Edmonds School District (ESD) is in south Snohomish County, Washington. The district involves 35 schools, including Brier, Edmonds, Lynnwood, and Woodway institutions. The faculty of these schools serve over 20,000 grade-school students, with nearly 1,300 teachers leading diverse learning environments. Almost a year ago, ESD noticed suspicious activity within their network; after an investigation, officials determined the cause was a cybersecurity event.

This week, 2024, started with destructive numbers. Transformative Healthcare was featured early on; their breach happened in February 2023 and may impact over 900k people, including patients and former FAS employees. Bunker Hill Community College announced updates to their 2023 incident, where assailants released ransomware and stole an estimated 195k records.

The North Kansas City Hospital (NKCH) is just north of the Missouri River in North Kansas City, Missouri. The hospital boasts a considerable campus with 450 beds and over 100 more physicians. They provide nearly 50 medical specialties, including cancer, oncology, cardiology, women’s, and emergency care programs. The facility has served patients in the area for over 60 years; however, their recent breach may cause patients to receive care elsewhere.

For over a decade, the magnetic stripe was the authentication tool behind modern-day credit cards. Magnetic stripe technology was developed in the late 1960s, but it took time before widespread use. It wasn't until 1994 that EMV technology was developed, leading to the cards with the little chips embedded in them. Europe quickly embraced the EMV chip card, but the United States and Canada have taken longer.

Integris Health is one of Oklahoma’s largest medical networks; they operate hospitals, clinics, and urgent care from their 24 non-profit campuses. Integris commands over 1,800 patient beds across its facilities, with nearly as many physicians. At the end of November, Integris published a notice on their website; not only had cybercriminals breached their security and accessed patient data—the criminals also began extorting their victims.

Fred Hutchinson Cancer Center (FHCC) is a three-location care network that delivers solutions for cancer patients. They are an independent organization that provides experience for the University of Washington’s Medicine programs. FHCC’s multiple locations allow for over 400 treatment trials, giving even patients with advanced diagnoses hope for the future.

Our first breach report of 2024 concerns Boston’s retired Fallon Ambulance Service (FAS). When operating, FAS was a medical transcription company serving emergency services and other affiliated companies. Transformative Healthcare (TH) oversaw FAS as a support component of their telephone services. TH absorbed FAS in December 2022 but retained patient data in compliance with their legal obligations.

Bunker Hill Community College (BHCC) serves a population of about 13,000 across two campuses and dispersed locations. BHCC offers over 100 degrees, including arts, sciences, business, health, law, and STEM opportunities. In May 2023, BHCC experienced a ransomware event—officials responded by taking their systems offline—but the threat was successful nonetheless. The assailants stole an estimated 195,588 records in their attack.

This week caps off our year of cyber breaches; in this week alone, we saw millions of records stolen, targeted health providers, mortgage servicers crumble, and the return of a year-old breach. ESO Solutions made the news first, reporting 2.7 million patient records stolen from their emergency response software. HealthEC was featured in our reporting soon after, announcing a 112k record data breach from their health analytics platform.

National Amusements (NA) is in Norwood, Massachusetts. They are the majority shareholder for media sources, including CBS, Viacom, and Paramount. They operate thousands of movie theaters nationwide, including Showcase SuperLux, Cinema de Lux, Showcase Cinemas, and Multiplex Cinemas. NA’s widespread ties to the entertainment and news cycles may have made it a target. In December 2022, NA suffered a network breach; its report is one of the last to appear in the final days of 2023.