Massachusetts hospital breach, Recall's next deployment, Blue Yonder restoration - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines: December 9, 2024 Hosted by Steve Prentice from the CISO Series

1. Massachusetts Hospital Confirms Christmas Day Ransomware Breach

Steve Prentice opens the episode by addressing a significant ransomware incident affecting a Massachusetts hospital.

Incident Overview:
- Hospital Details: A not-for-profit community hospital in Massachusetts confirmed a ransomware attack that occurred on December 25, 2023.
- Data Compromised: Over 316,000 patients' Personally Identifiable Information (PII) was exposed. This includes sensitive data such as health insurance numbers, Social Security numbers, driver's license details, and financial information.
- Ransomware Group: The attack was orchestrated by a group named Money Message, which began releasing patient data in January 2024 after failing to receive concessions from hospital officials.
Investigation and Impact:
- Forensic Analysis: The complexity of the breach required an extensive forensic investigation, culminating in November 2024.
- Patient Data Exposure: The breach affected over 310,000 patients, with no current indications of fraud resulting from the incident.
Notable Quote:

"The complexity of the theft meant it has taken until November of this year to complete the forensic investigation." – Steve Prentice [02:15]

2. Microsoft Expands Recall Feature to Intel and AMD Copilot PCs

The discussion shifts to Microsoft's latest developments in AI-powered security features.

Recall Feature Expansion:
- Previous Rollout: Initially launched for Snapdragon Copilot PCs last month.
- New Deployment: The preview is now extended to AMD and Intel-powered Copilot PCs participating in the Windows 11 Insider Program.
Functionality and Security Enhancements:
- Features: Recall captures screenshots of active Windows sessions every few seconds, allowing users to retrieve specific snapshots using natural language queries.
- Security Adjustments: Following security concerns, Microsoft has made Recall an opt-in and removable feature. It now requires user confirmation via Windows Hello to ensure presence.
Notable Quote:

"Recall itself was recalled promptly to address numerous security concerns, and Microsoft has now made it an opt-in and removable feature." – Steve Prentice [05:30]

3. Blue Yonder Restoration Progress Post-November 21st Attack

Blue Yonder, a supply chain software provider owned by Panasonic, updates on their recovery efforts following a cyberattack.

Attack Details:
- Perpetrators: The Termite Gang, linked to the Babuk ransomware family, was responsible for the attack.
- Data Compromised: Approximately 680 gigabytes of data, including emails, insurance documents, and company data, were stolen.
Restoration Efforts:
- Customer Impact: Systems for several clients, including major companies like Starbucks, are back online across 76 countries.
- Recovery Status: Blue Yonder has successfully restored operations for many of its 3,000+ major clients, emphasizing resilience and effective incident response.
Notable Quote:

"Blue Yonder, whose clients include Starbucks, provides systems for fulfillment delivery and returns from more than 3,000 major companies across 76 countries." – Steve Prentice [08:45]

4. Atrium Health Announces Data Breach Involving Online Tracking Technologies

Atrium Health disclosed a unique type of data breach related to online tracking technologies.

Breach Specifics:
- Affected Systems: The breach involved online tracking technologies present on Atrium Health's patient portal from 2015 to 2019.
- Data Involved: Personal information of approximately 585,000 individuals may have been shared with third-party vendors like Google and Facebook.
Impact and Response:
- Data Transmission: While the exact data transmitted remains unclear, the potential exposure includes personal information used by users of the MyAtrium Health or MyCarolinas patient portals during the specified period.
- Official Statement: Atrium Health expressed uncertainty about the specific data shared but acknowledged the scope of the affected user base.
Notable Quote:

"It is difficult to precisely determine what data was transmitted to third parties, but it is assuming that all users of the MyAtrium Health or MyCarolinas patient portal between January 2015 and July 2019 are affected." – Steve Prentice [12:10]

5. Intrigue Behind the Salt Typhoon Telco Penetration

An in-depth look into a cyber espionage campaign targeting US telecommunications companies.

Campaign Details:
- Main Targets: Numerous US Telecom networks were infiltrated by hackers affiliated with China.
- Techniques Used: Jeff Simon, T-Mobile's Chief Security Officer, highlighted a novel penetration technique unfamiliar to him in his 15-year cybersecurity career.
Challenges in Mitigation:
- Scope Uncertainty: Jeff Green from CISA emphasized uncertainty about fully evicting the adversaries, as the extent of their operations remains unclear.
Notable Quotes:

"There is no CVE for it. Specifically, Simon was referring to the way that cyber spies hopped between organizations' networks and tried, ultimately unsuccessfully, to break into T-Mobile." – Steve Prentice [15:25]

"We cannot say with certainty that the adversary has been evicted because we still don't know the scope of what they're doing." – Jeff Green, CISA's Executive Assistant Director for Cybersecurity [16:40]

6. TikTok Loses Appeal and Faces U.S. Ban

The episode covers the latest developments in TikTok's legal battles concerning its operation in the United States.

Legal Proceedings:
- Court Decision: The federal appeals court rejected TikTok's attempt to overturn a law mandating its ban or sale in the U.S. by early 2025.
Implications:
- Free Speech Concerns: TikTok argued that the ban would infringe upon the free speech rights of its 170 million U.S. users.
- Government Stance: The court maintained that the law was the result of extensive bipartisan efforts by Congress and successive presidents.
Future Steps:
- Next Legal Move: TikTok plans to escalate its challenge to the U.S. Supreme Court in hopes of reversing the decision.
Notable Quote:

"The court, however, upheld the law, which it said was the culmination of extensive bipartisan action by the Congress and by successive presidents." – Steve Prentice [18:55]

7. Romania Annuls Presidential Election Due to Russian Influence

A significant political and cybersecurity-related event in Romania is discussed.

Election Disruption:
- Court Decision: Romania's Constitutional Court annulled the first round of the presidential election, citing Russian interference.
Election Details:
- Affected Candidate: Far-right candidate Khalin Georgescu's initial victory was attributed to a state-sponsored interference campaign.
- Methods Employed: The interference involved a sophisticated guerrilla campaign on social media platforms, particularly TikTok.
Consequences:
- Election Repeal: This unprecedented move mandates a complete repetition of the electoral process in Romania.
Notable Quote:

"Intelligence documents declassified and released on Wednesday by the outgoing president assess that the victory attained by far-right candidate Khalin Georgescu in the first round was down to a widespread state-sponsored interference on his behalf, including a sophisticated guerrilla campaign on social media, particularly TikTok." – Steve Prentice [21:30]

8. Upcoming Event: Super Cyber Friday

Steve Prentice concludes the content-heavy segment by promoting an upcoming event.

Event Details:
- Date and Time: December's final Super Cyber Friday on Friday at 1 PM Eastern / 10 AM Pacific.
- Focus Topic: Hacking technical debt.
- Features: In-depth discussions with expert guests, interactive games, and a lively chat room environment.
Registration Information:
- How to Join: Interested listeners can register via the events page at CISOseries.com.
- Future Events: A full schedule of Super Cyber Friday shows is planned for 2025.
Notable Quote:

"If you have never joined us for Super Cyber Friday, we go into depth discussing a topic with two expert guests, but we also games and engage with our lively chat room." – Steve Prentice [23:45]

Conclusion

This episode of Cyber Security Headlines provides a comprehensive overview of recent cybersecurity incidents and developments, ranging from major data breaches in the healthcare sector to sophisticated cyber espionage campaigns targeting telecommunications and political processes. Microsoft’s proactive feature expansions, TikTok's legal struggles, and geopolitical influences on elections underscore the multifaceted nature of cybersecurity challenges today. Additionally, upcoming events like Super Cyber Friday offer listeners opportunities to deepen their understanding and engage with experts in the field.

For more detailed stories behind these headlines, visit CISOseries.com.

Loading summary

Transcript1 lines

[00:00]
Steve Prentice
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Monday, December 9, 2024. I'm Steve Prentice. Anna Jakes Hospital Confirms details of Christmas Day ransomware breach following up on a story we covered in January, the not for profit community hospital located in Massachusetts has confirmed on its website that the ransomware attack on its systems that occurred on December 2025, 2023 has exposed sensitive health data for over 310,000 patients. A ransomware group named Money Message started releasing patient data in January after not getting satisfaction from hospital officials. The complexity of the theft meant it has taken until November of this year to complete the forensic investigation. The result is an impact to over 316,000 patients with PII, such as health insurance, Social Security numbers, driver's license numbers and financial information being leaked. The hospital's announcement adds that it has no indication that there has been any fraud as a result of this incident. Microsoft Expands Recall Preview to Intel and AMD copilot PCs after two delays that occurred over the summer, Microsoft has now expanded its preview of its new AI powered recall feature to AMD and Intel powered Copilot PCs enrolled in the Windows 11 Insider Program. This builds upon the first rollout to Snapdragon Copilot PCs last month. Recall is a Windows feature that captures screenshots of active Windows every few seconds and gives access to Windows 11 users to specific snapshots using natural language. Recall itself was recalled promptly to address numerous security concerns, and Microsoft has now made it an opt in and removable feature that requires users to confirm their presence using Windows. Hello, Blue Yonder announces restoration progress after November 21st attack the supply chain software giant owned by Panasonic, says that several of its customers systems are back up and running. This is as the Termite Gang, which is allegedly behind the incident, announced it had 680 gigabytes of data, including emails, insurance documents, company data and more to play with. Blue Yonder, whose clients include Starbucks, provides systems for fulfillment delivery and returns from more than 3,000 major companies across 76 countries. Ransomware researchers have tied the code used by the Termite Gang to the Babuk ransomware family. Atrium Health Announces a data Breach this breach is a little different from those we regularly hear about. In a notification to the U.S. department of Health and Human Services, Atrium Health, which provides healthcare services at more than 1400 care locations and 40 hospitals across several states, announced that the issue involves online tracking technologies that were present on an Atrium Health patient portal between 2015 and 2019. These were commonly used Internet technologies intended to help operate certain features of its patient portal and enhance the online experience for users. The breach itself, which is said to have affected about 585,000 people, may have transmitted certain personal information to third party vendors such as Google and Facebook. The company continued by stating it was difficult to precisely determine what data was transmitted to third parties, but it is assuming that all users of the Myatrium Health or My Carolinas patient portal between January 2015 and July 2019 are affected. Thanks to today's episode's sponsor, ThreatLocker Do Zero Day Exploits and supply chain attacks keep you up at night? Well, worry no more. You can harden your security with Threat Locker. Threat Locker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit threatlocker.com that is T H R E A T L O c k e r.com the intrigue behind the Salt Typhoon Telco penetration continues in an interview with the Register, T Mobile's Chief Security Officer Jeff Simon stated that the massive cyber espionage campaign during which China affiliated hackers broke into numerous US Telecom companies networks used a novel technique that he says is not something that I've seen in my 15 year career in cybersecurity. It is not something that is well published or read about. There is no CVE for it. Specifically, Simon was referring to the way that cyber spies hopped between organizations networks and tried, ultimately unsuccessfully, to break into T Mobile. Added to the intrigue is a statement From Jeff Green, CISA's executive assistant director for cybersecurity, who we cannot say with certainty that the adversary has been evicted because we still don't know the scope of what they're doing. TikTok loses appeal and is set to be banned in the U.S. as reported by the BBC, TikTok's bid to overturn a law which would see it banned or sold in the US from early 2025 has been rejected. The company had pinned its hopes on describing to a federal appeals court how the ban would be unconstitutional, representing a staggering impact on the free speech of its 170 million US users. The court, however, upheld the law, which it said was the culmination of extensive bipartisan action by the Congress and by successive presidents. TikTok says it will now take its fight to the US Supreme Court Romania annuls presidential election, citing Russian Influence the first round of the country's presidential election has been annulled by its Constitutional Court showing Russian interference influencing the result. Such a move is unprecedented in Romania and will require that the electoral process be repeated in its entirety. Intelligence documents declassified and released on Wednesday by the outgoing president assess that the victory attained by far right candidate Khalin Georgescu in the first round was down to a widespread state sponsored interference on his behalf, including a sophisticated guerrilla campaign on social media, particularly TikTok we're getting into December, which means that it is just about time for the last Super Cyber Friday of the year. So join us this Friday at 1pm Eastern, 10am Pacific for our discussion on hacking technical debt. If you have never joined us for Super Cyber Friday, we go into depth discussing a topic with two expert guests, but we also games and engage with our lively chat room. So head on over to our events page@cisoseries.com to register to join us. And don't worry, we have a full slate of Super Cyber Friday shows set for 2025. I'm Steve Prentice reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headline. It.