20 December 2019

IRM Weekly Cybersecurity Roundup: Health network ransomware attack

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter.


Health Network ransomware attack forces payment

The largest hospital health network in New Jersey has paid cybercriminals an undisclosed sum to restore data after a cyber-attack.health network ransomware

Hackensack Meridian Health’s computer systems were shut down after their health network became infected with ransomware earlier this month. The attack caused major disruptions to services at 17 hospitals, nursing homes and urgent care centres.

Over 100 elective surgeries were rescheduled as a result of the health network ransomware attack. Employees were unable to access electronic records, reverting to paper-based systems to deliver care. You can read more here.


Thousands of US defense contractor employee information leaked

The details of thousands of US defense contractor employees have been accidentally leaked after digital consultancy, IMGE, experienced another cloud infrastructure misconfiguration.

Information including names, phone numbers, home and email addresses were exposed accidentally by the Washington DC-based digital consultancy, including 6000 Boeing employees.

It’s unclear how long the data was left exposed, although the Boeing employees are just a small fraction of the 50,000 individuals whose personal information was reportedly compromised.

The information was gathered through a Boeing advocacy website called ‘Watch U.S. Fly’, which encourages supporters to use its automated system to send emails and letters and to directly call members of Congress requesting funding for various Boeing projects.

IMGE did not respond to questions about its involvement with Watch U.S. Fly and the release of Boeing employees’ personal information. You can read more here.


LifeLabs pay cyber-attackers to secure sensitive customer data

Canadian laboratory testing company, LifeLabs, has paid cybercriminals to secure the sensitive information of the millions of customers whose data was exposed during a cyber-attack.sensitive data

Cybercriminals gained unauthorized access to the information of 15 million LifeLabs customers.

Information including names, addresses, emails addresses, logins and passwords, date of birth, health card numbers and even lab test results were exposed.

LifeLabs has paid an undisclosed amount to retrieve the data that had been accessed and have officially taken steps to strengthen their system against future attacks. You can read more here.


38,000 students queue for new email password

Students from Justus Liebig University Giessen in Germany were told to queue in person for a new email password after the University was hit by a cyber-attack.

On the 8th December, the cyber-attack took the entire University offline. Students have been asked to bring ID cards to the university gym at a selected time determined by their birth date. The university have reported it will take a full five days to process all students.

Meanwhile, the University has made 1,200 USB sticks available to staff so computers can be scanned for viruses. You can read more here.


Quick-fire Updates:

2019 sees over a thousand US schools hit by ransomware: Over 1000 US schools have been hit by ransomware in just one year. 72 school districts were affected, impacting an estimated 1039 schools nationwide. You can read more here.

Second cyber-attack foiled by Iran in less than a week: Iran has foiled yet another cyber-attack this week. The cyber-attack targeted Iranian electronic government systems. You can read more here.

Twitter trolls target epileptics: People with epilepsy have been targeted by trolls on Twitter with seizure-inducing videos. You can read more here.


If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.