Back in September, the Texas Tech University Health Sciences Center (TTUHSC) fell victim to a ransomware attack, which exfiltrated the sensitive health and medical records for over 1.4 million individuals. The Interlock ransomware group has taken responsibility for this attack and claims to have stolen 2.6TB of data, some of which has already been published to their leak site. Alongside the data theft, several university systems were taken offline to decrease chances of additional damage, which has caused continued interruptions to both TTU campuses and the patient’s online portal.
Clop ransomware exploits Cleo zero-day vulnerabilities
The threat actors behind the Clop ransomware group have recently claimed to have exploited two zero-day vulnerabilities in the Cleo file-transfer platforms to perform remote code execution and install an unauthorized backdoor in the system. While Cloe has pushed out updates for all vulnerable platforms to resolve the exploits, the backdoor was already used to exfiltrate data from companies who have implemented Cleo platforms on their corporate networks. It is still unclear how many companies have been affected by this attack, but Clop threat actors are actively willing to work with victims to negotiate for the deletion of the stolen information.
Rhode Island health services system breached
At the end of last week, officials for the Rhode Island Department of Health Services was informed by one of their vendors, Deloitte, that they had identified some malicious code and activity on their network. Following the investigation, it was revealed that the Rhode Island social services system, RIBridges, had been illicitly accessed on December 5th, and the group responsible may have compromised a significant amount of data for citizens of Rhode Island.
Cyberattack disrupts US auto parts manufacturer
In the middle of November, officials for the US auto parts maker, LKQ, discovered some unauthorized activity on their network and caused some temporary disruptions to their operations. While the company was able to return to normal after just a few weeks, the investigation into the intrusion is still ongoing, and staff are looking to their cybersecurity insurers to provide restitution for the loss of sales and other expenses during this incident.
Hackers compromise telehealth platform for 3 months
Officials for Phreesia, a healthcare software-as-a-service, have recently begun contacting nearly 1 million individuals who may have been affected by a 3-month data breach of their subsidiary, ConnectOnCall. The initial incident occurred from February through May of 2024 and allowed the attackers access to a significant amount of sensitive patient information. Currently, no threat actor group has claimed responsibility for this incident, nor has the investigation concluded on how the hacker was able to enter the system and remain undetected for nearly 3 full months.
