The Week in Breach News: 07/27/22 – 08/02/22
A new ransomware group makes a splash, more supply chain security problems, key findings from IBM Cost of a Data Breach Report 2022 and details about the August Powered Services Pro campaign.
See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>
OneTouchPoint
https://www.securityweek.com/onetouchpoint-discloses-data-breach-impacting-over-30-healthcare-firms
Exploit: Ransomware
OneTouchPoint: Business Services
Risk to Business: 1.772 = Severe
OneTouchPoint, a provider of mailing and printing services, fell victim to a ransomware attack that has resulted in the compromise of personally identifiable information (PII) stored on its system. The company discovered encrypted files on some of its systems on April 28. It was later determined that the attackers had accessed its network on April 27 determined that the compromised systems contained PII provided by its customers.
Individual Risk: 2.335 = Severe
Exposed information includes names, addresses, birth dates, date of service, description of service, diagnosis codes, information provided as part of a health assessment and member ID. OneTouchPoint lists 34 healthcare insurance carriers and healthcare services providers that have been impacted, but the number appears to be larger.
How It Could Affect Your Customers’ Business: This is going to end up costing this company a fortune in both incident costs and regulatory penalties.
ID Agent to the Rescue: Our Deep Dive into Ransomware bundle contains 3 educational resources that will help you gain expertise to keep your clients away from trouble! GET THIS BUNDLE>>
NetStandard
Exploit: Ransomware
NetStandard: MSP
Risk to Business: 1.672 = Severe
Kansas-based managed service provider NetStandard suffered a cyberattack that resulted in the company pressing pause on its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint and CRM services. The MSP detected signs of a cyberattack last Tuesday morning and quickly shut down cloud services to prevent the attack’s spread. The company announced that only the MyAppsAnywhere services are affected, but news outlets report that the attack may have had a broader impact, with the company’s main site shut down as well.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business MSPs have been squarely in cybercriminals’ sights as they concentrate firepower on the supply chain.
ID Agent to the Rescue: Learn to build an effective program that reduces cyberattack risk with the guide How to Build a Security Awareness Training Program. DOWNLOAD IT>>
WordFly
https://www.theregister.com/2022/07/26/wordfly_ransomware_attack/
Exploit: Ransomware
WordFly: Business Services
Risk to Business: 2.773 = Moderate
Email list provider WordFly has been the victim of a ransomware attack. WordFly’s main website is unavailable and has been offline for the past two weeks. The company says that they discovered the problem on July 10. WordFly said that they believe that customer data was accessed but they didn’t specify the nature of that data. The Smithsonian Museums, Canada’s Toronto Symphony Orchestra and the Courtauld Institute of Art in London are among the company’s clientele.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business: Ransomware attacks on service providers in the supply chain are an ongoing problem that won’t be going away anytime soon.
ID Agent to the Rescue: See the biggest risks that businesses face today and get a look at what cyber threats your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>
DuPage Medical Group
Exploit: Hacking
DuPage Medical Group: Healthcare Organization
Risk to Business: 1.619 = Severe
Illinois-based DuPage Medical Group, an organization with more than 700 doctors in 100 locations, has been the victim of a cyberattack that exposed patient data. The incident occurred between July 12-13 and caused a network outage. An investigation determined that bad actors had likely accessed patient data. The medical group is notifying 600,000 patients that their personal information may have been compromised.
Individual Risk: 1.619 = Severe
Illinois-based DuPage Medical Group, an organization with more than 700 doctors in 100 locations, has been the victim of a cyberattack that exposed patient data. The incident occurred between July 12-13 and caused a network outage. An investigation determined that bad actors had likely accessed patient data. The medical group is notifying 600,000 patients that their personal information may have been compromised.
How it Could Affect Your Customers’ Business: Healthcare is the industry with the highest data breach cost, and its’ been beleaguered by ransomware.
ID Agent to the Rescue: Get the resources that you need to help you protect clients from complex risks in the Deep Dive Into Cybersecurity Bundle. GET BUNDLE>>
See five things that you can do to reduce nation-state cyber threat risk for your clients fast. GET CHECKLIST>>
United Kingdom – Wooton Academy Trust
https://www.infosecurity-magazine.com/news/ransomware-group-500000-school/
Exploit: Ransomware
Wooton Academy Trust: School Operator
Risk to Business: 2.304 = Severe
The Hive ransomware group is claiming responsibility for a ransomware attack against the Wooton Academy Trust, operators of Wooton Secondary School and the Kimberley college for 16-19-year-olds. The gang is demanding a $500,000 ransom, the amount it claims the school has available in cyber insurance. In an unusual twist, the gang allegedly messaged students and parents, informing them that they had stolen the students’ home addresses, bank details, medical records and even psychological reviews. The school says that the incident has affected scheduling for next year, along with the production of some grade sheets. It hopes to retrieve lost data from backups in order to resume normal operations within 10 days.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Cybercriminals have been going after schools consistently for the last few years as virtual learning pens up profit opportunities for them.
ID Agent to the Rescue Help your clients make sure they’ve dotted the i’s and crossed the t’s when it comes to security with The Computer Security To-Do List. DOWNLOAD IT>>
United Kingdom – Bromford Housing Association
https://www.gloucestershirelive.co.uk/news/property/bromford-housing-association-shuts-down-7396811
Exploit: Hacking
Bromford Housing Association: Housing Assistance Organization
Risk to Business: 1.929 = Severe
Bromford Housing Association, a housing program with tenants across Gloucestershire, has been the victim of a cyberattack. Bromford manages 40,000 homes across central and southwest England, providing services for around 90,000 people. The company says it was forced to shut down its technology systems including communications, appointments and online payments. Clients are limited to service and payments by phone. There’s been no word on what if any data was stolen.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Service disruptions from cyberattacks can cost companies big in both productivity and reputation.
ID Agent to the Rescue The most likely vehicle for a cyberattack is a phishing message. Help your clients learn to spot phishing red flags with this informative infographic! GET INFOGRAPHIC>>
France – MDBA
https://securityaffairs.co/wordpress/133881/data-breach/mbda-alleged-data-breach.html
Exploit: Hacking
MDBA: Defense Contractor
Risk to Business: 2.017 = Severe
A new cybercrime group claims that it has snatched data from European missile developer and manufacturer MDBA. The bad actors call themselves Adrastea and claim to have obtained 60GB of confidential data by exploiting vulnerabilities in the company’s network. Adrastea claims to have taken information about the company’s projects, OT, defense systems the company has worked on, and other sensitive data about military matters.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Cybercriminals are hungry for OT information and similar proprietary data, especially of this sensitive nature.
ID Agent to the Rescue Get the Building a Strong Security Culture checklist and send it to your clients to help them ensure that they’re making all the right security moves. GET CHECKLIST>>
Italy – Italian Revenue Agency (Agenzia delle Entrate)
Exploit: Ransomware
Italian Revenue Agency (Agenzia delle Entrate): Government Agency
Risk to Business: 2.017 = Severe
A ransomware attack has hit the town of St Mary’s in Ontario, locking staff out of internal systems and encrypted data. The ransomware group LockBit has claimed responsibility. The cybercriminals uploaded a sample to their leak site containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Town officials were quick to reassure citizens that essential municipal services like transit and water systems haven’t been impacted. No word on any ransom demand or if the municipality plans to pay. LockBit is also responsible for another attack on a small town this week, hitting Frederick, Colorado on July 14. The group is demanding $200,000 not to publish the data snatched from Frederick, CO.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business The bad guys know they have a higher chance of getting paid thanks to the time-sensitive nature of government services, making them prime targets
ID Agent to the Rescue Learn how to choose a training solution that will offer you and your clients a high degree of satisfaction in our Security Awareness Training Buyer’s Guide for MSPs. DOWNLOAD IT>>
Gain expert insight in the MSP Cybersecurity Roundtable: How Infrastructure Attacks Can Hurt Every Business. WATCH NOW>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
See how today’s biggest threats may impact your MSP and your customers in our security blogs.
- Inside 3 Specialized Phishing Attacks
- 10 Facts About Business Email Compromise That You’ve Got to See
- 4 Reasons Why Upping Your Email Security Game Right Now is Mission Critical
- This Dynamic Duo Dramatically Reduces Phishing Risk
- The Week in Breach News: 07/20/22 – 07/26/22
The NEW August Pro Campaign is Ready to Rock!
Ready for a fresh sales boost by promoting a hot topic? The new August Pro Campaign is now live in the Powered Services Pro Portal and focuses on Incident Response!
The August Pro Campaign explains the need for a proactive strategy around cybersecurity incident response. This campaign provides you with all-new content including checklists, infographics, blog posts, email templates, monthly newsletter templates, social graphics and videos. Use these assets to promote the importance of a cybersecurity incident response plan to make sure your clients are ready to face any ‘turbulence’ from a cyber incident. Check out the new campaign materials by clicking the button below!
If you’re not currently enrolled in Powered Services Pro, you’re missing out on the best sales enablement program in the industry. Learn more when you email the Powered Services Pro team.
Take a deep dive into ransomware and learn to protect your clients affordably with this resource bundle! GET IT>>
Q3 Product Updates Are Here!
Get the scoop on everything you can expect from our security solutions in Q3 and find out what’s coming next in our product update webinars.
Dark Web ID & Passly Q3 Product Update
BullPhish ID & Graphus Q3 Product Update
Did You Read Our Annual Reports?
Learn about email-based threats and what you can do to protect your clients from trouble in the State of Email Security 2022. GET IT>>
Explore the origins of today’s cyberattack risk and see what could be coming down the road in The Global Year in Breach 2022. GET IT>>
Did you miss…? The MSP Cybersecurity Roundtable Compliance GRC Webinar. WATCH NOW>>
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
The Cost of a Data Breach is Steep
4 findings you’ll want to study from the new IBM Cost of a Data Breach Report 2022
The yearly IBM Cost of a Data Breach Report is always a feast of information that brings clarity to the picture of data breach risk that organizations around the world face. This year’s report is packed with interesting and useful data that might be helpful for MSPs, giving you insight into the security concerns that your clients might have. Plus, you can gather some data that will be useful for starting profitable security conversations with your clients and prospects. Take a look at these four essential findings.
Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>
A New Record High Cost of a Data Breach
This report surveys 550 organizations across a variety of industries and geographies that experienced a data breach between March 2021 and March 2022. The top finding in this year’s report isn’t anything that IT professionals wanted to hear. Once again, the cost of a data breach has gone up, reaching $4.35 million this year, an increase of 2.6% from the 2021 cost of $4.2 million per incident, which was at the time the highest ever recorded in the 17 years of the study. It’s also a look at how the data breach landscape is progressing and the way that risk has evolved over time. This represents a major jump in the cost of a breach in a two-year span, up 12.7% from 2020’s $3.86 million, illustrating the constantly rising danger of a data security incident to businesses.
Unfortunately, an increasingly larger share of organizations are paying the price of a data breach these days too. The vast majority of IT professionals say that their organization is likely to have a data breach within one year. Making matters worse, for more than three-quarters of organizations in the survey, that won’t be their first trip down that road. Analysts estimate that more than 80% of companies have experienced more than one data breach incident already. Only 17% of the organizations that these researchers surveyed experienced their first data breach within the survey period. This finding makes it clear that every business is facing the prospect of a data breach, and the situation is less of an “if” than a “when”.
Average Total Cost of a Data Breach
(in millions USD)
2016 | 4.00 |
2017 | 3.62 |
2018 | 3.86 |
2019 | 3.92 |
2020 | 3.86 |
2021 | 4.24 |
2022 | 4.35 |
Source: IBM
Learn the secret to making compromised credentials your biggest money maker! WATCH WEBINAR>>
The Industry with the Highest Price Tag: Healthcare
A data breach isn’t affordable for anyone, but it hits a few industries a little bit harder than the rest. Far and away the industry with the most expensive breach cost is healthcare, notching almost twice the cost of the number two industry. The average cost of a healthcare data breach jumped almost $1 million to a record high of $10.1 million, which is 9.4% more than in 2021 and 41.6% more than in 2020. The picture isn’t looking any rosier for healthcare sector entities in 2022. So far this year, the healthcare sector has suffered 337 data breaches.
Behind healthcare, the financial sector came in second followed by pharmaceuticals, technology and energy. The financial industry saw an increase of 4.4% from $5.72 million in 2021 to $5.97 million in 2022. The financial sector was absolutely beleaguered by cyberattacks last year. The number one target for ransomware gangs, financial industry targets suffered almost one-quarter (22%) of all ransomware attacks in 2021. Other sectors also saw an increase in their breach cost. The industrial sector (comprised of chemical, engineering and manufacturing entities in this report), saw an increase in data breach cost of 5.4% from $4.24 million to $4.47 million in 2022. One bright spot was that the average total cost decreased slightly in four industries: pharmaceuticals, transportation, media and hospitality.
Most Expensive Data Breaches
(in millions USD)
Industry | 2022 | 2021 |
Healthcare | 10.10 | 9.23 |
Finance | 5.97 | 5.72 |
Pharmaceuticals | 5.01 | 5.04 |
Technology | 4.97 | 4.88 |
Energy | 4.72 | 4.65 |
Source: IBM
It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>
The Top Attack Vectors
The top 4 attack vectors have not changed from 2021. The most common initial attack vector in 2022 was stolen or compromised credentials, responsible for 19% of breaches in the study, at an average cost of $4.50 million. That was followed by phishing at 16% of breaches, cloud misconfiguration at 15% of breaches and vulnerability in third-party software at 13% of breaches. The costliest initial attack vector in 2022 on was general phishing at $4.91 million. Following phishing was the most expensive cyberattack that businesses face, business email compromise, at $4.89 million and 6% of breaches, with vulnerabilies in third-party software coming in third at $4.55 million and compromised credentials at $4.50 million.
Top Attack Vectors & Their Cost
Type | % of breaches | Cost (in millions USD) |
Credential compromise | 19% | 4.50 |
Phishing | 16% | 4.91 |
Cloud misconfiguration | 15% | 4.14 |
Third party software vulnerability | 13% | 4.55 |
Malicious insider | 12% | 4.18 |
Physical security compromise | 8% | 3.96 |
System error | 6% | 3.82 |
Accidental data or device loss | 5% | 3.94 |
Social engineering | 4% | 4.10 |
Source: IBM
Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>
Ransomware Costs More Than the Average Breach & Is Harder to Detect
Ransomware hasn’t gotten any less painful. There was good news this year about the average mean time that it takes for companies to discover a breach, which has dropped by 3.5% from 287 days in 2021 to 277 days in 2022, a decrease of 10 days. But that doesn’t apply in the case of a successful ransomware attack. A breach caused by ransomware takes 49 days longer to identify and contain than the average data breach. Digging a little deeper, 11% of breaches in the study were ransomware attacks, an increase from 2021, when 7.8% of breaches were ransomware, for a growth rate of 41%. The average cost of a ransomware attack also dipped slightly, from $4.62 million in 2021 to $4.54 million in 2022. However, ransomware is still slightly more expensive than other data breaches with an average cost of $4.35 million, not including any ransom paid.
Types of Breaches Experienced by Businesses
(in % of total breaches recorded)
IT failure | 24% |
Human error | 21% |
Supply chain attack | 19% |
Destructive attack | 17% |
Ransomware | 11% |
Other malicious attack | 8% |
Source: IBM
Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>
Help Your Clients Keep Their Data Safe
Our security solutions work together to help you keep your clients’ data safe at a price you’ll both love.
Security awareness and compliance training plus phishing simulation
BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.
- An extensive library of security and compliance training videos in eight languages
- Plug-and-play or customizable phishing training campaign kits
- New videos arrive 4x per month and new phishing kits are added regularly
- Easy, automated training delivery through a personalized user portal
Dark web monitoring
Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.
- 24/7/365 monitoring using real-time, machine and analyst-validated data
- Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses
- Live dark web searches find compromised credentials in seconds
- Create clear and visually engaging risk reports
Email security
Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.
- Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.
- Cloud-native security harnesses machine learning to inform AI using a patented algorithm.
- Put 3 layers of protection between employees and dangerous email messages.
- Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.
Click here to watch a video demo of Graphus now.
NEW INTEGRATION! If you’re already using BullPhish ID for security and compliance awareness training and phishing simulations, you’ll love our latest integration Advanced Phishing Simulations (Drop-A-Phish). This feature leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users when running phishing simulations. LEARN MORE>>
This MSP-focused guide gives you insight into finding the ideal dark web monitoring solution. GET THE GUIDE>>
August 6 – 7: ISSA Cyber Executive Forum REGISTER NOW>>
August 9: Build a Strong Cybersecurity Culture with BullPhish ID REGISTER NOW>>
August 9: Rise of Cybercrime as a Service: What Businesses Need to Know REGISTER NOW>>
August 16: MSP Cybersecurity Roundtable Insider Risk REGISTER NOW>>
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!