April 25- May 1, 2024 | Issue 17 - CICYBER
Janthe Van Schaik, Mihai Marian Calinoiu, Prim Thanchanok Kanlayanarak, Martina Sclaverano
Alya Fathia Fitri, Senior Editor
Kaiser Permanente’s Sensitive Information Leaked In Data Breach[1]
Date: April 25, 2024
Location: USA
Parties involved: Healthcare organization Kaiser Permanente; Healthcare Industry; Cybersecurity and Infrastructure Security Agency (CISA)
The event: Kaiser Permanente announced that third-party code trackers leaked data of approximately 13.4 million patients and members.[2] The leaked information concerns IP addresses, names, and user interaction data from the company's website and mobile applications. The leak does not include social security numbers (SSN), bank account information, or other financial information.[3] Kaiser Permanente is a care consortium operating with 40 hospitals and 618 medical facilities in the US.[4]
Analysis & Implications:
The compromised data from the website and applications will likely include IP addresses, names, navigation details, and user engagement metrics. Cybercriminals will likely distribute stolen data onto the Dark Web, likely using this information for phishing operations to do large-scale attacks on critical healthcare infrastructure. The healthcare industry will likely adapt its evaluation protocol on the technologies embedded in the online services/platforms to protect patient personal information, likely engaging with cybersecurity agencies to reduce the risks of cyber attacks.
There is a roughly even chance of a class-action lawsuit against Kaiser Permanente for mishandling sensitive information. The affected customers will likely demand compensation and urge healthcare organizations to handle sensitive information more responsibly by improving their information technology practices and procedures. The healthcare services provider will likely lose its customers’ trust with a roughly even chance of experiencing a decrease in the total number of patients, leading to financial losses.
There will likely be an increasing trend in data breaches and cyber attacks aimed at the healthcare sector. This situation will likely prompt healthcare organizations such as Kaiser Permanente to partner with cybersecurity experts from government institutions like CISA through the Cyber Hygiene Services program to reduce exposure to threats. The collaboration with external organizations will very likely enable healthcare organizations to identify risks and enhance response time to cyber incidents, likely strengthening the resiliency against cyber attacks and contributing to national security as a whole.
Date: April 27, 2024
Location: USA
Parties involved: IT service management company Okta; threat actors; Okta clients; service users.
The event: Okta warns about an increase in credential stuffing attacks targeting online services. Credential stuffing consists of using data stolen in previous breaches or attacks to attempt logging in to different platforms. Okta identified several requests in the past months that occurred through anonymizing tunnels such as TOR. Common targets for this type of attack are VPNs, SSH, and authentication systems.[5]
Analysis & Implications:
Okta will almost certainly invest in its Identity Threat Research team to maintain customers’ trust. Okta will almost certainly request detailed reports of all security incidents relating to credential stuffing in the past months, very likely using these reports to assess the magnitude and specific targets of the attack. Okta will likely explain to its customers that credential stuffing attacks do not necessarily indicate vulnerabilities in Okta services. The company will almost certainly perform risk assessments for each of its clients and advise all customers to routinely change their credentials.
Credential stuffing attacks will almost certainly continue to increase despite Okta's and other major companies’ warnings. Threat actors will almost certainly use waterhole and phishing techniques to expand their database of stolen credentials to later use for credential stuffing. Re-routing network traffic to data harvesting or malware-implanted pages will very likely facilitate entry points for ransomware attacks, very likely leading to further data breaches and economic loss for targeted networks. Are you a threat, security, investigative, intelligence, or operational professional? Do you need to stay ahead of the latest global threats? Then you need to subscribe to the Counter Threat Center (CTC). The CTC is the world's leading provider of threat intelligence and knowledge. We provide our subscribers with critical information about the wide range of global threats, so they can detect, deter, and defeat any threat before it can harm those they have been charged to protect. Sign up for a free trial today and see for yourself how the CTC can help you keep your organization safe. Click here to learn more: https://www.counterthreatcenter.com/subscriptions
[1] Data breach, generated by a third party database
[2] Health conglomerate Kaiser notifies millions of a data breach, Reuters, April 2024, https://www.reuters.com/technology/cybersecurity/kaiser-notifies-millions-data-breach-2024-04-25/
[3] Kaiser Permanente: Data breach may impact 13.4 million patients, Bleeping Computer, April 2024, https://www.bleepingcomputer.com/news/security/kaiser-permanente-data-breach-may-impact-134-million-patients/
[4] Health conglomerate Kaiser notifies millions of a data breach, Reuters, April 2024, https://www.reuters.com/technology/cybersecurity/kaiser-notifies-millions-data-breach-2024-04-25/
[5] Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks, The Hacker News, April 2024 https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html