saying,

Transcribed by https://otter.ai

Scott Gombar

Author Scott Gombar

More posts by Scott Gombar

Leave a Reply