This October was a particularly haunting month for cybersecurity thanks to the ongoing pandemic and upcoming presidential election. October data breaches picked up right where September left off—along with a fresh set of warnings on a looming healthcare assault. 

Examining the latest cyberthreats, it’s clear that healthcare organizations are at a severe risk during this crucial period. In fact, CISA, the FBI, and HHS released a statement in October advising healthcare providers to take precautionary measures for a stark oncoming threat. 

When reviewing October’s list of data breaches, you’ll notice several healthcare organizations were pummeled by malware. Some had to take their systems temporarily offline, affecting daily operations and putting lives at risk.

Let’s take a closer look at these recent cyberattacks from 2020.

October 2020 Cybercrime Stats 

Below are key stats from October security breaches and cyberattacks.

• Biggest Breach: There were multiple large-scale cyberattacks throughout October. The healthcare industry was hit especially hard, with numerous breaches across healthcare systems. This industry is especially vulnerable with the increased number of patients due to the COVID-19 pandemic and all the attention it brings.
• Popular Threat: The most common threat from the latest month of breaches was ransomware. Ryuk ransomware is on the rise; estimates suggest it’s responsible for one-third of all ransomware attacks so far in 2020.

Ransomware Assault on St. Lawrence Health System Hospitals in NY

With an increased risk of cyberattacks at healthcare organizations, it should be no surprise that a string of recent breaches occurred at several hospitals in New York. Three St. Lawrence County hospitals were among the victims.

The attacks on the three hospitals took their IT systems down. While the systems were down, the healthcare centers were forced to operate offline, slowing down operations. Ambulances were even diverted to other hospitals for a brief time. 

Luckily, the hospitals were able to get back online quickly after this attack, reviving systems later that day. It doesn’t appear that any personal data from patient records was compromised.

Bad actors leveraged Ryuk ransomware in the attack. This ransomware likely infected the system when an employee unknowingly opened a fake email. Many hacking groups use Ryuk, and it’s becoming commonplace in these recent cyber breaches on healthcare organizations.

• Ransom Paid: N/A
• Type of Attack: Ransomware
• Industry: Healthcare
• Date of Attack: October 2020
• Location: New York State

Key Takeaways

The IT teams that managed the system’s antivirus and security were not familiar with Ryuk ransomware. Some key takeaways from this attack can help organizations like yours be better prepared for similar events. 

• System Review: Perform a periodic review of systems and programs that are used for antivirus protection and malware monitoring. Ensure that software and systems are up to date.
• Training: Ongoing research and training ensures that teams are informed of new types of threats and prevention tools.

Attack on Dickinson County Healthcare System Affects Michigan and Wisconsin Hospitals

Federal agencies and cybersecurity professionals have warned of increasing attacks on medical centers and healthcare organizations. Another victim of these recent cybersecurity attacks was the Dickinson County Healthcare System in Michigan. This latest data breach impacted the system’s clinics and hospital. 

The attack was detected in mid-October, and upon discovery the staff took swift action. They worked with outside security agencies to investigate and restore their systems using backup files. While IT systems were down, the hospital and clinics were able to maintain their operations, though some processes took place manually until systems were fully restored.

Although this incident had a profound impact, the organization doesn’t believe that any records were breached. It is not confirmed whether this attack is related to the rash of cyberattacks on healthcare systems across the country.

• Ransom Paid/Records Exposed: N/A
• Type of Attack: Ransomware
• Industry: Healthcare
• Date of Attack: October 17, 2020
• Location: Dickinson County, Michigan

Key Takeaways

The Dickinson County Healthcare System responded quickly once the attack was discovered. By bringing in outside consultation, it was able to restore its systems and complete a review of the incident.

• External Reviews: Bringing in cybersecurity consultants for a thorough review of systems and procedures can help identify security gaps in programs and protocol.
• Backup Files: Back files up frequently. In the event of an attack, data loss is common. Having updated backup files allows an organization to bring systems back up quickly, and can help determine if any data was stolen. 

Oregon-Based Sky Lakes Medical Center Systems Breach

A recent data breach occurred at Sky Lakes Medical Center—another of many cybersecurity breaches on healthcare organizations. The ransomware attack was discovered in late October, forcing Sky Lakes to take its systems down while it repaired things.

Although daily operations continued in light of the attack, it delayed emails and other timely communication between staff. It also resulted in the delay of some patients’ medical appointments and procedures. However, the medical center worked tirelessly to get its systems back up and running. By the following day, they were mostly operational. 

A ransom was not paid in this instance, and IT staff were able to take back the systems. It is not believed that any patient records or sensitive data were stolen during the breach. This security breach part of the increasing wave of cybercrimes against healthcare systems, both large and small.

• Ransom Paid/Records Exposed: N/A
• Type of Attack: Ransomware
• Industry: Healthcare
• Date of Attack: October 27, 2020
• Location: Klamath Falls, Oregon

Key Takeaways

Cyberattacks are not only costly, they can also greatly affect a business’s day-to-day operations. Following this attack, some patient’s appointments and procedures were delayed and lines of communication between staff were limited.

• Manual Processes: In the event of unexpected system outages due to breaches, manual processes should be in place so daily operations can continue. 
• Monitoring: 24/7 monitoring is essential for detection and alerting around the clock, as attacks are launched from all over the world at all hours of the day and night.

National Guard Called to Mitigate Louisiana Government Malware

The Louisiana State government fell victim to another of last month’s cyberattacks as a group of cybercriminals launched a ransomware attack on its offices. 

How did it happen? The hackers used emails mimicking those sent by other employees. When an unsuspecting employee opened the attachment, malware was installed. While this could have become a large-scale attack, the breach was identified quickly and contained to primarily northern counties.

A hacking tool called “KimJongRat,” previously linked to North Korea, was used in the attack. It’s a remote access trojan (RAT) which is often leveraged by hackers as a steppingstone for future breaches. Since the malware is widely available online, it’s difficult to make a firm connection to the North Korea regime. The group responsible for this attack has not yet been identified, but authorities are still investigating.

• Ransom Paid/Records Exposed: N/A
• Type of Attack: Ransomware
• Industry: Government
• Date of Attack: October 2020
• Location: Louisiana

Key Takeaways

With so many cyberthreats looming, organizations and agencies must be vigilant. The number of breaches is only increasing, and hackers have become stealthier and more elusive. As a result, organizations should have a response plan ready to go as soon as a breach is detected.

• Security Training: Employees should have routine training on how to identify cyberthreats, such as suspicious emails, links, and attachments.
• Response Plan: Develop a response plan that explains who’s involved, what their roles are, as well as what procedures to follow. 

Chatham County Local Systems Grind to a Halt After Cyberattack

As election day neared, many had concerns about a security incident wreaking havoc, and taking down or tampering with voting machines. This fear became closer to reality in Chatham County, North Carolina in October. 

County officials said their communication systems were severely affected after a cyber incident. The attack took down phone and email services, and much of the county’s network. Once the attack was identified, it was reported to police and the county began their recovery effort. 

In this suspected ransomware attack, voting systems were not disrupted according to a county officer, however, this threat has been to mind of local officials and IT security professionals alike. As part of Chatham’s county long-term recovery effort, they will revamp and update many of their systems to help deter and prevent future attacks.

• Ransom Paid/Records Exposed: N/A
• Type of Attack: Ransomware
• Industry: Government
• Date of Attack: October 28, 2020
• Location: Chatham County, North Carolina

Key Takeaways

County officials didn’t state how the hackers were able to breach the system. However, it’s possible that out-of-date systems made it easier for hackers to deploy the ransomware.

• Involve the Authorities: Authorities should be notified immediately after discovering a security breach.
• Keep Systems Updated: It is important to ensure that all systems, such as anti-virus software and firewalls, run the latest version.

The Next Attack…

Who will suffer the next big security breach in 2020? We won’t need to wait long to find out, as breaches keep occurring this year with increasing regularity.

Stay Ahead of Cyberthreats With Arctic Wolf

Recent security breaches have shown that staying ahead of cyberthreats is the best way to avoid a major breach and irreparable damage. Is your company in need of a cybersecurity solution? Learn more about the solutions that make Arctic Wolf the leader in security operations.  Get in contact with us today.