November typically marks the start of the holiday shopping season, and the start of the security disasters that come with it. Last month, while some shoppers were busy ensuring their credit card information was processed and stored securely, government agencies and hospitals found themselves at the center of the data security conversation.
From ransomware attacks to internal data breaches, the below stories will catch you up on news you may have missed while searching for the perfect holiday gift.
Wall Street frets about cybersecurity as U.S. demands more data (by Andrew Ackerman, Wall Street Journal)
To keep an eye on the market, federal regulators want to collect massive amounts of private data to identify trends that will help them better predict what’s coming next. However, investment firms are worried. As more and more data is created, the risk for cyberattacks grows. In the first six months of 2015, nearly 29 federal agency networks were infected with ransomware. The more data an organization has, the greater the risk for attack – especially if they don’t know what’s living inside it.
U.S. bank authority warns of data breach that took 10,000 records (by Jon Fingas, Engadget)
Insider threats are a bigger danger than most organizations (including the government) believe. In November 2015, a worker for the U.S. Office of the Comptroller of the Currency (OCC) took home more than 10,000 activity and staff records, copied a large number of files and then lost them. A year later, the OCC has implemented a policy that keeps employees from transferring data to removable storage without approval from a supervisor.
County government pays ransomware hackers to get files back (by Lee Matthews, Forbes)
In early November, Madison County, Indiana experienced a ransomware infection that shut down the entire county’s computer network. Unfortunately for Madison County’s IT team, it was in the middle of setting up a backup plan when the attack began. While government officials agreed to pay the ransom, saying that it was “less than most county residents would have anticipated,” the exact amount has yet to be disclosed. Ransomware attacks on government agencies are not uncommon. As a result of budget constraints, IT infrastructure is often made up of out-of-date technology and small security staffs.
30K affected in Texas Hospital breach (by Robert Able, SC Magazine)
Integrity Transitional Hospital in Denton, Texas experienced a data breach that affected nearly 30,000 patients. After identifying suspicious behavior, an investigation found that lab tests, health insurance information and driver’s licenses were compromised. Looking to 2017, the industry should be prepared to hear about many more healthcare breaches. Common pitfalls will include the increase in shared services, vulnerable internet of things (IoT) devices and a lack of security training.
Someone tried to infect Army Cyber Command with ransomware (by Chris Bing, Cyberscoop)
The Army Cyber Command was just another government agency hit with a ransomware attack in November. After employees found phishing emails in their inboxes, the organization alerted employees to the malicious emails and shared information about how to spot similar threats. Containing attachments that looked like they came from the office of personnel management, the documents were infected with Locky ransomware. If unnoticed, this strain of malware can impact entire business units.
Subscribe for email updates about the latest cybersecurity news.