Week 8 Cyberattack Digest 2019 – University of Washington Medicine, Melbourne Heart Group, Toyota, and others

We hope you like our traditional cyber attack digests as we do. If so, enjoy our new week 8 cyber attack digest.

Toyota employees cannot access the email system  

by The Sydney Morning Herald – 20 February 2019

Toyota car maker has been affected by a cyber attack in Australia. As a result, the company’s employees were locked out of their emails for days.

Organization’s Australian servers were hit last Tuesday, after which the company decided to start an investigation involving federal authorities, and currently it is still unknown who was behind the malicious cyber actions. Company’s officials contacted  international cyber security experts to get its operating systems back online. As the email system remains inaccessible for employees, all the staff members were instructed to use “face-to-face communications, phone and text until emails are recovered. Also, the company website’s contact page has been temporarily replaced with a message informing the visitors that the page is “under maintenance”.

Misconfiguration exposed data of 974,000 patients

by SC Media – 21 February

You should always keep in mind that hackers are not the only thing to be aware of: misconfigurations may sometimes cause way much bigger troubles.  As a result of a misconfiguration that affected a database of  University of Washington (UW) Medicine, over one million personal health information records got exposed. According to the university’s officials, a website server was searchable on the internet throughout almost all the December 2018 and anyone could easily access data on 974,000 patients. UW commented that the delay in reporting the incident was caused by the time spent on conducting the initial investigation. As for the exposed files,  the accessible records consisted of patient names, medical record number, with whom UW Medicine shared the information, a description of what information was shared and the reason for the disclosure. Some files also included the name of a lab test or the name of the research study including the name of a health condition. Among the expose data, there were no specific medical records, patient financial information or Social Security numbers. “At this time, there is no evidence that there has been any misuse or attempted use of the information exposed in this incident,” UW officials said.

Patient’s data at Melbourne heart specialist clinic got affected

by The Guardian – 21 February 2019

Unfortunately, that was not the only incident that touched the healthcare sphere last week. A patient’s  files have been scrambles at a Melbourne heart specialist clinic. Experts reportedly characterized the incident as a ransom attempt. The Australian Cyber Security Centre has confirmed that currently, it is providing assistance to the Melbourne Heart Group. “As the matter is ongoing, it is not appropriate to comment further,” the center ’s spokesman commented. The Australian federal police were also involved in the ongoing investigation. Security experts have concluded that the malware that was applied for breaking into the unit’s security network is believed to originate from North Korea or Russia, while the origin of the malefactors is not clear yet. It is also unknown whether the clinic had paid the ransom to the fraudsters and how many files had been compromised. “I don’t want to make any further comment. We’re extremely busy and have got a lot of patients coming in,” Melbourne Heart Group spokeswoman announced.

Iran-based hackers are back again

by The Wall Street Journal – 25 January 2019

No, this wasn’t on purpose, but this article also covers security landscape in Australia. Iran-based hackers implicated in attacks on the U.S. and Western allies are said to be behind a computer breach of Australia’s Parliament and political parties. The attacks launched this month are considered to be a part of a global espionage campaign.  Cybersecurity experts claim that these began last year and mostly targeted the Five Eyes intelligence alliance comprising the U.S., Canada, the U.K., Australia, and New Zealand. The attacks are likely to be connected with President Trump’s decision to withdraw from a nuclear agreement with Iran. The attackers’ pattern is compatible with the activity of an Iranian state hacker from the Mabna Institute, a technology company linked to the Iranian Revolutionary Guard. An Australian cyberdefense agency official revealed that the hackers had applied malicious computer software, as well as techniques not seen previously.

Last week, there was a burst of cybersecurity news that touched Australia, bul this is obviously not the only country that gets attacked regularly. To learn more, follow us on Twitter, Facebook, and LinkedIn.

Do you want more?

Subscribe me to your mailing list