We’re now halfway through the year, which means we’re in the midst of more information security news. June was full of headlines about sophisticated breaches, large incidents, and laws and regulations being implemented. Although healthcare is still a major target for hackers, this month we saw cities and schools in the headlines more frequently than in past roundups. Staying up to date on the latest information security news can help you improve your organization’s and your personal information security posture. Here’s a look into the biggest stories from June.
- Lake City, Florida agreed to pay hackers nearly $500,000 after the city’s computer systems were disabled. The attack began on June 10 when an employee clicked on a malicious email and infected the city’s computers with ransomware. This was the second Florida city to pay a ransom this month after Riviera Beach agreed to pay $600,000 to recover from a cyber attack from May 29.
- A data breach at the Department of Human Services impacted 645,000 Oregonians. State officials say they are working to address the problem with an agency that provides data tracking and training, as well as other cybersecurity services.
- Three universities disclosed data breaches over the span of two days. Graceland University, Oregon State University, and Missouri Southern State University all discovered that an unauthorized user gained access to personally identifiable information of students and employees.
- The recent discovery of a data breach at dental and vision insurer Dominion National went undetected for nine years. The company made a statement saying that an unauthorized party may have accessed some of its computer servers starting as early as August 25, 2010. This breach is a good example of the challenges some organizations have in detecting data breaches, as well as why it is important to have an incident response plan in place.
- The biggest health data breach so far in 2019 was revealed this month. A data breach at American Medical Collection Agency affected 12 million Quest Diagnostics patients. The incident exposed financial data, Social Security numbers, and certain medical information.
Government & Policy
- House lawmakers passed a bill that would create a team of security specialists to help mitigate damage after cyberattacks. The DHS Cyber Incident Response Teams Act will not only assist in restoring organizations after an incident but also help partners in the public and private sector understand cyber risks and create defense strategies.
- The Cybersecurity Maturity Model Certification is a new set of standards for contractors to be audited by third-party private sector companies to ensure compliance. These standards will include an education and training center for cybersecurity and are set to be implemented by January 2020.
- Maine is putting in place the nation’s strictest internet privacy protection law. This law will require internet service providers to ask for permission before they sell or share any of their customer’s data to a third party.
- The U.S. government is taking steps to improve election security for the 2020 presidential election. The Secure Elections Act would provide money to states to phase out paperless voting systems, which are easier to hack. Similarly, The Election Assistance Commission would provide grants to replace aging voting infrastructure.
- How often do your employees change their passwords? A recent survey found that half of respondents change their work passwords only if prompted. Compromised passwords have been linked to up to 80% of hacking-related security breaches. It’s recommended employees change their passwords every 30 to 60 days and use multi-factor authentication.
- Internet of Things (IoT) devices on company networks are becoming an increased area of threat. Hackers look to identify weak points in the security of a company, and every improperly configured device in your network is a potential entry point.
- The city of Worcester, Massachusetts added a cybersecurity awareness training position to bring awareness of cyber crimes to all city employees. With cities and towns becoming the prime targets of cyber attacks, it’s important for all employees to know what to do in the event of an incident.
- Microsoft is urging businesses to patch BlueKeep against a vulnerability in Remote Desktop Services (RDS). Nearly one million devices are vulnerable, and it is dangerous because its pre-authentication and future malware that successfully exploits the bug could spread across vulnerable machines.
- A report by Positive Technologies found that 76 percent of mobile applications for both iOS and Android have insecure storage, putting passwords, financial information, personal data, and correspondence at risk. High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and 43 percent of Android applications.
- Using the WiFi at your Airbnb can be dangerous. It is possible you are connecting to a hacked network from a previous visitor because even if the WiFi network is encrypted, it can still be very simple to hack.
- Some Medtronic insulin pumps from 2012 or earlier use wireless radio frequency that could potentially be used to hack the devices, and control the amount of insulin delivered. Up to 4,000 users could be impacted but there have been no confirmed reports of breaches yet. Medtronic recommends users of these devices change to a newer model insulin pump with better security.
- Cyber criminals have been placing events in people’s Google Calendar in attempt to steal their data or money. When users click on the event in their calendar, they are taken to a URL that contains various cyber threats. To avoid this scam, users can change their settings to only show invitations to which they have responded.
Following information security news and trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect yourself and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.