Security Update: IT Consulting Firm Blames Breach on MSP | #ransomware | #cybercrime

  • IT Consulting Firm Blames MSP for Data Breach
  • UnitedHealth Group: A Cyberattack Timeline
  • Kaseya Ransomware Attacker Sentenced
  • Ascension Healthcare Network Hit in Cyberattack
  • Lockbit Ransomware Mastermind Charged
  • Microsoft Copilot for Security Adds 15 Plugins
  • AT&T and PE Firm Spin Out MSSP LevelBlue

Cybersecurity and protecting end customer companies from cybercrime has grown into one of the most important trends for managed service providers.

Especially in 2024, managed service providers are stepping up to help their end customers protect their IT estates from cyber criminals and cybersecurity attacks.

With that in mind, each week we’ll bring you an assortment of stories from our affiliate site, MSSP Alert, that focus on some of the top news, trends and insights in cybersecurity for service providers. Here’s our first edition.

IT Consulting Firm Blames MSP for Data Breach

An IT consulting firm being sued in federal court for a data breach says it is not at fault. Instead it is pointing the finger at a managed service provider (MSP) for failing to secure its network, exposing it to the breach that affected more than one million people.

Berry, Dunn, McNeil & Parker, a Portland, Maine-based IT and accounting consultancy that operates a medical data analytics business, blames Reliable Networks, an MSP based in Biddeford, Maine. At issue is the failure to protect 1.1 million individuals’ personally identifiable information (PII) stored by Reliable’s Health Analytics Practice Group (HAPG). Some 3,100 Maine residents were affected in the security breach.

BerryDunn receives PII from its customers to conduct analytics services. However, it is BerryDunn, not Reliable, that is being sued in U.S. District Court in Portland, Maine by nine customers. Those customers are accusing BerryDunn of negligence, unjust enrichment, and breach of fiduciary duty owing to the data theft.

In the BerryDunn action, the plaintiffs hope to form a class-action lawsuit, complaining that it took BerryDunn seven months after the September 2023 breach to notify them of the theft. Whether BerryDunn intends to sue Reliable remains to be seen.

Click here for the full story.

UnitedHealth Group: A Cyberattack Timeline

The massive cyberattack that hit Change Healthcare on February 21, 2024 impacted hundreds of pharmacies worldwide, patient care included, and appears to have been the work of the infamous ALPHV/BlackCat ransomware crew. Change Healthcare is part of insurer UnitedHealth Group’s Optum healthcare business. In 2022, Change Healthcare merged with Optum.

Change Healthcare provides prescription processing services through Optum, which in turn supplies technology services for more than 67,000 pharmacies and care to more than 100 million individual customers. Change Healthcare processes 50% of all medical claims in the United States.

Optum listed more than 100 Change Healthcare services that were affected by the breach. Also disrupted were critical functions such as benefits verification, claims submission and status updates, remittance information transmittal and prior authorization, according to the Healthcare Financial Management Association.

Click here for the timeline.

Kaseya Ransomware Attacker Sentenced

The hacker convicted in the July 2021 ransomware attack against Kaseya has been sentenced to 13 years and seven months in a U.S. federal prison. Kaseya had no comment on the sentencing.

The Kaseya VSA supply chain cyberattack hit roughly 50 MSPs on July 2, 2021. The the REvil ransomware attack spread from the MSPs to between 800 and 1,500 businesses worldwide, Kaseya CEO Fred Voccola told Reuters on July 5, 2021. A timeline of the attack and aftermath is available here.

In addition to the prison time, Ukrainian national Yaroslav Vasinskyi, aka “Rabotnik,” 24, was also ordered to pay more than $16 million in restitution for his role in conducting over 2,500 ransomware attacks and demanding over $700 million in ransom payments, according to a statement from the U.S. Department of Justice Office of Public Affairs.

Click here for the full story.

Ascension Healthcare Network Hit in Cyberattack

Another cyberattack has been reported on a healthcare network. The most recent target is Ascension, a health system that includes 140 hospitals and 40 senior living facilities in 19 U.S. states. The extent of the attack is still undetermined, and it’s unclear who is behind the attack. There are also no details yet on any vulnerabilities exploited or how the attackers accessed the systems.

Ascension joins Change Healthcare and UnitedHealth among health providers that targeted in cybersecurity attacks. The Change Healthcare and UnitedHelath cyberattack on February 21, 2024 impacted hundreds of pharmacies worldwide, patient care included, and appears to have been the work of the infamous ALPHV/BlackCat ransomware crew.

Click here for the full story.

LockBit Ransomware Mastermind Charged

The alleged kingpin of the notorious LockBit hacking syndicate has been charged by the U.S. Department of Justice DoJ) with orchestrating thousands of cybercrimes worldwide that brought the crew hundreds of millions of dollars.

Dimitry Yuryevich Khoroshev, (aka LockbitSupp) a Russian national, has been designated by a federal grand jury for the District of New Jersey with creating, developing and administering what is widely believed to be among the most prolific cyber attackers in the world. A total of 26 charges have been bought against Khoroshev, including conspiracy to commit fraud, wire fraud, and extortion. The charges carry a maximum penalty of 185 years in prison. Each of the 26 counts in the indictment also carries a maximum fine of roughly $250,000.

Click here for the full story.

Microsoft Copilot for Security Adds 15 Plugins

Microsoft Copilot for Security is adding new capabilities, notably 15 partner plugins in Public Preview.

In a blog post, Shiv Patel, Copilot for Security senior product manager, said the plugins provide security providers with “third-party intelligence to protect against cyber threats with the speed and scale of AI.” The plugins easily integrate with Copilot for Security while applying advanced analytics, automation and orchestration features to enhance security posture and efficiency, Patel said.

The new plugins cover a range of security domains and use cases. Microsoft included examples of plugins and use case prompts that MSSPs could use to access the functionality. These prompts can also be used as part of custom promptbooks to build repeatable workflows for Copilot for Security customers to re-use.

Click here for the full story.

AT&T and PE Firm Spin Out MSSP LevelBlue

AT&T and private equity firm WillJam Ventures have launched LevelBlue, a managed cybersecurity services joint venture.

The announcement came at RSA Conference 2024 in San Francisco this week, some five months after AT&T and WillJam announced their initial plans to pair up to bolster cybersecurity services for small and medium business (SMB) customers.

The move aims to spin out and expand AT&T’s cybersecurity services to customers under the new LevelBlue name. LevelBlue will provide managed cybersecurity services through a standalone business operated by AT&T and WillJam, according to the companies.

LevelBlue will also provide cybersecurity consulting, threat intelligence and continuous security operations center (SOC) capabilities through more than 1,000 employees around the globe. AT&T is retaining a minority ownership stake and board representation in the new company, the partners stated.

Click here for the full story.

Source link


National Cyber Security