On March 13, 2020, ExecuPharm, a pharmaceutical company located in King of Prussia, PA, suffered a Maze ransomware attack with theft of sensitive information. The attackers behind the Maze ransomware use manual attacks and they grab data from the breached entity before data encryption. Then they issue threats to publicize the data when the victims don’t pay the ransom demand. This is the case with this cyberattack.
The attackers have previously told the press that they won’t launch ransomware attacks on medical institutions while there’s a COVID-19 crisis. Nonetheless, it appears that pharma companies aren’t excluded from their campaigns. In this case, the data posted on the Maze web page consists of financial information, records, database backup files, and other sensitive data.
As per an announcement provided by ExecuPharm, a top-notch cybersecurity company is assisting with the investigation to know the design and magnitude of the breach. The firm had submitted the breach report to the authorities and all affected persons received notifications.
Aside from company data, the attackers accessed and downloaded the personal data of workers. That data is composed of financial data, Social Security numbers, driver licenses, passport numbers, bank account details, credit card numbers, IBAN/SWIFT numbers, national insurance numbers, beneficiary details, and other sensitive data. The attackers additionally stole certain information related to its parent company, Parexel. People affected by the breach were provided complimentary one-year identity theft monitoring services.
The company used backups to recover its servers. As soon as systems were recovered, all data were restored from backups at the same time. Options are similarly being integrated to improve its security against attacks. The company set up multi-factor authentication for remote links, recognition and response forensics solutions on all systems and endpoint security. Email security procedures were similarly boosted to hold off ransomware emails.
Ransomware Attack on Brandywine Counselling and Community Services
Brandywine Counselling and Community Services located in Delaware also just lately had a ransomware attack.
Brandywine discovered the attack on February 10, 2020 and hired a computer forensic company to assist with the investigation. The investigation confirmed that servers affected by the attack held certain client data which was obtained by the attackers.
The breach report indicating 4,262 persons were affected was submitted to the HHS’ Office for Civil Rights. The stolen information included the names of clients, addresses, birth dates, and/or limited clinical data, like name(s) of provider, diagnosis, treatment data, and/or prescription(s), and some driver’s license numbers and Social Security numbers.
The people whose driver’s license number or Social Security number was exposed were offered free credit monitoring and identity theft protection services. More security steps were being completed to stop other ransomware attacks later on.