Ransomware hits insurance company, hospital chain, a government services provider and a school board, and a useful report from Microsoft.
Welcome to Cyber Security Today. It’s Wednesday September 30th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Organizations around the world continue to be hit by ransomware. One of the latest is an international insurance provider and risk management firm called Arthur J. Gallagher. In a filing with the U.S. Securities and Exchange Commission the company said that on Saturday it detected a ransomware attack. What it called a “limited portion” of its IT systems was hit. Systems were taken offline and an investigation started. Gallagher had restarted most of them by yesterday.
Meanwhile Universal Health Services, which operates 400 healthcare facilities in the United States and the United Kingdom, said Tuesday it had suspended access to its IT systems in the U.S. after suffering what it called an information technology security incident. As of Tuesday the company said it had no evidence that patient or employee data was accessed, copied or misused. According to the Bleeping Computer news service, employees reported that some hospitals had to redirect ambulances and relocate patients needing surgery to other institutions. There is evidence this is a ransomware attack, says the news report.
This follows confirmation from Tyler Technologies last week that its internal systems were hit by ransomware. Tyler focuses on providing IT services to 10,000 government departments and schools in the U.S., Canada, Australia and the Caribbean. Tyler says it has no evidence that any customer systems or data were affected.
And the ZDNet news service reports that a cybercriminal has published private data of thousands of students in Nevada. This came after officials at the Clark County public school board refused to pay ransom to release scrambled files. One report says the data includes students’ names, addresses and social security numbers.
This week Microsoft issued a look back at the past 10 months of cyberattacks, and the picture it found wasn’t pretty. It’s no surprise successful attacks are increasing. But all is not lost. Microsoft says the majority of attacks it looked at could have been stopped if victim organizations had implemented multi-factor authentication in addition to passwords. It’s not just me recommending this. Multi-factor authentication is an extra layer of protection — a code, fingerprint, facial scan or a security fob — in addition to a password to secure access to important data or hardware devices. The report has lots of useful advice. It’s good reading for executives who want to learn more about cybersecurity, as well as IT professionals.
My story on the Microsoft report and a link to the report are here.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon