Cyber Intelligence Weekly (October 30, 2022): Our Take on Three Things You Need to Know
Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!
To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe
Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let us know!
Before we get started on this week’s CIW, I’d like to highlight a great article from our friends at Drata, “7 Myths About SOC 2 Compliance” from my friend and former colleague, Troy Fine. I often hear a lot of these misconceptions or myths about SOC 2 compliance when speaking with clients and prospects of the firm
Away we go!
1. Advocate Aurora Health Confirms Breach of Millions of Patient Records Due to Meta Pixel
Advocate Aurora Health (AAH) recently notified three million patients of a data breach through potential protected health information (PHI) exposure caused by the Meta pixel tracker used in their applications.
The Meta pixel tracker is a common user behavior tracker that is installed on certain websites to track/better understand user behavior through how they interact with the application or website it is tracking.
Per the AAH news release, they stated, “When using some Advocate Aurora Health sites, certain protected health information (“PHI”) would be disclosed in particular circumstances to specific vendors because of pixels on our websites or applications.”
It appears that these tracking pixels were installed on the client facing part of AAH’s electronic medical records (EMR) systems such as MyChart and LiveWell. Our consultants at Echelon have experience with interacting with the Meta pixel and understanding how it shares potentially sensitive data, including ePHI. If your organizations uses the Meta pixel, give us a shout.
This story highlights how best intentions of marketing departments can greatly impact people’s privacy and security in a negative way. Other health systems that use the Meta pixel in this way, in conjunction with MyChart, should definitely look deeper into this and whether or not they also have a breach to disclose.
2. Misconfigured Microsoft Data Bucket Leaks Sensitive Data of 65,000+ Entities
Last week Microsoft released an update to a misconfigured endpoint in the cloud that potentially led to the exposure of business transaction data. The release noted, “This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.”
The leak was discovered by a security researcher at SOCRadar who dubbed the issue as “Bluebleed.” They noted that the data available through this leak included potential critical data from more than 65,000 companies from 111 countries.
The SOCRadar researchers that uncovered the issues in the Azure Blob Storage noted that they discovered more than 335,000 emails, 133,000 projects, and 548,000 exposed users within the leaked data. It should be noted that Microsoft’s response to the SOCRadar report stated that, “SOCRadar has greatly exaggerated the scope of this issue.” Microsoft also stated that their investigation found no indication customer accounts or systems were compromised and that they directly notified any affected customers.
3. LockBit Group Says They Stole 1.4TB of Data From UK’s Kingfisher Insurance
A large UK insurer, Kingfisher Insurance, is supposedly one of the latest victims of ransomware gang LockBit 3.0. Their data has supposedly been added to the dark web recently. The criminal group claims to have stolen 1.4 terabytes of information from the company which include personal data of employees and customers.
LockBit is one of the more prolific ransomware groups out there and has been quite active as of late. They are one of the purveyors of the ransomware as a service (RaaS) model. For a full breakdown of LockBit tactics, techniques, and procedures (TTPs), check out this recent presentation the Health and Human Services Cybersecurity Program. Another great resource on LockBit is the recent FBI flash report with a full listing of LockBit specific indicators of compromise.
Thanks for reading!
About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about