CYBER SECURITY NEWS – WEEK OF SEPTEMBER 23, 2024
Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals
- A significant data breach affecting nearly one million NHS patients has emerged following a ransomware attack on London hospitals earlier this year.
- The Qilin ransomware gang published sensitive patient information, including medical symptoms related to conditions like cancer and sexually transmitted infections.
- An analysis by CaseMatrix estimates that over 900,000 individuals’ data was compromised, though neither NHS England nor the affected pathology service provider, Synnovis, have confirmed these figures.
- The leaked data includes personal details such as names, dates of birth, NHS numbers, and contact information, alongside sensitive pathology and histology forms that detail patients’ medical conditions.
Fuel industry software hit by data leak, IDs and Drivers Licenses exposed
- A significant data leak has affected FleetPanda, a cloud-based fleet management software used in the fuel industry.
- Cybersecurity researcher Jeremiah Fowler discovered that the company maintained an unsecured database containing 780,191 personal documents totaling 193 GB.
- This database included sensitive information such as driver’s licenses, background checks, and various documents related to fuel shipments and deliveries, all of which contain personally identifiable information (PII).
- The files, which were generated between 2019 and August 2024, were accessible without a password, raising concerns about potential unauthorized access before the database was secured.
Dell investigates data breach claims after hacker leaks employee info
- Dell is currently investigating claims of a data breach after a hacker, known as “grep,” leaked information about over 10,000 employees.
- The breach allegedly occurred in September 2024 and includes sensitive details such as employees’ unique identifiers, full names, and employment status.
- A small sample of the data was shared publicly, while access to the complete database can be obtained for a fee of approximately $0.30 on a hacking forum.
- In response to these allegations, Dell confirmed that their security team is looking into the situation.
Sibanye-Stillwater Mining Company Confirms Data Breach Exposing Information of 7,258 Employees
- Sibanye-Stillwater, a mining company operating the only platinum and palladium mines in the U.S., has confirmed a significant data breach affecting 7,258 employees.
- The cyberattack, detected in July 2024 but occurring in June, compromised sensitive personal information including names, Social Security numbers, financial details, and medical information.
- The breach caused operational disruptions across the company’s global IT systems, although core mining activities remained largely unaffected.
Thousands of ServiceNow KB Instances Expose Sensitive Corporate Data
- Security researchers have discovered that over 1,000 ServiceNow instances, representing 45% of those tested, are unintentionally exposing sensitive data from their Knowledge Base (KB) articles due to misconfigurations.
- Exposed data includes personally identifiable information (PII), internal system details, user credentials, and access tokens for live production systems
- Many organizations with multiple ServiceNow instances had consistently misconfigured KB access controls across each one, indicating a systematic misunderstanding
- Around 60% of exposures involve older versions of KBs set to allow public access by default, while others have “User Criteria” rules unintentionally granting access to unauthenticated user
- ServiceNow has provided guidance to customers on addressing the issue and began proactively taking action to help protect customers whose KBs may still permit greater access than desired
Disney ditching Slack after massive July data breach
- Disney is moving away from Slack as its primary internal communication platform after a massive data breach in July 2024 exposed over 1TB of confidential messages and files
- The company has already begun migrating to new “streamlined enterprise-wide collaboration tools” and plans to complete the transition by the end of its next fiscal quarter
- The breach, carried out by a threat actor named ‘NullBulge’, compromised almost 10,000 Slack channels containing sensitive information such as upcoming project details, financial data, IT infrastructure details, and other confidential materials.
Ascension’s Financial Comeback Stalled by Costly Cyberattack, Resulting in $1.8 Billion Loss
- In May 2024, Ascension Health, one of the largest nonprofit health systems in the U.S., suffered a significant cyberattack that severely impacted its financial recovery efforts.
- Prior to the attack, Ascension was on track to improve its financial performance, having reported a $332 million operating loss for the first ten months of the fiscal year ending April 30, 2024, a substantial improvement from a $1.9 billion loss during the same period the previous year.
- However, following the cyberattack, Ascension’s total operating loss surged to $1.8 billion by the end of the fiscal year.
- The organization attributed this decline to widespread disruptions in clinical operations, interruptions in access to critical systems, and increased expenses related to remediation efforts.
- The attack not only hindered revenue generation due to business interruptions but also necessitated additional spending to restore normal operations.
Star Health Data Breach: A Breach Of Trust And Accountability
- Star Health, one of India’s largest health insurers, recently experienced a significant data breach that compromised the personal details of over 31 million customers.
- This incident, attributed to a hacker known as “xenZen,” involved the creation of chatbots that allowed unauthorized access to sensitive documents, including medical records and tax information, totaling more than 7.24 terabytes of data.
- Critics have pointed out potential deficiencies in Star Health’s technology and engineering practices, questioning whether outdated systems or poor integration with third-party components contributed to the breach. Industry observers have also highlighted weaknesses in the company’s DevOps capabilities, suggesting that they were unable to manage the influx of requests effectively.
- For affected policyholders, the breach poses significant risks, including identity theft and fraud.
- While Star Health has not yet provided a comprehensive response regarding the extent of the leak or future protective measures, regulatory scrutiny from the Insurance Regulatory and Development Authority of India (IRDAI) is anticipated.