Top Cyber Attacks of December 2022

Our 24x7x365 security operations team closely monitors all cyber news and related cyberattacks through our own insider sources to ensure our customers Get There First™- every time. Here are our SOC's top cyberattack picks from December 2022:

CommonSpirit Health suffers massive data breach due to ransomware 

common spirit

It has been confirmed by CommonSpirit Health, the second largest health system in America, that the personal data of 623,774 patients has been accessed during a ransomware breach. The data compromised includes the patient's full name, address, phone number, and date of birth. The attack started in October and took down the company's IT systems. CommonSpirit Health operates 140 hospitals and over 1,000 care sites so the effects of this attack are enormous and widespread. 

Industry: Healthcare 

Key takeaway: Hospitals are one of the few places where having a poor cyber security posture can lead to loss of life. This is also why hospitals are a favorite target of ransomware threat actors because they must capitulate to ransoms or people die. All hospitals need to go beyond cyber security compliance in order to protect their business liability and patients. It has been proved through the copious attacks on healthcare businesses that compliance is not enough. 

5.7 million Gemini users have personal info stolen and listed for sale by hackers 

gemini

The crypto exchange Gemini suffered a massive data breach through a third-party vendor. This data allegedly has the name, phone numbers, and email addresses of 5.7 million users. The threat actor has compiled this data and is offering it for sale on the dark web for $520,000. Many Gemini customers have reported receiving phishing emails, so it is believed that someone is trying to use this stolen data to scam even more money. Gemini is advising customers to enable two-factor authentication or hardware security keys to keep their crypto accounts safe. 

Industry: Cryptocurrency 

Key takeaway:  The problem with this massive data leak is now threat actors can use targeted phishing attacks against Gemini customers. These emails will contain personal information and will be a tier above standard phishing emails. These malevolent emails will defraud many people and customers should be wary. Customers of Gemini should invest in email security, so they don't have to risk being compromised through their inboxes. 

Okta has source code stolen from GitHub by hackers My project-1 (49)

Okta had their private GitHub repositories hacked this month, leading to their source code being stolen. Okta provides identity and access management along with authentication services for many companies. Okta says that its IT services and customer data were not breached, so the damage is minimized for now. However, a threat actor can eventually exploit a company with their source code, so Okta needs to make some serious changes. Due to the nature of Okta's business, a serious cyber breach could snowball into a major problem for countless other companies. 

Industry: Identity and access management

Key takeaway: Avoid damage to your brand and reputation with essential cyber security solutions that can provide 24x7x365 data monitoring to prevent incidents exactly like this one. 

Louisiana hospital ransomware attack impacts 270,000 patients

lake charles

The Lake Charles Memorial Health System (LCMHS) has fell victim to a major cyber breach. This incident affects around 270,000 current and former patients. Included in the stolen data are full names, addresses, dates of birth, medical records, health insurance information, patient identification numbers, payment information, clinical information, and social security numbers. The Hive ransomware group has taken credit for the attack and has started posting the stolen information on their website. LCMHS is providing complimentary credit monitoring and identity theft protection to customers who had their social security numbers leaked.

Industry: Healthcare 

Key takeaway: LCMHS did not have the proper security measures in place to keep them secure. They have suffered massive brand, reputation, and monetary damages to learn of their mistake. Even though working with an MSSP can be expensive, the cost of a serious breach dwarves the price of an MSSP in comparison. 

BlackCat ransomware attack hits Colombian energy supplier EPM

epm

The ransomware group BlackCat led a devastating attack on the Columbian energy company Empresas Publicas de Medellin (EPM). This attack disrupted the company's IT operations and online services including taking down the company's website. This led to customers being unable to pay their bills and the company's 4,000 employees having to work from home. The amount of data stolen is unknown but at least 40 company devices were breached. BlackCat uses a tool called ExMatter that steals data for devices and stores it on hacker-controlled servers. This is the latest breach in a string of cyber attacks on Colombian energy companies.

Industry: Energy 

Key takeaway: This attack was done by professional hackers who have launched many successful attacks on businesses and got away with it. The only way to combat professional hacking groups is with professional cybersecurity groups. This is the only way to stay up to date with the latest threats and guarantee a company's complete safety. 

About Digital Hands

Digital Hands is how organizations are getting ahead of the bad guys in a world where compliance alone is no guarantee of protection. Too many companies invest in cybersecurity solutions, follow the recommendations, achieve compliance … and then still get breached. You’ve got to get to your exposures before the bad guys do.