Cyber Security News Roundup – 13th March 2023

It's the beginning of a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

The cyberattack that has paralysed Barcelona's Hospital Clinic 06/03

The Barcelona Hospital Clinic has been affected by a sophisticated and complex cyber attack that has caused widespread disruption to appointments, operations and tests. The attack involved the Ransomhouse ransomware operation and originated from outside the Spanish borders, with Catalan police and Interpol working to determine the source. Progressive restoration of services is now underway. (El Nacional)

Hundreds of US lawmakers and staff affected by data breach 08/03

A data breach involving a DC based health care insurance service has exposed the personal information of hundreds of US House members and staff, with the FBI investigating the "significant" event. The breach occured last Tuesday and potentially revealed the data of thousands of other users, with US House members not the specific targets of the attack. An advert for the stolen data appeared on hacking forums, and claimed to hold the data of 170,000 people, including social security numbers. (CNN)

Blackbaud to pay $3M for misleading ransomware attack disclosure 10/03

Blackbaud, a cloud services provider, has been agreed to pay $3 million in order to settle charges that it failed to report the full impact of a 2020 ransomware attack that impacted 13,000 customers. The cyber attack impacted their customers worldwide, including in the US, UK, Canada and the Netherlands, and across a variety of industries. Blackbaud initially paid the ransom fee and stated that the threat actors had not accessed banking information or social security numbers, however staff learned that this information had actually been breached and failed to report it to management due to improper disclosure protocols. (Bleeping Computer)

Cerebral notifies 3.1M users of healthcare data breach 10/03

Cerebral, an online mental healthcare service, has notified over 3.1 million individuals that it has suffered a multi year data breach. Cerebral uses pixel tracking technology, and after a review of their data sharing policies realised that they had been disclosing this information to subcontractors without the appropriate HIPAA assurances. Disclosed information varied from individual to individual, based on their interactions with Cerebral, their device configuration and their third party permissions. Cerebral has immediately paused any tracking operations and also halted data sharing with any third parties that do not meet HIPAA requirements, now encouraging their users to review their data sharing permissions as well as reviewing their passwords and privacy options. (Health IT Security)

Staples-owned Essendant facing multi-day "outage," with orders frozen 12/03

Wholesale stationary distributor Essendant has suffered a significant, multi-day outage of their systems that has prevented customers from placing and fulfilling orders online. This ongoing outage began on Monday 6th March, with the company beginning to notify customers on the 7th and customer service unreachable. Orders placed but not shipped are being cancelled and receiving hours and purchase orders are suspended until further notice. Essedant is yet to reveal the cause of the outage, but it is likely either a technical fault or the result of an ongoing cyber attack. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!