The Top Cyberattacks of September 2020

October 8, 2020

It’s September, and school districts nationwide are determining how to get students back to school safely in the midst of a pandemic. For the majority of students this involves some online distance learning, which hackers find an easy target. 

If recent cyberattack trends reveal anything, it’s that September was a busy month for relentless hackers. With attacks targeted closer and closer to home for many of us, you may wonder, “How can I protect my organization, and myself, from cybercrime?”

One of the best ways to protect yourself is to make sure you’re educated on how hackers execute these attacks. To get started, read our list of recent major data breaches below. 

The Top Cyberattacks of September 2020

Here are the key stats from the recent data breaches and hacking incidents in September 2020.

  • Records Breached: 267,277,828+ 
  • Biggest Breach: The Dutch government revealed the loss of hard drives containing the personal info of 6.9 million organ donors.
  • Popular Threat: Ransomware
  • Breaches Reported: 100

Computer screen highlighting a data breach with numbers and text of "data breach" on the screen.

Major Hospital Chain UHS Hit in One of Biggest Cyberattacks in US History

United Health Services is among the primary U.S. hospital chains. Early in the morning on Sunday, September 27, they experienced a major cyberattack. In fact, reports reveal it may be was one of the largest cyberattacks in the history of the United States. 

UHS has over 400 locations with interconnected computer systems, and on the 27th they all began to fail. This caused outages at all UHS facilities, and hospitals had to resort to pen and paper for everything from labeling medication to filing paperwork. Luckily, patient care wasn’t heavily affected, though some surgical procedures had to be canceled. 

As is the case with the majority of recent cyberattacks, it’s believed that the hackers deployed ransomware. UHS has not stated this publicly, but it responded to the attack well. Once the attack was detected, UHS took down its entire network in an effort to prevent further breaches which might expose personal data of employees and patients. At this point, that tactic seems to have been effective.

  • Ransom Paid: Unknown
  • Type of Attack: Ransomware
  • Industry: Healthcare
  • Date of Attack: September 27, 2020
  • Location: Nationwide

Key Takeaways

We have a lot to learn from cybersecurity incidents in 2020. However, the UHS attack highlights what can happen when a large entity reacts appropriately. 

  • Although it may have taken several days to reset the system, UHS’s choice to shut down the network upon detection of the attack was the right move. While UHS wasn’t able to stop the attack from happening, it was able to avoid total catastrophe. 
  • One critical measure UHS had in place was its backup procedure of pen and paper. Although it may seem a bit arcane, it’s an option which is safe, secure, ready to be used immediately, and it allowed the hospital to continue to function and serve patients.  

Ransomware Forces Cleveland Hospital Offline for a Week

Yet another of September’s victims was a hospital, the Ashtabula County Medical Center in Cleveland. The attack took place on September 21.  

The medical center took the attack very seriously. It shut down its entire network and hired outside security experts to investigate the breach. While the facilities were able to continue outpatient care and services for life-threatening emergencies, elective procedures were postponed until the end of September. 

The attack was identified as ransomware by a cybersecurity analyst from the firm Emsisoft. Fortunately, it appears no patient or employee data was compromised. Other than this, no information has been released about the specifics of the attack, such as the potential ransom or other fallout. 

This incident has all the hallmarks of a current data breach. Ransomware is on the rise, the attackers are unknown, and they are targeting the healthcare industry during a vulnerable time.

  • Records Exposed: None
  • Type of Attack: Ransomware
  • Industry: Healthcare
  • Date of Attack: September 21, 2020
  • Location: Cleveland, OH

Key Takeaways

This recent data breach simply reinforces the fact that the healthcare industry finds itself in a precarious position. Ashtabula County Medical Center did just as good of a job as UHS at combating this attack, but there’s only so much that can be done. 

  • Hospitals are incredibly vulnerable institutions at this time. However, like UHS, Ashtabula County Medical Center had an emergency plan in place which allowed it to shut down its network and avoid compromising important data. 
  • Healthcare industry organizations are critically important as we move through the seasons of this pandemic. The strain on hospital and healthcare resources during this volatile time makes them more vulnerable and defenseless against hackers than ever before.

Stethoscope in the foreground with a doctor looking at his laptop in the background.

Las Vegas School District Data Leaked After Ransom Refusal 

At the end of August, just three days into the school year, the entire Las Vegas School District fell victim to a ransomware attack that targeted employees’ data as well as that of students. This is yet another in an increasing string of data breaches in 2020 involving schools. 

This cyberattack on the country’s fifth-largest school district was carried out by a group of hackers called the “Maze” gang. Though learning platforms weren’t affected, many of the school’s files were found to be inaccessible on August 27. Not long after, the Maze gang demanded an undisclosed ransom which the school district refused to pay. 

In retaliation, the group released a file with non-sensitive information just to prove it had access to the data. When the district offered no response, the group released all student and teacher information, including names, emails, addresses, dates of birth, and more. The school is now working with law enforcement to learn the full scope of the damage and to begin reparations.

  • Records Exposed: An unidentified number of employee Social Security numbers, addresses, and retirement papers, as well as students’ names, grades, birth dates, addresses, and school records.
  • Type of Attack: Ransomware
  • Industry: Education
  • Date of Attack: August 27, 2020
  • Location: Las Vegas, NV

Key Takeaways

Recent cyberthreats highlight how ruthless hackers can be. These recent attacks are even more damaging due to the ongoing pandemic. In this case, not only has sensitive and personal information been released, but the system’s downtime leaves children without opportunities to learn. 

  • Despite being in the midst of a pandemic with school budgets stretched further than ever before, it is still crucial to spend the resources to create a backup plan for this type of scenario.

In this case, the school district didn’t appear to have any sort of emergency plan to undertake in the event of a cyberattack. The important lesson here is that these attacks are on the rise, and schools need to establish incident response plans.

  • What’s surprising about security breaches in 2020 is that hackers seem emboldened by the pandemic. Previous attacks on school systems rarely led to the release of sensitive information about students or employees. Both were targeted and released in this attack, which is very concerning. 

Hartford, Connecticut Postpones School Start Date Following Cyberattack 

On September 1, which would have been the first day of school for students in Hartford, CT, the district was forced to postpone opening public schools due to a ransomware attack

Thankfully, the school only had to postpone opening for one day. The Hartford School District’s response to the attack was swift and effective, and it restored compromised systems throughout the day on Tuesday so schools could reopen on Wednesday. 

Officials immediately shut down servers and froze systems, which allowed the city to regain server access without having to pay the ransom. Even though the school district’s student information system was impacted, it reported no sensitive information was accessed and the system was restored. 

The hackers have not yet been identified, and it’s unclear whether or not the first day of school was purposely targeted. Although the Hartford School District was able to get through this attack, these recent breaches that target schools have raised alarms across the nation. 

Schools in the state of Connecticut have seen a significant number of cyberattacks in recent years. As a result, the city spent about half a million dollars to upgrade its security system last year. City and school officials believe this increase in spending to beef up security led to its success in combating this recent attack.

  • Ransom Paid: $0
  • Type of Attack: Ransomware
  • Industry: Education
  • Date of Attack: September 1, 2020
  • Location: Hartford, CT

Key Takeaways

Security breaches in schools have risen dramatically in 2020, but in Connecticut they’ve ramped up significantly for several years running. As a result, Hartford put better security measures in place, which was key to the district surviving this attack. 

  • Targeting schools and children has become more prevalent as schools turn to online learning during the pandemic. Online learning platforms have often left schools exposed, making them easy targets for hackers. 
  • The city of Hartford made significant investments to upgrade its cybersecurity capabilities last year This ultimately played a large role in their success against this recent attack. 

Government Software Services Provider Tyler Technologies Disrupted by Ransomware

Tyler Technologies is a primary provider of software services to state and local governments. Early in the morning on September 23, it discovered that an unauthorized intruder had gained access to its internal phone and information tech systems

As soon as this Texas-based company became aware of the security breach, it shut down points of access to the external system and launched an investigation. It notified law enforcement, and is currently working with third-party IT security and forensics experts to understand exactly what happened so it can safely restore systems. Going forward, Tyler Technologies is implementing enhanced monitoring systems. 

Recent cyberattacks show hackers heavily leverage ransomware, and this attack is no different. The ransomware used in the attack has been identified as RansomExx. Luckily, it appears the bad actors didn’t get away with any customer or otherwise sensitive data. However, it’s too early to be sure, and further investigation is necessary to verify that’s the case.

  • Records Exposed: Still under investigation 
  • Type of Attack: Ransomware
  • Industry: Technology 
  • Date of Attack: September 23, 2020
  • Location: Plano, TX

Key Takeaways

This security breach took place within a company that primarily serves state and local governments. It’s a good thing Tyler Technologies was able to take proper safety precautions to avoid potential harm to governments across the nation. 

  • Tyler Technologies said it shut down points of access from its internal systems to its external systems out of caution as soon as the company discovered the intruder. It was this cautionary act that likely saved its customers’ data from being compromised. 

The Next Attack…

September’s number of cyberattacks topped those of August. This comes as no great surprise since we have seen a general upward trend throughout 2020. What’s more, daily cyberattacks have been on the rise for the last decade.

September attacks highlighted a couple notable trends in cybercrime:

  • Healthcare and education organizations seem to be particularly vulnerable and common targets.
  • Ransomware is clearly the preferred hacking method.

Cybercrime is certainly not going away. What we can do is increase security capabilities, encourage companies to establish protocols and procedures in terms of incident response, and create new and better ways to get ahead of hackers, including broad visibility and 24x7 security monitoring.

Stay Ahead of Cyberthreats With Arctic Wolf

Recent security breaches have shown that staying ahead of cyberthreats is the best way to avoid a major breach and irreparable damage. Is your company in need of a cybersecurity solution? Learn more about the solutions that make Arctic Wolf the leader in security operations.  Get in contact with us today. 

Previous Article
CyberWins: Arctic Wolf Concierge Security Team Defends Financial Services Company From PowerShell Threat
CyberWins: Arctic Wolf Concierge Security Team Defends Financial Services Company From PowerShell Threat

Next Article
Arctic Wolf's 2020 Security Operations Report: Exclusive Webinar and Key Findings
Arctic Wolf's 2020 Security Operations Report: Exclusive Webinar and Key Findings

Leveraging insight from our experience, find key security trends observed by our security operations team i...

×

Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Company
Country
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!