SECURITY
SECURITY
SECURITY
Data stolen from outsourcing group ExecuPharm published after ransomware attack
Data stolen in a ransomware attack in March from ExecuPharm, an outsourcing company servicing the pharmaceutical industry, has been published online.
The published stolen employee data is said to include Social Security numbers, taxpayer I.D.s, driver’s license numbers, passport numbers, bank account numbers, credit card numbers, national insurance numbers, national ID numbers, IBAN/SWIFT numbers and beneficiary information.
The ransomware attack and subsequent data theft occurred March 13 via a phishing attack. ExecuPharm notified law enforcement authorities April 17 and has retained a cybersecurity firm to investigate the incident.
According to TechCrunch, the stolen data was posted to a dark web site associated with the CLOP ransomware group. In addition to personal information, the published data includes thousands of emails, financial and accounting records as well as user documents and database backups.
Anurag Kahol, chief technology officer at cloud security firm Bitglass Inc., told SiliconANGLE that the attacker’s methods are a growing tactic among ransomware groups, making it more critical for companies to have adequate security tools and controls in place to protect their data.
“The exposure of this sensitive data puts the impacted individuals at risk for identity theft and financial fraud for years to come,” Kahol said. “Consequently, the pharma giant may face costly penalties for violating compliance regulations such as CCPA.’
Chris DeRamus, CTO at cybersecurity firm DivvyCloud Corp., noted that healthcare and pharmaceutical organizations are one of the top targets for cyberattacks, since they house massive troves of personally identifiable information on their patients and customers.
“There are no known decryption tools for CLOP ransomware, making this incident affecting ExecuPharm particularly concerning and further demonstrates the need for organizations to implement a more proactive approach to security and compliance practices,” DeRamus said.
His advice: “To protect customer data, enterprises need to follow the principle of least-privileged access in provisioning identity access management permissions, by providing checks to restrict identities to do no more than they are supposed to, across their systems. Organizations should also implement multifactor authentication for all users, securely manage service accounts and their corresponding keys, and enforce best practices for the use of audit logs and cloud logging roles.”
Image: Pxhere
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
