The risk of data breaches has become an omnipresent concern for businesses and organizations. And as technology continues to evolve, so do the tactics of cybercriminals. One critical aspect of cybersecurity strategy involves preparing for and responding to third-party data breaches. A well-constructed response playbook is indispensable in mitigating the potential damages and ensuring a swift recovery.
East River Medical Imaging (ERMI) has three locations in New York City and Westchester County. ERMI is a “multi-modality radiology center,” including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays. They have served New York since 1970 and have a long history of high-quality patient care. At the end of August, an unauthorized actor accessed their network—exposing sensitive information from employees and patients.
On November 20, the Idaho National Laboratory (INL) confirmed that it had suffered a data breach. The confirmation followed the SiegedSec threat actor group’s circulation of claims that it had “accessed hundreds of thousands of user, employee and citizen data” on social media and hacking forums.
Line Messenger is a communication app that allows users to communicate for free by sending messages and making voice calls. Japan’s mega-corporation, LY Corp., owns them; LY offers a variety of lifestyle solutions, including shopping, business, gaming, and financial tech apps. LY purportedly discovered a breach at the beginning of October—although investigations are ongoing, the event may have exposed thousands.
This week, cybercriminals targeted health lifestyle members, patients, gamblers, and general consumers. Early on, Welltok returned to the news, this time with over 426k member data stolen by assailants; the organizations impacted by the breach were Premier Health and Graphic Packaging International. In North Carolina, cybercriminals targeted a healthcare clinic. The assailants stole more than 60k patient records from Robeson Health Care.
In 2015, Family Dollar acquired its biggest competitor, Dollar Tree. Family Dollar is one-half of a consumer’s dream; they offer low-priced goods for families in 8,200 locations nationwide. The other half of the business offers even lower deals. Dollar Tree provides options for $1 purchases at 15,000 locations throughout the states. Now, branches are sporting both company’s colors, wares, and deals.
Caesars Entertainment (CE) oversees 58 gaming properties across the continental states. Their locations include world destinations, nightlife activities, a comprehensive concierge, and an industry-leading approach to draw millions of gamblers weekly. Those who gamble with a Caesars location often enough eventually consider a membership. CE’s loyalty program boasts more than 65 million members worldwide.
This is a cautionary tale of both how your data can legally end up in the hands of an organization you never intended and how victims can be largely left in the dark post-breach. Normally when there’s a press release from an organization hit by a data breach, there are at least a few details that let customers know the company has a handle on what transpired, that the breach has been mitigated, and what customers impacted should do to protect themselves.
Zeroed-In Technologies offers curated human resource solutions and analytics to organizations. Among those who use their services are the City of Detroit, Dollar Tree, Family Dollar, and the U.S. Department of Defense. Zeroed-In suffered a security incident in August, where the assailants obtained over 1.9 million consumer records.
Robeson Health Care Corporation (RHCC) is a healthcare network serving North Carolina residents. They offer behavioral, dental, general, and outreach services in nine locations across six counties. RHCC also hosts several rehabilitation and health programs aimed at improving and encouraging healthy lifestyles. In February, RHCC experienced malware within its network, resulting in the loss of 60k patient records.
