As the healthcare sector continues to offer life-critical services during the COVID-19 outbreak and is working to improve medical treatment and patient care with new technologies, cybercriminals and threat actors exploit vulnerabilities in more sophisticated ways. So we can see the healthcare industry is plagued by a number of cybersecurity issues. These issues include malware that compromises the integrity of systems and patient privacy to distributed denial of service (DDoS) attacks that disrupt the efforts to provide patient care. Although other business sectors experience similar attacks too, the nature of the healthcare industry poses unique challenges. With respect to healthcare, cyber-attacks can have consequences beyond financial loss and breach of privacy which increases the need for organizations to confide in a pen testing company to handle an app from security aspects.
Healthcare data breaches often expose highly sensitive information such as names, social security numbers, and addresses to sensitive health data such as medical ID numbers, health insurance information, and patients’ medical records. The objective behind cyber-attacks on healthcare companies is clear. Hospitals, medical clinics, pharmacies, health insurance companies, and other healthcare providers maintain records of information that can be used for identity theft conveniently. The healthcare industry is widely regarded as having weak security, which is why many cybercriminals achieve success in data breaches.
Nintendo Data Breach
In April 2020, Nintendo revealed that a cyberattack compromised more than 160,000 accounts. Hackers have used the stolen accounts to purchase valuable digital items. As a result of this attack, Nintendo discontinued allowing users to log-in using their Nintendo Network ID (NNID). They also suggested their users secure their data by using two-factor authentication mechanisms. In recent times, Netflix, Spotify, and Disney+ have also faced similar issues.
Twitter Spear Phishing Attack
High-profile pages including Barack Obama, Bill Gates, Joe Biden, and Elon Musk shared a tweet declaring ‘I’m giving back to the community. All bitcoin sent to the address below will be sent back doubled! If you send $1000, I will send back $2000. Only doing this for 30 minutes’. This message reached more than 350 million people and recovered £86,800 in stolen ‘donations’ within hours. Twitter claimed that this attack attempted to mislead certain employees and exploit human vulnerabilities to access their internal systems. The attackers also made $121,000 bitcoin donations followed by the attack.
Zoom Credentials Hacked
During the COVID-19 pandemic, Zoom gained increased popularity with respect to remote working and learning, i.e. in the work from home models and e-learning initiatives. Zoom video conferencing software is one of the most commonly used virtual meeting apps. During the first week of April 2020, reports of more than 500,000 stolen Zoom passwords were available for sale. Cybercriminals sold login credentials to those accounts on the dark web, allowing criminals to log-in and attend mid-stream meetings. It also enabled them to get personal details from Zoom participants including their email addresses and other contact details.
CAM 4 Data Breach
Due to CAM4 data leakage, more than 10 billion records were exposed. Researchers uncovered the leak exposed data that contained full names, email addresses, and payment records. The database was taken down by the parent company Granity Entertainment. However, the logs have been released since March 16, 2020. The database included information including usernames, user messages, sexual preferences, gender identity, device details, IP addresses, etc. This data was used to target emails for spear-phishing attacks. It is a highly sensitive issue doe adult sites where most members prefer remaining anonymous.
Marriott Data Breach
On March 31, 2020, the world-famous hotel chain Marriott announced a security breach that impacted more than 5.2 million hotel guests who were their loyalty app users. Cybercriminals stole the login credentials of two Marriott employee accounts that had access to the customer details. The attacker obtained sensitive data that was linked to their airline loyalty programs.
EasyJet Data Breach
EasyJet, a UK-based airline reported that 9 million data records and 2200 credit information of their customers were stolen by cybercriminals. The airline has not revealed any information as to how the databases have been hacked, except that the hacker targeted the company’s intellectual property. Although EasyJet reported this matter immediately to the Information Commissioner’s office and regulatory authorities, customers were only notified four months after the breach took place. EasyJet could even face penalties amounting to tens of millions of pounds due to the breach of the General Data Protection Regulation (GDPR). Additionally, last month the low-cost airline announced their plans to reduce up to 30% of its 15000 employees since the aviation industry is experiencing a slow recovery from the collapse of the COVID-19 pandemic.
Since phishing campaigns related to the COVID-19 peaked in mid-April, the rate of ransomware attacks and reported data breaches slowed down. However, security experts noted that although ransomware attacks remained low from the rate observed at the end of 2019, organizations should not be into any false sense of security. As seen with the biggest healthcare data breaches for the year, providers are still looking forward to improving their businesses with respect to securing remote connections, properly disposing of documents, and educating others to prevent phishing attacks, delays in detection, and breach notifications.
Ray is a Marketing Consultant at Software Development Lead. He loves to write tech-related news, articles, specifically quality assurance and information security. Apart from his techie appearance, he enjoys soccer, reading mysteries, and spending long hours working over at the New York office.