CYBER SECURITY NEWS – WEEK OF MAY 29, 2023
Harvard Pilgrim says customers’ information compromised in cyber attack
- Personal information was stolen in a massive health insurance hack. Point32Health, the parent organization of Harvard Pilgrim Health Care, said the cyber attack started in March.
- Psychologist Bryan Harnsberger of Wellesley is among the providers who missed two weeks of payments from Harvard Pilgrim due to the ransomware attack and received very little communication about why. “For the most part a lot of people are flying blind. It’s felt like the Wild West out here,” Harnsberger said.
- The company says information was taken from Harvard Pilgrim systems from March 28 to April 3, including names, addresses, Social Security numbers, taxpayer ID numbers, and medical information and history.
Emby shuts down user media servers hacked in recent attack
- Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration.
- “We have detected a malicious plugin on your system which has probably been installed without your knowledge. [..] For your safety we have shutdown your Emby Server as a precautionary measure,” the company informed users of affected servers in new entries added to the log files.
- The attacks began in mid-May 2023 when the attackers started targeting Internet-exposed private Emby servers and infiltrating those configured to allow admin logins without a password on the local network.
Chinese hackers breach US critical infrastructure in stealthy attacks
- Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, an island hosting multiple military bases, since at least mid-2021.
- Their targets and breached entities span a wide range of critical sectors, including government, maritime, communications, manufacturing, information technology, utilities, transportation, construction, and education.
- “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the Microsoft Threat Intelligence team said.
Industrial giant ABB confirms ransomware attack, data theft
- Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data.
- The company has issued a press release and an FAQ describing the incident, with many details — including indicators of compromise (IoCs) — being withheld due to the ongoing law enforcement investigation.
- “ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating, and exfiltrated certain data,” ABB said. “The company is working to identify and analyze the nature and scope of affected data and is further assessing its notification obligations.”
Apria Healthcare notifying 2 million people of years-old data breaches
- Home medical equipment provider Apria Healthcare is notifying nearly two million individuals of personal information being compromised during data breaches that occurred in 2019 and 2021.
- According to the notification letter sent to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s Office, the first data breach occurred between April 5 and May 7, 2019.
- The same unauthorized party, the company says, also accessed its systems between August 27 and October 10, 2021.
- Apria says the data breaches were discovered after it received a notification of unauthorized access to its systems, but did not specify where that notification came from.
Meta fined €1.2bn for violating GDPR
- Facebook’s owner Meta has been fined €1.2bn ($1.3m) by EU regulators for violating the General Data Protection Regulation (GDPR), the Irish Data Protection Commission (DPC) announced on May 22, 2023.
- The Irish watchdog claimed that Meta’s transfers of personal data to the US on the basis of standard contractual clauses (SCCs) since 16 July 2020 violate GDPR.
- While the EU and the US are working on a new data flow deal expected later this year, Meta and other multinational companies have continued to rely on the previous agreement illegally, the DPC claimed.
- Meta has been given until October 12, 2023, to stop relying on SCCs for their transfers.