10 Catastrophic Cyberattacks From 2019

December 23, 2019

Hacker pointing at 2019 on a computer screen

10 Catastrophic Cyberattacks From 2019

It’s estimated that $2 trillion was lost to cybercrimes in 2019.

Two. Trillion. Dollars.

This stat may sounds startling, but these types of crimes are far too common, and yet, don’t always make it into the headlines. But from man-in-the-middle attacks (MitM) to ransomware, cybercrimes are at an all-time high. 

Cybercriminals do not discriminate. Attacks happen all across the world to all types of businesses, with some of the most devastating incidents occurring at local government, healthcare, and financial institutions.

Here is a list of the 10 biggest cyberattacks of 2019­. And as you’ll see, from big corporations to local institution—any organization that collects data is a potential target.

10. Baltimore City Government Ransomware Attack 

On May 7, the city of Baltimore was the target of a major ransomware attack. The hackers behind the attack locked up city files using ransomware called “RobbinHood” and demanded a $76,000 ransom in bitcoin from the city in exchange for the key. 

The city refused to pay and instead chose to restore the affected systems with the help of the FBI, costing the city more than $18 million. Intelligence agencies are still not sure who or what caused the attack. Frustration followed as officials and residents were kept in the dark by the city’s IT Chief about how the ransomware was affecting city services.  

  • Cyberattack Type: Ransomware
  • Location: Baltimore, Maryland, USA
  • Target: Local Government Servers
  • Cost: $18.2 Million

Ransom Paid: $18.2 million

The Baltimore cyberattack of 2019 shut down the city’s email and online payment systems for bills and fines. The real estate market came to a standstill for over a week because the finance department was unable to verify if sellers had any outstanding bills with the city.

In total, Baltimore spent a whopping $10 million on system restoration and $8 million was lost in revenue. 

9. US Customs and Border Protection Breach

On May 31, a high-profile cybersecurity incident took place at the US Customs and Border Protection Agency (CPB). Photos of faces and license plates of at least 100,000 people were stolen from the subcontractor, believed to be Perceptics. These photos were part of a facial recognition program that may now be put on hold.

The hack was the direct result of misconduct by the CPB. The federal agency violated rules by transferring the images to the subcontractor, which were then compromised. CPB has taken this seriously, as they have removed all equipment related to the breach and are closely monitoring all work by the subcontractor.

The attackers remain unknown. 

  • Cyberattack Type: MitM
  • Location: Unnamed Border Crossing (Canada-U.S. border)
  • Target: Customs and Border Patrol Surveillance Data
  • Cost: Unknown

People Affected: 100,000

The compromised photos likely came from a Canadian border crossing. Those photographed could be from anywhere around the world and their images may have been sold on the dark web. What’s more, this data is valuable. Although the U.S. has put it to good use, whoever ends up with it could use it for phishing, fraud, and scams. 

View from above Key Biscayne, FL

8. Riviera Beach, Lake City, and Key Biscayne FL, Attacks

In June 2019, a string of ransomware attacks on three local city governments in Florida took place. Each attack began the same: a city employee clicked on an attachment that released the malware. Ryuk, the ransomware used in at least two of these cyberattacks, is known to lie dormant for up to a year before releasing. Each attack resulted in a ransom demand. 

Lake City paid $460,000 in bitcoin and Riviera Beach paid $600,000 in bitcoin. It’s unclear if Key Biscayne paid a ransom. The hacker hasn’t been identified but has been traced from either Rockledge or Clearwater, FL. 

  • Cyberattack Type: Ransomware
  • Location: Riviera Beach, Lake City, and Key Biscayne, Florida, USA
  • Target: Local City Government Servers
  • Cost: $1 Million

Ransom Paid: Over $1,000,000

7. Quest Diagnostics Patient Records Breach 

Quest Diagnostics, a medical testing company, was involved in the biggest healthcare cyberattack of 2019. Almost 12 million Quest patients were affected by a data breach on May 14, 2019. An unauthorized user acquired access to patients’ financial data, Social Security numbers, and medical data housed by the American Medical Collection Agency. The AMCA works with Quest’s billing contractor. 

Quest took the incident very seriously and said they would notify patients of the breach and stop collections requests from the agency. Despite these efforts, Quest has been sued for $5 million by affected patients. The attackers only hacked into the AMCA system, Quest’s databases remain unaffected. 

  • Cyberattack Type: MitM
  • Location: Arlington, Illinois, USA
  • Target: Patient Finance Data 
  • Cost: $5 Million

Patients Affected: 11.9 Million

The attackers weren’t interested in patient healthcare information –it’s not easily monetized. They hacked this company to gain financial information. The patients affected are at risk of criminal actions like identity fraud. The lawsuit filed against Quest for $5 million seeks to compensate these individuals for what they may experience for years to come. 

6. Capital One Cyberattack 2019 

On July 19, Capital One detected it had fallen victim to one of the largest data breaches in banking history. Over 100 million credit card applications were accessed and thousands of Social Security and bank account numbers were taken. Capital One was extremely apologetic and quick to work with federal law enforcement to fix the exploit the hacker used. 

The victims were notified as soon as Capital One identified the compromised. In unusual circumstances, the attacker, Paige Thompson, an Amazon employee from Seattle, was arrested shortly after she had been discovered bragging about her exploits online. 

  • Cyberattack Type: Server Side Request Forgery
  • Location: Mclean, Virginia, USA
  • Target: Capital One Financial Servers
  • Cost: $100 - $150 Million

People Affected: 100 Million

Capital One spent around $150,000,000 mitigating damages. The company insisted no card numbers or log-in credentials were taken, but that hardly seems important when 100 million applications and 70,000+ social security and bank account numbers were accessed.

There’s simply no telling how far into the future victims may be affected. 

5. First American Financial Data Leak

On May 24, it was discovered that First American—a Fortune 500 real estate and insurance company—had a massive data leak. Nearly 885 million digitized mortgage documents containing sensitive personal data (that includes detailed bank account information) have been available to anyone with a web browser for over a decade. These files date back to 2003. 

First American’s response was to shut down external access to these files. This was not technically a hack, just laughably poor website design that allowed access to anyone with a URL for a file. It is unclear if data was harvested from these pages.

  • Cyberattack Type: Not technically a hack, but a data leak
  • Location: Santa Ana, California, USA
  • Target: Digitized Mortgage Documents
  • Cost: N/A

People Affected: 885 Million

This data leak is an excellent example of huge companies having far too little concern for customers’ privacy. These files were unbelievably easy to access. No username or password was required.

lock in the center of the screen with binary numbers around it

4. Virtual Care Provider Attack, 100+ Nursing Homes Targeted

On November 19, Virtual Care Provider Inc—a tech company that provides services to 100+ nursing homes and long-term care facilities—fell prey to a Ryuk ransomware attack. The attackers demanded $14,000,000 in bitcoin as ransom. VPCI hasn’t paid. 

VPCI continues to sort through the damage of their latest cybersecurity breach, with several of their “110 nursing home organizations with 80,000 computers across 45 states” unable to access patient records, pay employees, or order medications, according to Heather Landi. The attack was discovered quickly and a response was launched, as well as steps to enhance security. 

  • Cyberattack Type: Ransomware
  • Location: Milwaukee, Wisconsin, USA
  • Target: Virtual Care Provider Inc Servers
  • Cost: $14 Million

Ransom Demand: $14 Million

The attackers demanded a $14 million ransom, which VPCI cannot pay. They are struggling immensely under the weight of the damage as are their clients. Many locations can’t access medical records, countless employees aren’t getting paid, and tragically, people are dying. Some locations will shut down if their billing records can’t be accessed soon. 

3. Ransomware Targets Two Hospitals in Puerto Rico

In another recent cyberattack of 2019, on July 19, Bayamon Medical Center and Puerto Rico Women and Children’s Hospital lost huge amounts of sensitive patient information to ransomware. The attack encrypted the files of 520,000 patients between the two institutions. 

The entities have provided no details about the ransom, when this occurred, how the ransomware got into the system, or whether they’ve recovered the system. In a press release, they said they’ve hired outside consultants to help decrypt and recover records and xsthey will increase cybersecurity measures.

  • Cyberattack Type: Ransomware
  • Location: Bayamon, Puerto Rico
  • Target: Bayamon Medical Center and Puerto Rico Women and Children’s Hospital Patient Records
  • Cost: Unknown

Patients Affected: 520,000 

The two hospitals claim their investigation results showed that, although 520,000 patients’ medical records were encrypted and unusable, there’s no indication of the data being misused.

These are the only details the hospital has shared about the incident. 

2. Utah, Premier Family Medical Ransomware Breach 

Utah-based health care practice Premier Family Medical became another addition to the list of ransomware victims on August 30. Roughly 320,000 patients’ medical records were affected across all of the company’s 10 locations. Employees’ access to their systems and data was severely restricted. 

The company notified all patients that had been treated at the affected locations of the breach. They said their “investigation has found no reason to believe patient information was accessed or taken” and they’ve taken steps to beef up the security of their systems.

They’ve chosen not to disclose any information about the ransom amount or if it was paid. 

  • Cyberattack Type: Type: Ransomware
  • Location: Utah County, Utah, USA
  • Target: Premier Family Medical Patient Medical Records
  • Cost: Unknown

Patients Affected: 320,000

The 320,000 patients involved in this attack have no reason to believe their information is at risk or that they may be on the receiving end of criminal actions like identity fraud in the future. Although the patients and their data are safe, troubling cases like this are increasing in regularity. 

1. Grays Harbor Community Hospital Cyberattack

In June on 2019, Grays Harbor Community Hospital suffered a ransomware attack. Although it took them two months to disclose the attack to the public, when they finally did, they sent notices to all 85,000 affected patients. The ransomware infected the system when an employee opened an email. Employee training and tighter cybersecurity have been implemented. 

The unidentified hackers demanded about $1 million in bitcoin. It hasn’t been disclosed if it was paid. Although some data has been deemed permanently inaccessible, their biggest loss was in revenue when their billing system was down, which unfortunately, resulted in dozens of layoffs.

  • Cyberattack Type: Ransomware
  • Location: Aberdeen, Washington, USA
  • Target: Grays Harbor Community Hospital Patient Records
  • Cost: $1 Million

Patients Affected: 85,000

Grays Harbor Hospital couldn’t determine if the data of 85,000 patients was misused so they set up a toll-free call center to answer questions and made credit monitoring available for free. The daily patient experience wasn’t compromised at the hospital, but at the Grays Community Clinics, prescriptions were lost and appointments were delayed.

Ransomware Among The Most Famous Cyberattacks of 2019

The big takeaway of the year is cyberattacks—especially ransomware—are on the rise.

The three most common ways ransomware infects a system are: silent infections from exploit kits (executed when a compromised website is viewed), malicious email attachments, and malicious email links. Once infected, important files will be encrypted and a ransom will be demanded to get them back. 

Even if the ransom is paid, not all files may be recovered. A statistic on cyberattacks 2019 says “a new organization will fall victim to ransomware every 14 seconds” and by 2021 “every 11 seconds.” The importance of cybersecurity, data protection, and privacy cannot be understated. 

Trends Among the Biggest Cyberattacks of 2019

One conclusion to draw from reviewing 10 major cyberattacks of 2019 is that money is the motive. Whether hackers go after financial information from banks, patient records from medical institutions, or government servers, each attack is centered around the acquisition of data that is extremely profitable and easily monetized. 

If you want to protect your organization from becoming the next headline, reach out to our team at Arctic Wolf for a free demo. And check our resource center for more info about the world of cybersecurity.

Previous
2019 Data Breaches in Review
2019 Data Breaches in Review

2019 was a record breaking year for data breaches. Personal data stolen. Billions of dollars lost. Reputati...

Next
Stay Out of the Headlines: Mitigate Cyberthreats with SOC as a Service
Stay Out of the Headlines: Mitigate Cyberthreats with SOC as a Service

The cost of data breaches are rising and organizations of all sizes are under attack. Learn more about the ...