Related Posts
Healthcare giant Norton breach leads to theft of millions of patient records
Healthcare giant Norton breach leads to theft of millions of patient records
Healthcare company Norton says a May breach led to the theft of data of around 2.5 million of its patients, as well as employees and their dependents.
Norton has more than 40 clinics and hospitals in and around Louisville, Kentucky. In a filing with Maine’s attorney general on Friday, Norton said that on May 9, 2023, it discovered an “external system breach.” While the attackers were in the system, Norton says, the sensitive data of the patients, and employees and their dependents was accessed.
In a security incident notice as well as the letter that was sent to potential victims, Norton said the attackers accessed certain network storage devices, but did not access Norton Healthcare’s medical record system or Norton MyChart, its electronic medical record system.
The leaked information included names, dates of birth, Social Security numbers, health and insurance information, and medical identification numbers. Some people also had their financial account numbers, driver licenses or other government ID numbers, and digital signatures also taken.
While Norton never called the incident a ransomware attack, according to databreaches.net the attack was claimed by ALPHV/BlackCat. We could not confirm this, since at the time of writing, the ALPHV leak site is recovering from an outage due to problems with their hosting provider.
Norton says it told law enforcement about the attack and confirmed it did not pay any ransom payment. ALPHV claims to have extracted 4.7 TB worth of data and posted dozens of files as proof to get negotiations underway.
ALPHV is one of the most active ransomware-as-a-service (RaaS) operators and regularly appears in our monthly ransomware reviews as one of the top five most active groups. Recently they made headlines when one of their affiliates, known as Scattered Spider attacked MGM. They also filed a SEC complaint about one of their victims for failing to disclose a breach.
Our podcast host David Ruiz talked to ransomware expert Allan Liska about the why of the SEC complaint.
Data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.
Malwarebytes
MGM Resorts’ Systems Restored After 10-Days Following Ransomware Attack
MGM Resorts’ Systems Restored After 10-Days Following Ransomware Attack
In a sigh of relief for both the company and its guests, MGM Resorts announced today that its systems are fully restored after a 10-day ransomware-related outage that had disrupted operations across their hotels and casinos.
Just over a week ago, MGM Resorts faced a significant cyber challenge when the ALPHV/BlackCat ransomware group claimed responsibility for causing disruptions across the renowned hotel and casino chain.
Their approach was alarmingly simple – a 10-minute phone call to an employee, demonstrating the power of social engineering tactics.
During the outage, guests reported difficulties in making reservations, using ATMs, playing certain games, and even entering their hotel rooms using mobile keys.
Document
FREE Webinar
Live DDoS Attack Simulation
Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.
This cyber incident affected not only MGM’s properties in Las Vegas but also regional resorts, including MGM Springfield in Massachusetts, MGM National Harbor, and the Empire City Casino in New York.
The situation raised concerns about the nature of the cyberattack and whether any guest data had been compromised.
MGM Resorts acted swiftly, shutting down certain systems, initiating an investigation with external cybersecurity experts, and notifying law enforcement agencies.
While the exact nature of the ransomware attack and whether any data was exfiltrated remained undisclosed, the restoration of the company’s systems brings some respite.
In a statement, MGM Resorts expressed their gratitude to their dedicated employees for their efforts in addressing intermittent issues during the outage. They also extended their thanks to guests for their patience during this challenging period.
As of the current update on September 20, 2023, all MGM Resorts’ hotels and casinos are operating normally.
Slot Dollars and FREEPLAY are available at all properties. However, MGM Rewards members are advised that their accounts will be adjusted to reflect Tier Credits and MGM Rewards points at a later date.
Some MGM Rewards points redemption, and promotional offers may still be unavailable, and guests are encouraged to check with the MGM Rewards desk or their Casino Host for more information.
MGM Resorts has not disclosed further details about the measures taken to secure their systems against future attacks, but this episode highlights the need for continued investment in cybersecurity to protect the integrity and privacy of both businesses and their patrons.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post MGM Resorts’ Systems Restored After 10-Days Following Ransomware Attack appeared first on Cyber Security News.
Cyber Security News
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons. […] Read More
BleepingComputer