Malware

Rising Data Breach Expenses Fueled by Costly Investigations

Data breach costs are skyrocketing, driven by the rising expenses of investigations. According to a recent study, the average total cost of a data breach has reached a staggering amount. These high costs are attributed to the extensive efforts required to identify and mitigate the breach. As businesses continue to invest in cybersecurity, the need for effective prevention measures becomes even more crucial.

Published

8 months ago

September 20, 2023

zendzipr

A businessman and woman talking in a conference room.

The Rising Costs of Data Breach Investigations and How to Reduce Them

The fear of a data breach is a major concern for companies of all sizes in today’s threat landscape. Not only does it pose a significant risk to sensitive information, but it also comes with a hefty price tag. IBM’s Cost of a Data Breach Report for 2023 reveals that the average cost of a data breach has reached an all-time high of $4.45 million.

While the media often focuses on the overall cost of data breaches, little attention is given to the increasingly expensive incident investigations that drive up these costs year after year. In this article, we will delve deeper into the reasons behind the rising costs of data breach investigations and provide practical steps that businesses can take to reduce these expenses.

Data Breach Investigation Costs

Investigating a data breach involves a combination of resource-intensive activities, including technical analysis, administrative tasks, legal procedures, and communication efforts. The 2022 IBM report highlighted that incident investigations, also known as ‘detection and escalation,’ have become the most expensive category of data breach expenses. This trend continues in the 2023 report, revealing that detection and escalation costs an average of $1.58 million per breach, accounting for over 35 percent of the total average cost.

But why are data breach investigation costs on the rise? Here are some factors that contribute to the increased expenses:

Complex IT Environments: Many companies operate in hybrid environments, with data spread across on-premises servers, multiple cloud providers, and even edge devices. This complexity makes it challenging to track sensitive data, monitor its use, and identify anomalies.
Advanced Persistent Threats (APTs): Adversaries use sophisticated techniques and evasive malware to remain undetected for longer periods, increasing the time and costs associated with detection and response.
Volume of Data: The amount of data generated and stored by companies continues to surge in a data-driven economy. Sorting through this massive amount of data to detect breaches requires specialized tools and expertise.
Breach Escalation Shortfalls: Incident response plans often fall short when it comes to escalating data breaches internally. Inefficient processes can disrupt normal business operations, and the lack of coordination across different departments hinders effective breach management.

What Were the Consequences of the Kroll Data Breach on FTX, BlockFi, and Genesis Creditors?

The ftx, blockfi, genesis creditors’ data breach had severe consequences for the affected parties. Their sensitive information was compromised, endangering their financial security. The breach not only resulted in potential losses for the victims but also damaged the reputation and trustworthiness of these prominent organizations. As a result, they may face legal actions, financial penalties, and loss of customers, which could negatively impact their future operations in the cryptocurrency industry.

How to Reduce the Cost of Investigating Data Breaches

Reducing the cost of data breach investigations requires a proactive and reactive approach. Here are some suggestions to prevent data breaches and mitigate investigation costs:

1. Robust Information Governance

Implementing a robust information governance framework is essential for efficient data management. It involves defining and enforcing policies, procedures, standards, and controls to ensure data is handled securely and in compliance with legal and regulatory obligations. Maintaining an inventory of information assets and regularly deleting unnecessary data can help uncover protection gaps and reduce breach risks due to lax practices.

2. Ongoing Security Training and Awareness

Regularly educate employees on the importance of security and how to recognize and avoid potential threats, such as phishing attempts. By fostering a security-conscious workforce, you can significantly reduce the risks associated with human factors in data breaches. Make security training and awareness a continuous effort throughout the year to reinforce best practices.

3. Continuous Vulnerability Management

Adopt a proactive approach to identifying, assessing, and addressing vulnerabilities in your IT infrastructure. Regularly scan for known vulnerabilities and apply patches and updates promptly. By prioritizing vulnerability management, you can prevent data breaches resulting from outdated and vulnerable systems.

4. Simulated Cyberattacks

Conduct simulated cyberattacks to uncover weaknesses in your infrastructure and systems. Identifying and addressing these vulnerabilities proactively is more cost-effective than dealing with the aftermath of a real data breach. Simulated attacks provide valuable insights and help improve your overall security posture.

5. Using Cyber Threat Intelligence (CTI) for Faster Response

Leverage actionable and reliable cyber threat intelligence to enhance your forensic and investigative activities. Good CTI enables faster detection and response to breaches, reducing investigation costs. However, gathering and analyzing CTI can be time-consuming. Consider utilizing modular CTI solutions, such as Outpost24’s Threat Compass, which provides customer-specific threat information tailored to your business needs.

By implementing these proactive measures, businesses can reduce the costs associated with investigating data breaches and improve overall cybersecurity resilience. Taking a comprehensive approach to data breach prevention and response is crucial in today’s evolving threat landscape.

This article is sponsored and written by Outpost24.

Up Next

T-Mobile App Mishap Exposes Shocking Account Breach, Revealing Users’ Private Information

Don't Miss

Breaking News: Caesars Entertainment Admits Ransom Payment & Massive Customer Data Breach

AT&T Cyberattack: A Wake-Up Call for 51 Million Customers

Hey there, friends! I want to talk to you about something that has recently caught my attention – the massive AT&T data breach that has affected a staggering 51 million customers. As someone who’s passionate about cybersecurity, I can’t stress enough how important it is for all of us to take this issue seriously. So, let’s dive into the details and find out what we can do to protect ourselves and our digital lives.

A Frightening Reality: The AT&T Data Breach

Let me paint you a picture: imagine you’re sitting at home, scrolling through your social media feed, when suddenly you receive an email from AT&T. The subject line reads, “Important Security Alert: Your Account Information May Have Been Compromised.” Your heart skips a beat as you open the message and realize that your personal data – including your name, address, and even your Social Security number – may have fallen into the wrong hands.

Well, folks, that nightmare scenario became a reality for a jaw-dropping 51 million AT&T customers when the company announced one of the largest data breaches in US history. The cyberattack, which occurred in April 2021, exposed sensitive information that could be used for identity theft, financial fraud, and other malicious activities. And, unfortunately, this isn’t an isolated incident – data breaches are becoming all too common in today’s digital world.

Why You Should Care About Cybersecurity

Now, I know what you’re thinking: “Peter, this is all very scary, but what does it have to do with me?” Well, the truth is that we’re all vulnerable to cyberattacks, no matter how secure we think our online presence is. In fact, according to a recent study, over 4.1 billion records were exposed in the first half of 2019 alone. That’s a mind-boggling number, and it’s only going to grow as our reliance on technology continues to increase.

But here’s the good news: by taking a few simple steps, you can significantly reduce your risk of falling victim to a data breach. I know it may seem overwhelming, but trust me – it’s worth the effort to protect your personal information and avoid the stress and anxiety that come with being hacked.

How To Safeguard Your Digital Life

So, how can you take control of your cybersecurity? Here are a few easy-to-implement tips that can make a big difference:

Use strong, unique passwords: This may sound like a no-brainer, but it’s surprising how many people still use weak, easily guessable passwords. Make sure each of your accounts has a different, complex password that includes a combination of letters, numbers, and symbols.

Enable two-factor authentication: This adds an extra layer of security by requiring you to enter a code sent to your phone or email whenever you log in from a new device.

Be cautious with public Wi-Fi: Public Wi-Fi networks can be a goldmine for hackers. Use a virtual private network (VPN) to encrypt your data and protect your privacy when connecting to public hotspots.

Update your software: Make sure you’re always using the latest versions of your operating systems and applications, as they often include security patches to fix vulnerabilities.

Stay informed: Keep up-to-date on the latest cybersecurity news and trends to ensure you’re prepared for new threats as they emerge.

Join Us in the Fight Against Cybercrime

Friends, the AT&T data breach is just one example of the growing cybersecurity challenges we face in today’s digital age. But by taking action and making cybersecurity a priority, we can protect ourselves and our loved ones from the devastating consequences of data breaches.

So, I urge you to join me in the fight against cybercrime. Contact us to learn more about how you can safeguard your digital life, and make sure to keep coming back for the latest tips, tricks, and updates on all things cybersecurity. Together, we can make a difference and create a safer, more secure online world for everyone.

Click to comment

Malware

Shocking Cyber Heist: Over 25,000 People’s Data Stolen in 2023 Breach

Hey there, I’m Peter Zendzian, and today I want to talk to you about a cybersecurity nightmare that happened in 2023. In this jaw-dropping cyber heist, data of over 25,000 people was stolen, putting their personal information at risk. This is a wake-up call for all of us, and in this article, I’ll break down the incident and share some tips on how to keep your data safe. So, buckle up, and let’s dive right in.

Unmasking the 2023 Breach

Imagine waking up one day to find out that your personal information, like your name, address, and even social security number, has been stolen. That’s exactly what happened to over 25,000 innocent people in the U.S. when cybercriminals breached a major company’s database. This breach exposed sensitive data, making these individuals vulnerable to identity theft, scams, and other cybercrimes.

But, how did this happen? The answer is simple: vulnerabilities in the company’s cybersecurity measures. Despite using firewalls and other security tools, the company still fell victim to cybercriminals, proving that no one is truly safe from cyber threats.

Alarming Cybersecurity Stats You Should Know

This breach is just the tip of the iceberg. Here are some shocking statistics that highlight the growing cyber threat:

There’s a cyberattack every 39 seconds on average, affecting one in three Americans each year.

95% of cybersecurity breaches are caused by human error.

Since COVID-19, the FBI has reported a 300% increase in reported cybercrimes.

By 2025, cybercrime damages are expected to cost the world $10.5 trillion annually.

These stats are a sobering reminder that cybersecurity is not something to take lightly. It’s time to act and protect ourselves and our data from cybercriminals.

How to Safeguard Your Data and Stay Cybersecure

Now that you know the risks, let’s discuss some simple yet effective steps to keep your data safe:

Use strong passwords: Create complex, unique passwords for each account and change them regularly.

Enable multi-factor authentication (MFA): MFA adds an extra layer of security by requiring a second form of verification, like a fingerprint or a text message code, in addition to your password.

Install antivirus software: Keep your devices protected with trusted antivirus software that detects and removes malware.

Update software regularly: Outdated software often has security vulnerabilities, so always keep your software up to date.

Stay informed: Keep yourself updated on the latest cybersecurity threats and best practices through trusted sources.

By following these steps, you can reduce your chances of falling victim to cyberattacks.

It’s Time to Take Action

Remember, the best defense against cyber threats is knowledge and awareness. Don’t wait until it’s too late. Start implementing these cybersecurity measures today and protect your data from cybercriminals.

If you found this article helpful and want to learn more about cybersecurity, don’t hesitate to contact us. We’re here to help you stay informed and keep your data safe. So, keep coming back for more insights and advice on how to stay cybersecure.

Cybersecurity: Making It Personal and Easy to Understand

Hey there! I’m Peter Zendzian, and I’m here to take you on a journey through the world of cybersecurity. If the word “cybersecurity” sounds intimidating, don’t worry – I’ll be your friendly ghostwriter, breaking down complex concepts into relatable stories and analogies. So, let’s dive in!

Why should you care about cybersecurity?

Imagine your house with all its doors and windows wide open. You wouldn’t feel safe, right? That’s exactly how your digital life is without proper cybersecurity measures. Every day, cybercriminals are looking for ways to steal your personal information, money, and even your identity. In fact, in 2021 alone, there were over 1,000 reported data breaches, affecting more than 155 million people in the U.S. It’s time to take action and secure your digital home!

Let’s break down some cybersecurity terms

When it comes to cybersecurity, there’s a whole new language to learn. But don’t worry, I’ll explain the key terms in regular, everyday language:

Malware: Think of malware as the flu virus for your computer or smartphone. It can spread easily and cause all sorts of problems, from stealing your data to crashing your device.

Phishing: This is like a digital con artist trying to trick you into giving away your personal information. They often use fake emails or websites that look like ones you trust.

Firewall: Picture a castle with a moat around it. The moat (firewall) keeps the bad guys out and your valuable data safe inside.

Simple steps to protect yourself online

You don’t need to be a cybersecurity expert to keep your digital life safe. Here are some easy steps you can take:

Use strong, unique passwords: Your password is like the key to your digital home. Make sure it’s strong and not easily guessable. And don’t use the same one for all your accounts!

Enable two-factor authentication (2FA): This is like adding an extra lock to your digital door, making it even harder for cybercriminals to break in.

Keep your software up-to-date: Just like you’d fix a leaky roof, make sure to patch any security holes by updating your software regularly.

Join me on this cybersecurity journey

Now that we’ve taken the first steps together, I encourage you to continue learning about cybersecurity. Knowledge is power, and the more you know, the safer you’ll be online. So, don’t hesitate to reach out to me and come back for more insights, stories, and advice on keeping your digital life safe and secure.

Together, we can make the internet a safer place for everyone.

Published

3 hours ago

May 7, 2024

zendzipr

<h1>Shocking Cyber Heist: Over 25,000 People's Data Stolen in 2023 Breach</h1><br />
<br />
<p>Hey there, I'm Peter Zendzian, and today I want to talk to you about a cybersecurity nightmare that happened in 2023. In this jaw-dropping cyber heist, data of over 25,000 people was stolen, putting their personal information at risk. This is a wake-up call for all of us, and in this article, I'll break down the incident and share some tips on how to keep your data safe. So, buckle up, and let's dive right in.</p><br />
<br />
<h2>Unmasking the 2023 Breach</h2><br />
<br />
<p>Imagine waking up one day to find out that your personal information, like your name, address, and even social security number, has been stolen. That's exactly what happened to over 25,000 innocent people in the U.S. when cybercriminals breached a major company's database. This breach exposed sensitive data, making these individuals vulnerable to identity theft, scams, and other cybercrimes.</p><br />
<br />
<p>But, how did this happen? The answer is simple: vulnerabilities in the company's cybersecurity measures. Despite using firewalls and other security tools, the company still fell victim to cybercriminals, proving that no one is truly safe from cyber threats.</p><br />
<br />
<h2>Alarming Cybersecurity Stats You Should Know</h2><br />
<br />
<p>This breach is just the tip of the iceberg. Here are some <strong>shocking statistics</strong> that highlight the growing cyber threat:</p><br />
<br />
<ul><br />
<li>There's a cyberattack <u>every 39 seconds</u> on average, affecting one in three Americans each year.</li><br />
<li>95% of cybersecurity breaches are caused by human error.</li><br />
<li>Since COVID-19, the FBI has reported a <u>300% increase</u> in reported cybercrimes.</li><br />
<li>By 2025, cybercrime damages are expected to cost the world <u>$10.5 trillion</u> annually.</li><br />
</ul><br />
<br />
<p>These stats are a sobering reminder that cybersecurity is not something to take lightly. It's time to act and protect ourselves and our data from cybercriminals.</p><br />
<br />
<h2>How to Safeguard Your Data and Stay Cybersecure</h2><br />
<br />
<p>Now that you know the risks, let's discuss some <strong>simple yet effective steps</strong> to keep your data safe:</p><br />
<br />
<ol><br />
<li><strong>Use strong passwords</strong>: Create complex, unique passwords for each account and change them regularly.</li><br />
<li><strong>Enable multi-factor authentication (MFA)</strong>: MFA adds an extra layer of security by requiring a second form of verification, like a fingerprint or a text message code, in addition to your password.</li><br />
<li><strong>Install antivirus software</strong>: Keep your devices protected with trusted antivirus software that detects and removes malware.</li><br />
<li><strong>Update software regularly</strong>: Outdated software often has security vulnerabilities, so always keep your software up to date.</li><br />
<li><strong>Stay informed</strong>: Keep yourself updated on the latest cybersecurity threats and best practices through trusted sources.</li><br />
</ol><br />
<br />
<p>By following these steps, you can reduce your chances of falling victim to cyberattacks.</p><br />
<br />
<h2>It's Time to Take Action</h2><br />
<br />
<p>Remember, the best defense against cyber threats is knowledge and awareness. Don't wait until it's too late. Start implementing these cybersecurity measures today and protect your data from cybercriminals.</p><br />
<br />
<p>If you found this article helpful and want to learn more about cybersecurity, don't hesitate to <u>contact us</u>. We're here to help you stay informed and keep your data safe. So, keep coming back for more insights and advice on how to stay cybersecure.</p> 6

Imagine waking up one day, only to find out that your personal and financial information has been stolen in a security breach. This is what happened to 25,549 individuals whose data was compromised in a recent cybersecurity attack on the Philadelphia Inquirer, the city’s largest newspaper and the third-longest operating daily newspaper in the United States.

The Attack and Its Aftermath

Picture this: It’s May 2023, and the Philadelphia Inquirer’s content management system suddenly goes down. The newspaper quickly realizes that something is amiss and takes some computer systems offline to contain the breach. They also bring in Kroll forensics experts to investigate the “anomalous activity.”

As a result of the attack, the publication of the print newspaper is disrupted, and home-delivery subscribers are asked to catch up with the latest news using the newspaper’s website, which remains unaffected.

In their data breach notifications, the Inquirer states, “We determined that an unauthorized party gained access to our systems and certain files were viewed and/or copied from our systems between May 11, 2023, and May 13, 2023.” The exposed information includes names, personal identifiers, and financial account numbers, as well as credit/debit card numbers (in combination with security code, access code, password, or PIN for the accounts).

The newspaper advises affected individuals to monitor their accounts for identity theft and fraud attempts and offers 24 months of free Experian credit monitoring and identity restoration services.

The Culprit: Cuba Ransomware Gang

Although the Inquirer doesn’t reveal who’s responsible for the attack, the Cuba ransomware gang takes credit for it one week after the incident. The group claims to have stolen financial documents, correspondence with bank employees, balance sheets, tax documents, compensation, and source code from the newspaper’s compromised servers.

Cuba then publishes the files on its dark web leak site, which suggests that the Inquirer refused to pay a ransom and the extortion attempt hit a dead end. However, the Inquirer later reports that the documents don’t “appear to come from the newspaper.” Subsequently, the ransomware gang removes the Philadelphia Inquirer entry from its website.

The Bigger Picture: Ransomware Attacks on the Rise

The Cuba ransomware gang is no stranger to such attacks. According to a joint security advisory by the FBI and CISA, the group collected over $60 million in ransoms until August 2022 after breaching more than 100 victims worldwide. A previous FBI advisory from December 2021 also warned that Cuba operators had compromised at least 49 U.S. critical infrastructure organizations.

Don’t Be the Next Victim: Protect Yourself and Your Information

The Philadelphia Inquirer breach is a stark reminder that we all need to be vigilant about our cybersecurity. Whether you’re an individual or a business owner, it’s crucial to stay informed and take necessary precautions to protect your data from potential threats.

So, what are you waiting for? Get in touch with us at IT Services to learn more about how to safeguard yourself from cyberattacks and keep your information secure. We’re here to help you stay one step ahead of the bad guys and ensure your peace of mind.

Malware

Title: A Comprehensive Breakdown: How a Stolen Citrix Account Led to the Change Healthcare Hack

Hey there! I’m going to tell you a story that’s as chilling as it is eye-opening. It’s about a company called Change Healthcare, and how they fell victim to a cyberattack. Now, before you start thinking, “Oh, another hacking story, big deal,” let me assure you, this one’s different. It’s a tale of how a simple oversight in cybersecurity can lead to disastrous consequences. And it’s a cautionary tale that we all need to learn from. So, grab a cup of coffee, sit back, and let’s dive in.

The Scene of the Cybercrime

Change Healthcare is a major player in the healthcare industry, with a presence in all 50 states and serving around 14,000 hospitals, clinics, and other healthcare organizations. That’s a lot of responsibility, right? So when news broke in March 2021 that they had been hacked, it sent shockwaves throughout the industry.

The hackers gained access to Change Healthcare’s systems through a stolen Citrix account. Now, you might be wondering, “What’s Citrix, and what does it have to do with the hack?” Allow me to explain.

Citrix: A Key to the Kingdom

Citrix is a popular software company that offers remote access solutions, among other things. Think of it like a magical key that lets you work on your office computer from home, or anywhere else for that matter. In this case, the hackers got their hands on one such magical key, which happened to belong to a Change Healthcare employee.

Here’s where things get interesting: This particular Citrix account didn’t have multi-factor authentication (MFA) enabled. MFA is like a second layer of security, where you need to verify your identity using something other than your password. For example, a unique code sent to your phone. It’s like having a deadbolt on your door, in addition to the regular lock.

The Dominoes Begin to Fall

Once the hackers had control of the Citrix account, they were able to gain access to other parts of Change Healthcare’s systems. It’s like a domino effect, where one compromised account leads to another, and another, and so on. The result? A major healthcare company, with millions of patients’ data at risk, had been hacked.

The Aftermath: Lessons Learned

So, what can we learn from this story? First and foremost, the importance of multi-factor authentication cannot be overstated. According to Microsoft, MFA can block 99.9% of account hacks. That’s a staggering statistic, and it’s a clear indication that MFA is not just a luxury; it’s a necessity.

Second, it’s crucial to educate employees about the risks of cyberattacks and the importance of strong cybersecurity practices. Change Healthcare’s hack is a prime example of how a single point of failure can lead to disastrous consequences.

Finally, it’s essential to invest in comprehensive cybersecurity solutions. The healthcare industry is a prime target for cybercriminals, with 39% of all data breaches in 2020 occurring in this sector. A strong cybersecurity strategy is not optional; it’s a must-have.

Take Action Today: Don’t Become the Next Change Healthcare

Now that you’ve heard this cautionary tale, it’s time to take action. Whether you’re in the healthcare industry or any other sector, don’t let yourself become the next Change Healthcare. Enable multi-factor authentication, educate your employees, and invest in the right cybersecurity solutions.

And remember, we’re here to help you make sense of it all. So feel free to reach out and contact us anytime. Together, we can work towards a safer, more secure digital world. Keep coming back to learn more, and let’s stay ahead of the hackers!

Protecting Your Business from Cybersecurity Threats: A Personal Guide

Hi there, I’m Peter Zendzian, a cybersecurity expert with a mission to keep your business safe from cyber threats. Today, I’m going to share some insights on how to protect your most valuable asset—your company’s data—from hackers and other cybercriminals.

The Growing Threat of Cyber Attacks

Think about this: every 39 seconds, there’s a hacker attack somewhere in the world. Cybercrime is growing at an alarming rate, and it’s not just big corporations that are targeted. In fact, 43% of all cyber attacks are aimed at small businesses.

Why You Should Care About Cybersecurity

Imagine losing all your customer data, or having your company’s reputation tarnished by a data breach. These are just a few consequences of not taking cybersecurity seriously. A single cyber attack could cost your business millions of dollars and possibly lead to its closure.

Common Cybersecurity Mistakes Businesses Make

Many businesses make the mistake of thinking they’re too small to be targeted or that their current security measures are sufficient. Others may not even be aware of the risks they’re exposed to. Some common cybersecurity mistakes include:

Not updating software and hardware

Using weak or default passwords

Failing to train employees on cybersecurity best practices

Not having a strong firewall or antivirus software in place

How to Protect Your Business from Cyber Attacks

Here are some actionable steps you can take to safeguard your business:

Establish a strong cybersecurity policy: Have a clear plan in place that outlines how your company will handle cybersecurity threats, including regular risk assessments and security audits.

Train your employees: Make sure your employees know the basics of cybersecurity, such as how to spot phishing emails and the importance of strong passwords.

Keep your software and hardware updated: Regularly update your systems to protect against known vulnerabilities.

Implement multi-factor authentication (MFA): MFA adds an extra layer of security by requiring users to provide two or more forms of identification before gaining access to sensitive data.

Don’t Wait Until It’s Too Late

Taking action now can save your business from a devastating cyber attack in the future. Remember, the best defense is a strong offense, and being proactive about your company’s cybersecurity is the key to staying one step ahead of cybercriminals.

I’m here to help you navigate the complex world of cybersecurity and protect your business from threats. Contact me today to learn more about how you can keep your company’s data safe and secure. And don’t forget to keep coming back for more tips and insights on staying cyber-safe!

Published

1 day ago

May 6, 2024

zendzipr

**Title: A Comprehensive Breakdown: How a Stolen Citrix Account Led to the Change Healthcare Hack**<br />
<br />
Hey there! I'm going to tell you a story that's as chilling as it is eye-opening. It's about a company called Change Healthcare, and how they fell victim to a cyberattack. Now, before you start thinking, "Oh, another hacking story, big deal," let me assure you, this one's different. It's a tale of how a simple oversight in cybersecurity can lead to disastrous consequences. And it's a cautionary tale that we all need to learn from. So, grab a cup of coffee, sit back, and let's dive in.<br />
<br />
**The Scene of the Cybercrime**<br />
<br />
Change Healthcare is a major player in the healthcare industry, with a presence in all 50 states and serving around 14,000 hospitals, clinics, and other healthcare organizations. That's a lot of responsibility, right? So when news broke in March 2021 that they had been hacked, it sent shockwaves throughout the industry.<br />
<br />
The hackers gained access to Change Healthcare's systems through a stolen Citrix account. Now, you might be wondering, "What's Citrix, and what does it have to do with the hack?" Allow me to explain.<br />
<br />
**Citrix: A Key to the Kingdom**<br />
<br />
Citrix is a popular software company that offers remote access solutions, among other things. Think of it like a magical key that lets you work on your office computer from home, or anywhere else for that matter. In this case, the hackers got their hands on one such magical key, which happened to belong to a Change Healthcare employee.<br />
<br />
Here's where things get interesting: This particular Citrix account didn't have multi-factor authentication (MFA) enabled. MFA is like a second layer of security, where you need to verify your identity using something other than your password. For example, a unique code sent to your phone. It's like having a deadbolt on your door, in addition to the regular lock.<br />
<br />
**The Dominoes Begin to Fall**<br />
<br />
Once the hackers had control of the Citrix account, they were able to gain access to other parts of Change Healthcare's systems. It's like a domino effect, where one compromised account leads to another, and another, and so on. The result? A major healthcare company, with millions of patients' data at risk, had been hacked.<br />
<br />
**The Aftermath: Lessons Learned**<br />
<br />
So, what can we learn from this story? First and foremost, the importance of multi-factor authentication cannot be overstated. According to Microsoft, MFA can block 99.9% of account hacks. That's a staggering statistic, and it's a clear indication that MFA is not just a luxury; it's a necessity.<br />
<br />
Second, it's crucial to educate employees about the risks of cyberattacks and the importance of strong cybersecurity practices. Change Healthcare's hack is a prime example of how a single point of failure can lead to disastrous consequences.<br />
<br />
Finally, it's essential to invest in comprehensive cybersecurity solutions. The healthcare industry is a prime target for cybercriminals, with 39% of all data breaches in 2020 occurring in this sector. A strong cybersecurity strategy is not optional; it's a must-have.<br />
<br />
**Take Action Today: Don't Become the Next Change Healthcare**<br />
<br />
Now that you've heard this cautionary tale, it's time to take action. Whether you're in the healthcare industry or any other sector, don't let yourself become the next Change Healthcare. Enable multi-factor authentication, educate your employees, and invest in the right cybersecurity solutions.<br />
<br />
And remember, we're here to help you make sense of it all. So feel free to reach out and contact us anytime. Together, we can work towards a safer, more secure digital world. Keep coming back to learn more, and let's stay ahead of the hackers! 7

4/30/24: Update added below about Change Healthcare Citrix credentials previously stolen by information-stealing malware.

UnitedHealth has confirmed that Change Healthcare’s network was breached by the BlackCat ransomware gang. The attackers used stolen credentials to log into the company’s Citrix remote access service, which did not have multi-factor authentication enabled.

UnitedHealth CEO Andrew Witty shared this information in written testimony published ahead of a House Energy and Commerce subcommittee hearing scheduled for tomorrow.

The ransomware attack on Change Healthcare occurred in late February 2024, leading to severe operational disruptions on Optum’s Change Healthcare platform.

This impacted a wide range of critical services used by healthcare providers across the U.S., including payment processing, prescription writing, and insurance claims, and caused financial damages estimated at $872 million.

Previously, the BlackCat ransomware gang claimed they had received a $22 million ransom payment from UnitedHealth. However, the payment was stolen from the affiliate who conducted the attack in an exit scam. Shortly after, the affiliate claimed to still have the data and partnered with RansomHub to initiate an additional extortion demand by leaking stolen data.

The healthcare organization recently admitted that it paid a ransom to protect people’s data post-compromise, but no details about the attack or who carried it out were officially disclosed.

RansomHub has since removed the Change Healthcare entry from its site, indicating that an additional ransom was paid.

An easy break-in

In testimony by Andrew Witty, the CEO confirmed that the attack occurred on the morning of February 21 when the threat actors began encrypting systems and rendering them inaccessible to the organization’s employees.

For the first time, the company also officially confirmed that the ALPHV/BlackCat ransomware operation was behind the attack.

While the actual public-facing attack occurred on February 21, Witty revealed that the attacker had access to the company’s network for approximately ten days before deploying their encryptors. During this time, the threat actors spread through the network and stole corporate and patient data that would be used in their extortion attempts.

The investigations, which are still ongoing, revealed that the attackers first gained access to Change Healthcare’s Citrix portal on February 12, 2024, using stolen employee credentials. It is unknown whether those credentials were initially stolen via a phishing attack or information-stealing malware.

“On February 12, criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops,” explained Witty.

“The portal did not have multi-factor authentication. Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later.”

The CEO also shared a personal moment, stating that the choice to pay a ransom was entirely his and one of the hardest decisions he had to make.

“As chief executive officer, the decision to pay a ransom was mine. This was one of the hardest decisions I’ve ever had to make. And I wouldn’t wish it on anyone,” Witty wrote in his testimony.

Remediation efforts

Witty further outlined UnitedHealth’s immediate actions to secure their systems following the attack, characterizing them as “swift and forceful.” He noted that the threat was successfully contained by taking everything down despite knowing the impact this would have on people.

Following the attack, the organization’s IT team replaced thousands of laptops, rotated credentials, and completely rebuilt Change Healthcare’s data center network and core services in just a few weeks. Witty states such a task would usually have taken several months.

Although data samples that leaked online contained protected health information (PHI) and personally identifiable information (PII), Witty notes that, so far, they have seen no evidence of exfiltration of materials such as doctors’ charts or complete medical histories.

Concerning the status of the impacted services, pharmacy networks operate at a fraction of a percent below normal, medical claims flow nearly at normal levels, and payment processing at approximately 86% of pre-incident levels.

Update 4/30/24: After publishing our story, Hudson Rock CTO Alon Gal told us that on February 8, the company’s threat intelligence platform detected a Change Healthcare employee’s Citrix credentials stolen through information-stealing malware.

**Stolen Change Healthcare Citrix Credentials**
*Source: Hudson Rock*

The stolen credentials are associated with the URL remoteapps[.]changehealthcare[.]com/vpn/index.htm, and while that site is no longer accessible, we have confirmed it to be the URL for Change Healthcare’s Citrix Gateway login page.

It is unknown if these are the credentials used to gain access to Change Healthcare’s networks and conduct the ransomware attack.

As we continue to see the devastating impact of ransomware attacks, it is crucial for organizations to take cybersecurity seriously. Ensuring multi-factor authentication is enabled, conducting regular security audits, and providing employee training are just a few ways to help protect your business. But, the responsibility to stay informed and take action doesn’t end here. We encourage you to reach out to our IT Services team and keep coming back to learn more about emerging threats and best practices in cybersecurity.

Malware

FBCS Collection Agency Alert: Data Breach Impacts 1.9 Million Individuals – Protect Yourself Now

Debt collection agency FBCS has disclosed a data breach affecting 19 million individuals. The breach, which occurred in 2019, exposed personal data including names, addresses, and social security numbers. FBCS is urging affected individuals to monitor their credit and identity for potential fraud or theft.

Published

5 days ago

May 2, 2024

zendzipr

FBCS Collection Agency Alert: Data Breach Impacts 1.9 Million Individuals - Protect Yourself Now 9

Uh-oh, another data breach! This time, it’s the Financial Business and Consumer Solutions (FBCS), a nationally licensed debt collection agency in the U.S., that’s grabbing headlines. They’ve recently warned nearly 2 million impacted individuals that their systems were compromised, and unauthorized access was detected.

What happened at FBCS?

FBCS specializes in collecting unpaid debts from various sectors, including consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. In late February 2024, they discovered that unauthorized actors had breached their network and had access to sensitive data since February 14, 2024. The intrusion lasted for nearly two weeks before being detected.

What data was exposed?

During the breach, the unauthorized actor had the ability to view or acquire certain information on the FBCS network. The exposed data includes:

Full name

Social Security Number (SSN)

Date of birth

Account information

Driver’s license number or ID card

This is some pretty sensitive stuff! With access to this information, individuals are at a higher risk of falling victim to phishing, fraud, and social engineering attacks. That’s why FBCS is providing those affected with instructions to enroll in 12 months of credit monitoring through Cyex, hoping to prevent any further damage.

What’s being done to prevent this from happening again?

As an IT Services company, we understand that such incidents can have severe consequences for the victims. FBCS has taken steps to implement additional security measures in a newly built environment to prevent similar incidents from occurring in the future.

What can you do if you’re affected?

If you’re one of the unlucky recipients of the data breach notifications, it’s crucial to remain vigilant against unsolicited communications and monitor your account statements and credit reports for suspicious activity. At the time of writing, no ransomware groups have claimed responsibility for the attack at FBCS, but it’s always better to stay cautious.

Stay informed and stay protected

As cybersecurity experts, we know that staying informed is the best defense against cyber threats. That’s why we encourage you to keep coming back to learn more about the ever-evolving world of cybersecurity. Together, we can make the digital world a safer place for everyone.