Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2024

What is PPP Loan Fraud?

When the pandemic hit in 2020, our world became chaotic overnight. Throughout the nation, individuals were met with layoffs or stringent checks—pushing the financials of families to their breaking points. Simultaneously, business organizations faced similar issues; because fewer bodies were allowed in the same area, production trickled to a minimum, niche clients limited their spending, and small businesses counted the days until their doors closed.

Cementitious Vendor-CGM-Network Compromised by 315k Data Breach

Based in Philadelphia, Pennsylvania, CGM is a nationwide cementitious vendor for industries and construction projects. They are a leader in manufacturing, labeling, and distributing custom cement and patching products. CGM also offers solutions for dry cementitious powders, construction liquids, and options for epoxy resins. At their physical facility, they process and package concrete construction products for their vast range of clients.

Chattanooga Heart Institute Updates on 2023 Network Cyber Attack

Patients with cardiovascular issues may appear in one of the Chattanooga Heart Institute (CHI) facilities in Tennessee and Georgia. The network features a substantial team of surgeons, specialists, and cardiologists. CHI provides a comprehensive approach to cardiac care, offering patients exceptional services when needed.

Oklahoma's Largest Non-Profit Health System Breached; 2.3 Million Exposures

INTEGRIS Health is the largest non-profit healthcare network in Oklahoma and surrounding regions. The network includes medical and surgical centers, hospitals, emergency rooms, hospice options, addiction recovery programs, and a holistic approach to health and wellness. In November 2023, Integris discovered suspicious activity within their network environment; subsequent investigations have confirmed they were the target of a cyberattack that exposed 2,385,646 individuals.

462k Hawaiians and Patients Exposed by Health Network Cyberattack

Navvis & Company is a comprehensive healthcare network throughout the US, including Hawaii. They offer scalable healthcare services that push patients towards their health and wellness goals while supporting providers’ roles to achieve those milestones. In the middle of last year, mid-July, Navvis experienced a cyberattack; their experts responded, but not before the assailants got away with 462,861 records—and that’s just from Hawaii.

Weekly Cybersecurity Recap February 16

This week was particularly active in Cybersecurity—attacks rained upon all states, from the Great Basin of Nevada to the Volcanoes of Hawaii. The week began with an announcement out of Texas: U.S. Renal Care found exposed information from a vendor breach in 2023, impacting over 132k patients. Connecticut College was also featured this week; investigations are ongoing, but victims shouldn’t wait to protect themselves. The public also got an update on the PJ&A data breach from 2023.

National Vascular Care Provider Confirms Cyber Attack; 348k Exposures

Azura Vascular Care operates a national network of health and wellness centers. They specialize in minimally invasive procedures and strive to treat vascular conditions in comfortable, out-patient settings. They offer healthcare in 25 states with multiple facilities and specialized teams. At the end of last year (2023), Azura discovered a threat actor within their network environment; officials removed the threat, but not before the criminals obtained 348k patient records.

Connecticut College Announces Breach Investigations from March 2023

Connecticut College (CC) is a private campus institution in New London, CT; initially opened as a women’s college, the institution today serves a 2k-student population and offers more than 40 degree programs. In March 2023, cybercriminals victimized CC by accessing their network environment. Eleven months later, CC officials have begun sending impact notices to those with data exposed in the incident.

PJ&A Transcription Releases Update; 13.3 Million Exposures from 2023 Breaches

Perry Johnson & Associates (PJ&A) is a medical transcription organization based in Nevada. Since the public learned about PJ&A’s breach, we have featured it whenever large healthcare networks have announced data breaches stemming from their incident and when officials present updates. This week, more information is public about the incident, through the Maine Attorney General’s Office.

Massive Renal Care Network Announces Breach via HealthEC's 2023 Incident

U.S. Renal Care (Renal) is a 32-state, 400-location, 26k-patient healthcare provider primarily concerned with kidney disease and longevity; Renal offers in-facility and at-home dialysis solutions. Renal’s significant treatment network is made possible by various third-party vendors, from equipment solutions to transcription services.

Credit Union Struggles Following Ransomware; SSNs of 61k Stolen

The Bayer Heritage Federal Credit Union has headquarters in West Virginia. Like other unions, they offer various services that assist members in saving and investing no matter their life phase. Bayer’s products include financial accounts, IRAs, investment options, and many loans, from estate to student. At the end of October 2023, Bayer reportedly experienced a cyberattack; the breach lasted only a day but exposed the Social Security Numbers (SSNs) of 61,159 borrowers.

Weekly Cybersecurity Recap February 9

This week, around 643k data records were announced as lost in the cyber wars. Early on, the public learned of HopSkipDrive’s event, which impacted 155k student guardians. The most significant breach of this week, with an impact figure of over 307k, also occurred early in the week; the Des Moines Orthopaedic Surgeon clinic claimed the incident was due to a vendor’s failure.

Verizon Employee Data Compromised

Verizon is a top-performing communications organization with clients and influence worldwide. They offer various electronic services, including physical technology, Internet services, entertainment programs, communications plans, etc. They enjoy a user base of nearly 145 million people in the US, making them the largest telecoms operator in the states. Verizon recently announced a breach in mid-September 2023; however, the event was not from an external threat actor—it came from an employee.

Retirement & Life Insurance Provider Responds to Application Disruptions

Infosys McCamish Systems (IMS) is a subsidiary of Infosys, a global outsourcing organization. IMS is primarily concerned with delivering life insurance and retirement solutions for clients of Infosys. Among those who use IMS’ services are nationwide organizations, including Bank of America. In November 2023, IMS was made aware of a cyberattack on their systems; the attack disrupted some of IMS’ applications and compromised the information of 57,028 people.

Orthopaedic Surgeon Group Breached by Vendor Cyberattack; 307k Exposed

Des Moines Orthopaedic Surgeons, P.C. (DMOS) has three clinics throughout Iowa’s capital; they offer comprehensive solutions for ortho-care, from joints to extremities and MRI imaging to outpatient surgery. DMOS utilizes a variety of third-party vendors to serve their patients and the surrounding regions; almost a year ago, DMOS experienced a cybersecurity event through one of these vendors. The unauthorized actors broke into their system and compromised the information of 307,864 individuals.

Bankers Life-Retirement Solutions Provider-Faces Member Data Breach

Bankers Life and Casualty Company (Bankers) is a nationwide retirement solutions provider. Their services assist members in maintaining and stretching their retirement income, paying for health and treatment programs, finding excellent retirement care, and assisting families with final expenses. There are over 3,800 Bankers agents throughout the US, with most states having one or more physical branches.

Education Transport and Ride Share Organization Updates on 155k Breach

HopSkipDrive is an education solution that assists guardians with their unique transportation needs; from planning bus logistics to utilizing live ride-share options, HopSkipDrive is a family’s best resource for education transportation. In July 2023, HopSkipDrive received an email from an unknown actor, allegedly claiming that assailants exfiltrated information during a cyber attack.

Weekly Cybersecurity Recap February 2

This week started with a cyber event targeting a Californian insurance brokerage, Keenan & Associates; the assailants garnered over 1.5 million records from the attack. GEICO also announced data from their organization was compromised, although the breach didn’t happen through them; one of their vendors was hit by the global MOVEit event, exposing the data of over 70k employees and associates.

GEICO Finds Employee Personal Data Exfiltrated via 2023 MOVEit Breach

The Government Employees Insurance Company (GEICO) is a privately owned insurance group with 18 branches in the US. They provide insurance plans for all aspects of life, including auto, motorcycle, travel, pet, homeowner, renter, and jewelry options. GEICO employs over 38,000 people nationwide, many of whom receive discounted prices for their insurance. GEICO also offers dental insurance to its employees through Delta Dental of California (DDC) and affiliates.