July was one of the hottest months in recent memory, and cybercriminals did their part to keep the heat cranked up for organizations around the globe. As organizations continued sorting through the wreckage of the massive MoveIT incident, new and ongoing threats continued to arrive from every corner.
July’s notable breaches include attacks on healthcare providers, emergency services, government agencies, and free speech. Let’s take a closer look at some of the most troubling cybercrimes of the past month.
July’s Biggest Cyber Attacks
HCA Healthcare Hack Exposes 11 Million Patients
One of the harshest truths of cybercrime is that the most vulnerable targets are often also the most desirable to thieves. That was proven yet again in a July 5 attack on Nashville, Tennessee-based HCA Healthcare. Hackers were able to access an external storage location that formatted emails and calendar reminders sent to patients.
While it does not appear that the stolen material included medical records, data such as names, email addresses, birth dates, and other personally identifiable information for more than 11 million patients across 20 states.
HCA claims to have shut down the affected storage location as soon as the breach was detected, but the damage was already done. The as-yet unknown hackers were advertising the stolen HCA data on the dark web by July 10. Meanwhile on July 12, a class-action lawsuit mounted by impacted HCA patients seeking monetary damages for what they say was a failure to provide adequate protection for their personally identifiable information.
Records Exposed: Personally identifiable information for 11 million U.S. healthcare patrons
Type of Attack: Third-party storage breach
Industry: Healthcare
Date of Attack: July 5, 2023
Location: Nashville, Tennessee
Key takeaway: However the class-action suit plays out, the damage for HCA here clearly goes well beyond the initial security breach. Lawsuits and reputational damage can end up being more costly than the attack itself. For an organization dealing with so much sensitive information and such a wide-ranging client base, the risks that come with a breach of this magnitude more than justifies the expense of guarding against it.
Another Microsoft Hack Exposes US Agency
Still reeling from the massive and still-evolving MoveIT data breach, the last thing Microsoft needed was another high-profile cybersecurity incident. Unfortunately, the tech giant got exactly that with the July 12 revelation that hackers suspected to be working for the Chinese government had accessed email systems at more than two dozen U.S. organizations, including several federal departments.
The attacks, which appear to have started earlier this year, compromised email accounts of employees and officials in the U.S. State and Commerce Departments as well as other unknown agencies.
After being roundly criticized in the press for its recent spate of security lapses, Microsoft introduced a new policy of making it easier for its cloud computing customers to detect cyber attacks. China has officially denied any involvement with the breach, but U.S. and Microsoft officials were not shy about pointing the finger in their direction.
One government official described the attack as “a very targeted, surgical campaign,” a qualification more consistent with a politically motivated crime than a financially motivated one.
Records Exposed: Email servers and individual accounts
Type of Attack: Unclear, but believed to be targeted
Industry: Various, including federal departments
Date of Attack: June-July, 2023
Location: Washington, D.C. and others
Key takeaway: As easy as it may be to pin all of the blame on Microsoft for another data breach, this attack made it through multiple layers of security before the hackers were able to access such high-value accounts. Every organization in the modern era needs third-party providers to do business, but that isn’t an excuse to let your partners’ security struggles bleed into your operations.
Supply Chain Crime Shuts Down U.K. Ambulance Services
In another attack on a healthcare organization, the ripple effects of a July 18 server breach of the Swedish software hosting company Ortivus impacted medical emergency services for a sizable region of the U.K. Both South Central Ambulance Service and South Western Ambulance Service were left unable to access electronic patient records for several days. The two services cover a population of roughly 12 million people, as well as some popular tourist destinations in southern England.
While ambulances were still being dispatched and emergency phone lines remained operational, medical workers could not immediately access important patient records related to medical histories, allergies, prescriptions, and other important health information.
As of this writing, it is not clear whether there were serious medical consequences of this attack, or what group might have been responsible. The ambulance services are back to operating at full strength after several days of relying on pen-and-paper recordkeeping.
Records Exposed: Medical records systems
Type of Attack: Third-party server breach
Industry: Healthcare
Date of Attack: July 18, 2023
Location: Southern U.K., Sweden
Key takeaway: This situation could have been much worse had the ambulance services not been able to adjust on the fly and keep serving patients with the tools at hand. While relying on manual methods to access patient records is far from ideal, it beats the alternative. Having a contingency plan in place before a cyber attack happens is the surest way to keep your operations moving smoothly after it does.
Anonymous Sudan Are No Fans of Fan Fiction
The deceptively named hacker collective Anonymous Sudan (which is believed to be Russian in origin) has been a recurring name in cybercrime circles over the past year. They seem to have kept up their chaotic efforts in July with a highly visible direct denial of service (DDoS) attack on the sprawling, Hugo-Award-winning online fan fiction repository Archive Of Our Own (AO3). The July 10 attack flooded the AO3 servers with traffic that shut the site down for much of the day.
Messages claiming to be from Anonymous Sudan condemned AO3 for hosting sexually explicit and “immoral” content, while demanding a ransom that the volunteer- and donation-dependent archive was unlikely to be able to pay. Service was restored by the following day. Meanwhile, some AO3 users have responded to the attack by posting satirical fan fiction stories about the Anonymous Sudan collective.
Records Exposed: None, but substantial service outage
Type of Attack: Direct denial of service
Industry: Arts
Date of Attack: July 10, 2023
Location: Sao Paulo, Brazil
Key takeaway: Recent months have seen a number of ideologically motivated DDoS attacks on high-profile targets. While these crimes are not as publicized nor ultimately as damaging as ransomware attacks, they can still be hugely disruptive and costly. Breaches don’t always come from the direction one might expect, which makes a security system with strong preventative measures that much more essential.
At first glance, there would seem to be a huge gulf between the U.S. State Department and a volunteer-run fan fiction archive, but as far as criminals are concerned, they’re both equally valid targets. No matter your industry, mission statement, or business size, cybersecurity precautions are nothing you can afford to take lightly.
Better understand the cost of a breach with our calculator.
Learn more about how having an incident response plan can save time, money, and resources in the event of a cyber incident.
