June in review: Breaches and ransomware

July 06, 2018//Ellen Neveux

Last Updated: November 18, 2020

We are now past the halfway point of 2018 and cyberattacks of all forms are plaguing highly regulated industries. In the month of June, it was reported that 145,942,680 records were leaked. To put this in perspective, 17,273,571 records were leaked in May of 2018. With both of these numbers so high, it is important to remember that they are only reflective of the breaches that have been found and reported. This number, from May to June, may have increased as much as it did because of the implementation of GDPR and the improved breach reporting mandate. Keep in mind, however, that numbers may still be off since cyberattacks are often found and reported months or even years after they have occurred.

It’s well-known that the healthcare industry is one of the biggest targets for cyberattacks because they have so much valuable information in one place, and UC San Diego Health suffered a highly visible attack in June. Although ransomware visibility may be down due to a lack of recent high-profile activity, it is still a very real threat for highly regulated industries. A Winnipeg mattress store suffered a ransomware assault last month. Finally, there was Klook, a travel company and their headline-making breach. Let’s take a closer at each of these cyberattacks and how they happened.

UC San Diego Health breach

Toward the end of June, UC San Diego Health had to inform 619 patients that their personal health data may have been compromised during a data breach. This breach, which occurred between November 20 and December 9, 2017, involved Nuance Communications, one of UC San Diego Health’s third-parties who performed medical transcription services. A former Nuance employee, whose credentials still worked, went into the company’s servers and accessed about 45,000 people’s sensitive information. Of the Nuance breach, only 619 were patients of UC San Diego Health, all of whom have been notified about the breach of their prescription medication information and some payment-related data.

Best Sleep Centre’s ransomware attack

Ransomware continues to be a huge issue, and one of the most recent victims was Winnipeg retailer, Best Sleep Centre. This local mattress and furniture supply store had to cease services and sales when its servers were shut down by a hacker.

To pay or not to pay is still a debate among security experts, but Best Sleep Centre decided to bite the bullet and pay up. The hacker asked for 0.6 in Bitcoin (roughly $6,000 Canadian), but David Keam, the owner, was able to talk the price down to $2,000 Canadian (0.23 Bitcoin). This route was taken, according to Keam, because he had no choice; the cost to rebuild the entire server would not have been worth it in terms of both downtime and money. Lastly, Keam added that this was a lesson he needed to learn and that the attack could have been avoided by keeping his servers up-to-date.

Klook’s third-party data breach

Before the end of June, Klook notified affected parties of a third-party data breach. There was a malicious JavaScript code that was associated with SOCIAPlus, a third-party web-based analytics tool that Klook used on its website. Once Klook found out about the unauthorized access, they immediately disabled the feature to protect its customers and their sensitive information.

Though Klook disabled the feature, there is still the possibility of a compromise of personal data and credit card information that customers entered on Klook’s website. Customers that used Klook’s website between December 11, 2017, and June 13, 2018, may be impacted (the Klook mobile app was not affected). The number of customers affected is estimated to be about 8% of total users. Klook has reached out and notified those that may have been affected.

Protect your network

If you thought the month of May was filled to the brim with the number of records leaked, June had roughly 130 million more records breached. From these numbers it is obvious that both breaches and ransomware attacks aren’t going away, they are increasing. The best thing any organization can do is protect itself from bad actors with a layered defense. It has been widely accepted that one of the main attack vectors for bad actors to access a network is through third-party access. Regulate and take control of the access granted to third-parties to save yourself from a data breach or ransomware attack.

About SecureLink
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

Subscribe to the SecureLink Blog.
close close