Here is another in our Friday Public Service Announcement (PSA) series of articles we’ve recently seen that have an impact on both personal and company security. This PSA is about TOP 3 Cybersecurity news stories that happened this week.
In today’s digital age, cybersecurity is a concern for every employee, yet traditional security awareness training often overlooks the unique challenges faced by employees, especially, those who don’t have a business email address.
1. St Thomas Hospital NHS London cyber attack:
King’s College Hospital, Guy’s and St Thomas’, including the Royal Brompton and the Evelina London Children’s Hospital, and primary care services were hit by the attack on pathology partner Synnovis on Monday.
The ransomware attack exploited vulnerabilities in Synnovis IT infrastructure, possibly through a third-party vendor. It forced the cancellation of all non-emergency operations and blood tests following a “major” cyberattack. The critical incident severely impacted patients relying on NHS services within the hospitals and inflicted significant reputational damage.
Attacks range from simple human errors to complex spear-phishing attacks, pose a significant risk.
A spokesperson for NHS England London said:
“This is a harsh reminder that this sort of attack can happen to anyone at any time and that, dispiritingly, the individuals behind it have no scruples about who their actions might affect.
We need to ensure that all public sector organisations have contingency plans in place to manage cyber attacks, that staff are regularly trained on risk and there is sufficient investment in software resilience.
This incident underscores the urgent need for rigorous cybersecurity measures, continuous monitoring and robust backup systems in healthcare to prevent such disruptions and protect patient safety.
2. Ticketmaster confirmed “unauthorised activity” on its database:
Live Nation, owner of Ticketmaster, has been rocked by a massive data breach. The hacking group ShinyHunters claims to have stolen personal details of 560 million customers, including names, addresses, phone numbers, and partial credit card details. They are demanding a $500,000 ransom to prevent the data from being sold on the dark web.
This unprecedented breach has sent shockwaves through the industry, affecting millions of customers worldwide. Live Nation is scrambling to investigate and mitigate the fallout, but the damage to its reputation is already significant.
The scale and audacity of this attack mark it as one of the most dramatic cyber incidents in recent history.
In the case of the Live Nation and Ticketmaster data breach, implementing 2FA could have significantly mitigated the risk. This added layer of security makes it much harder for attackers to gain unauthorized access, even though they obtained passwords through phishing or other means.
3. MediSecure in administration just weeks after confirming large cyber attack:
MediSecure, an important eScript provider, has crashed into administration shortly after revealing a large-scale ransomware attack which appears to have made it impossible for the business to continue. Customer details, including personal information and limited health information, was posted on the dark web.
The true damage is still unclear, Home Affairs and Cyber Security Minister Clare O’Neil expressed frustration over the delay in clarifying the breach details, urging MediSecure to promptly notify affected individuals and disclose compromised data.
The repercussions of this breach will echo far beyond MediSecure, serving as a sobering reminder of the ever-present dangers lurking in cyberspace and the urgent need for role-based adaptive security awareness training.
Ransomware remains a major threat because it is highly profitable for cybercriminals. According to recent Information Commissioner’s Office data, 2023 set a striking new record for data breaches, with ransomware attacks in particular surging by 52% year-on-year, continuing a sharp upward trend since 2019.
Set your employees up for cybersecurity success with OutThink.