Ransomware hits college, phishing hits medical billing company and email security of politicians questioned
Welcome to Cyber Security Today. It’s Monday July 15th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast click on the arrow below:
New York City’s Monroe College is the latest organization to be publicly-identified as being a victim of a ransomware attack. According to news reports, the college faced a demand for the equivalent of $2 million in bitcoin to get back encrypted data. As of Friday morning, when I recorded this podcast, the the college’s main web site was still down. However, classes were still being held and ways of helping students who are taking online classes get and submit assignments were being worked out. Most experts recommend organizations shouldn’t pay ransoms, but if they aren’t prepared for an attack it’s hard to resist.
A U.S. company called Nemadji that provides billing and other services to hospitals and clinics in several states has acknowledged being the victim of a data breach in March. A company employee clicked on a link in an email and fell for a phishing scam. The good news is most of the information in the employee’s mail was encrypted. The bad news is that also in the mail were encryption keys for the employee. With that the attacker could read anything. Looking at files the company realized the attacker could have accessed names, dates of birth, social security numbers, insurance numbers and medial diagnostic codes. According to one news report personal information on over 14,500 patients could have been exposed. It isn’t clear how the encryption key was in the email, except perhaps this means the IT department emailed the employee his password or the equivalent. Whatever, it’s bad.
Electioneering is going full blast in Canada, where a federal election is scheduled for October, and in the U.S., where candidates are campaigning for party nominations for next year’s elections. But a report by an American security company is a warning that campaigns anywhere still aren’t buttoning down their email systems from being forged. There’s an email message authentication standard called DMARC that has to be properly implemented or an attacker can spoof an email address and fool message recipients. Research by security firm Agari suggests only four of 13 Democrats running for their party’s presidential nomination are properly using DMARC. Not only that, only one of 13 have implmented advanced email security protection for other email threats. It’s a warning for anyone running for elected office anywhere: Take email and web site security seriously. Hire someone experienced.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.