Weekly Recap December 23
Table of Contents
- By Steven
- Dec 23, 2022
Now that we're reaching the end of 2022, the holidays have hit, and so has the winter hack spike. This so-called spike has yet to actually be researched, but it is a common theory that there is a massive swell in both real life and cybercrime around the winter holidays. This is likely due to the sheer opportunity; people are distracted and paying less attention to their credit cards and reports. It's also a hectic time for many companies, so their attention is kept from their cybersecurity efforts. Let's examine some of this week's most notable breaches and cyber attacks.
Suncoast Skin Solutions
Suncoast Skin Solutions became a victim of ransomware over a year ago. Typically, we wouldn't include such an old hack in our weekly overview, but Suncoast didn't admit to the breach until December 2022. This resulted in patients and customers spending more than a year in limbo, utterly unaware that their information was in a third party's hands.
Emory Healthcare is Georgia's largest hospital system and recently had a breach that affected over a thousand individuals. "The investigation determined that, from December of 2020 to December of 2021, the now-former EHC employee inappropriately accessed at least 1,600 patient records outside the scope of their job responsibilities," read the breach notification on the hospital's website.
Massachusetts Department of Youth Services
The Massachusetts Department of Youth Services has had a new kind of breach we've never heard of before. An employee mistakenly printed copies of an undisclosed number of individuals' personal information – many likely minors – and included them in schedule binders. We don't know whether the now-former employee sent these binders to other employees or civilians. The report filed with the Massachusetts Attorney General's Office stated that the "DYS has taken steps to make sure this type of event does not happen again."
San Diego Unified School District
Some people that keep up with our and others' cybersecurity news will most likely remember the Los Angeles Unified School District ransomware attack, which earned an unwanted place as the largest education breach in history. The SDUSD breach didn't affect nearly as many people and had nothing to do with ransomware. This hack only affected employees, which seems favorable to the hundreds of thousands of students affected in the LAUSD breach. The information included certain health insurance details, direct deposit information, names, and social security numbers.
San Gorgonio Memorial Hospital
To wrap up this week's most notable, we're looking at a California hospital. The San Gorgonio Memorial Hospital hack affected an undisclosed number of patients and employees. "We determined that one or more documents may have reflected your name, address, date of birth, medical record number, visit ID number, health insurance information, and/or clinical information, such as diagnosis, treatment information, date of service, provider name, and/or department name," read the notification letter sent to victims. The hack began in late October 2022 and was discovered and stopped in November 2022.