1. Pharma Giant Cencora confirmed the theft of personal and health information
Pharmaceutical giant Cencora confirmed that the threat actors had access to personally identifiable information (PII) and protected health information (PHI) following the February 2024 cyberattack. On February 21, Cencora announced a data breach in a filing with the Securities and Exchange Commission (SEC). At the time, the company announced that it was investigating the scope of the security breach to determine the type of data that has been infiltrated. In a new filing with the Securities and Exchange Commission (SEC), the company reported that the amount of exfiltrated data is greater than what was initially identified.
Source : Security Affairs, SC Media, Infosecurity Magazine
2. Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations
The organization, which provides blood services to more than 300 hospitals in Florida, Georgia and the Carolinas, said the security breach impacted its software system and slowed down operations. “Manual processes take significantly longer to perform and impact inventory availability. In an effort to further manage the blood supply we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being,” Forbes added. OneBlood said it is working closely with anti-malware specialists and federal, state and local agencies as part of their incident response plan.
Sources: Security Week, Security Affairs, CNN, Bleeping Computer
3. HealthEquity says data breach impacts 4.3 million people
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. An investigation determined that the breach occurred on March 9, 2024, but was only verified by the firm on June 26, following an internal investigation. The data that has been exposed as a result of this breach varies per individual and includes: Full names, Home address, Telephone number, Employer and employee ID, Social Security Number (SSN), General dependent information, Payment card information (not numbers).
Source : Bleeping Computer, Tech Radar, Tech Crunch
4. McDowall Affleck Confirms ‘Cyber Incident’ After RansomHub Claims Access to 470 GB Data
McDowall Affleck, an Australian engineering firm, has acknowledged being the target of a “cyber incident.” While the company has not identified a specific threat actor, the RansomHub ransomware group claimed responsibility for the McDowall Affleck cyberattack on August 1, 2024. The alleged perpetrator behind the attack, RansomHub, is a notorious ransomware group known for high-profile attacks. Details of the McDowall Affleck cyberattack were shared on a dark web site linked to the threat actor. According to RansomHub’s own communication, the group claims to have accessed 470 GB of McDowall Affleck’s internal data. The leaked information reportedly includes critical documents, insurance records, tender and contract details, and personal information of both employees and clients.
Source : The Cyber Express, Teiss, Cyber Daily
About Penta Security
Penta Security takes a holistic approach to cover all the bases for information security. The company has worked and is constantly working to ensure the safety of its customers behind the scenes through the wide range of IT-security offerings. As a result, with its headquarters in Korea, the company has expanded globally as a market share leader in the Asia-Pacific region.
As one of the first to make headway into information security in Korea, Penta Security has developed a wide range of fundamental technologies. Linking science, engineering, and management together to expand our technological capacity, we then make our critical decisions from a technological standpoint.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.