Security News Round-Up: American Cancer Society’s Online Store Infected with Skimming Malware
News Round-Up – Get a Quick Rundown of What You Need to Know
Evolver’s Cyber News Round-Up looks into recent reports and journalism covering cyber threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @EvolverInc. Visit our cybersecurity services page to learn more about cyber risk assessment and threat protection.
American Cancer Society’s Online Store Infected with Skimming Malware
On October 24th, skimming malware known for being linked to Magecart groups was found on the online store for the American Cancer Society, Bank Info Security states. The malware was taken down the next day (October 25th), meaning anyone who made purchases over the two day period should check their financial statements. The company has stated that they are still investigating, according to the article. This event is eerily similar to that of Mission Health, which found out its online store also possessed a malicious code, but remained there for three years before discovery.
Three Million Records Exposed in UniCredit Breach
UniCredit, an Italian bank, has revealed that a file from 2015 possessing three million Italian customer records were stolen by hackers, says Info Security Magazine. Luckily, none of these records are able to be used to access bank accounts or payment information. This is the bank’s second breach, with one having occurred in 2016 and impacting 400,000 records, the article states. After that incident, UniCredit had made investments of €2.4bn to improve cybersecurity and information technology.
Insurance Pays Norsk Hydro for Previous Cyberattack
According to Security Week, Norsk Hydro, a large Norwegian aluminum company, has received payment from insurance after being struck with ransomware in March. While the impact of the attack falls between $60 and $70 million, the company has so far received $3.6 million from insurance. The company has stated that it expects to receive additional payouts due to the sophisticated cybersecurity insurance policies it holds, says the article.
St. Louis Health Center Faces Data Breach
The Betty Jean Kerr People’s Health Center provides care to nearby residents in need without insurance. The facility shared that it has been hit with a cyberattack impacting an estimated 152,000 people, but did not affect medical records, says Security Week. However, the records did include addresses and social security numbers. A ransom was requested by attackers but denied by the center. While the information was locked and held for ransom, it still remains unknown whether or not the attacker has actually viewed the data.
DHHS Proposes Making Cybersecurity Donations to Doctors Legal
“The United States’ Department of Health and Human Services has proposed amending laws around non-monetary donations in a bid to help doctors protect healthcare services from cyber-attacks,” according to Info Security Magazine. The Anti-Kickback Statute and Physician Self-Referral Law would both be updated if the proposal went through. The major change would allow donation of assessments, cybersecurity services, cybersecurity software, and more, but would not include hardware, the article notes. The goal of the proposal is to make cybersecurity more accessible in the healthcare industry for entities that struggle to obtain proper protection.