nGuard

Call us p. 704.583.4088
Client PortalSpeak to An Expert

Risk Management

MOVEit Data Breach: The Expanding Aftermath

In recent months, the financial services industry has been rocked by a series of high-profile data breaches, exposing millions of customers’ personal information, and leading to legal actions against major institutions. This latest wave of cyberattacks highlights the evolving threat landscape and need for organizations to safeguard their data and solidify their assets. This Security Advisory highlights the ongoing fallout caused by the MOVEit breach, initially reported by nGuard in July.

Impact of the Breach
In May, the MOVEit attack campaign led by Cl0p began disclosing sensitive data from more than 600 worldwide organizations including financial firms, universities, the U.S. federal government, and public retirement systems. To date, the breaches have affected approximately 50 million customers who had their Social Security numbers, financial account information, and other sensitive data stolen by hackers. Since then, MOVEit has released several CVEs with multiple remediation updates to assist their clients in fortifying their file transfer environment. The long-term effects of this incident are still unknown but with the continuous rise of exposed customers and lawsuits, the total cost is currently estimated at nearly $10 billion USD.

Response from Affected Institutions
At the time of the hacking campaign, nearly 31% of the hosts running at-risk MOVEit servers were tied to financial organizations. Several of these institutions, including Charles Schwab, TD Ameritrade, Genworth Financial, Prudential, and TIAA, have faced lawsuits in the wake of these data breaches. The lawsuits allege negligence, unjust enrichment, and breach of implied contract on the part of these institutions.

Most of the financial institutions have responded by emphasizing their commitment to protecting their clients and conducting thorough investigations into the incidents. In response to a class action lawsuit, Prudential has offered free credit monitoring in attempts to help customers feel protected against future threats.

TIAA, which partnered with vendor Pension Benefit Information (PBI) Research Services for data transfer, is facing allegations of failing to secure personally identifiable information (PII) of teachers, staff, and students. The lawsuit aims to highlight vulnerabilities in the MOVEit software and criticized the delayed disclosure of the breach. PBI, although offering identity theft protection, also faced severe criticism for its handling of the situation.

Protecting Infrastructure and Customers
Widespread attacks like the MOVEit breach cannot be overstated. They serve as a wake-up call for all industries and individuals to take a multifaceted approach to enhance their cybersecurity footprint. nGuard has over 20 years of experience helping high-target organizations within the Finance, Healthcare, and Transportation industries and recommends the following proactive security practices to provide peace of mind:  

  1. Comprehensive Security Audits: Conduct regular security audits to identify vulnerabilities in software and data transfer systems. These audits should include assessments of cloud infrastructure and third-party vendors’ security practices.
  2. Penetration Testing: Assess the effectiveness of security controls by identifying vulnerabilities and detailed defense strategies with current patches and remediations.
  3. Data Encryption: Ensure that sensitive data is encrypted both in transit and at rest. Strong encryption protocols should be in place to protect customer information from unauthorized access.
  4. Incident Response: Develop and test robust incident response plans to ensure swift and effective actions in the event of a breach. This includes timely and transparent communication with affected parties and adherence to specific requirements and security standards. Additionally, having an Incident Response vendor on retainer ensures faster response times, tailored to the distinct operations and needs of your organization.
  5. Employee Training: Continuously educate employees about cybersecurity risks and best practices through Security Awareness Training. Equip your team with clear policies and skills to recognize, report, and respond to red flags through Tabletop Exercises or social engineering engagements.
  6. Log Collection and Correlation: Maintain detailed logs and conduct analysis to proactively detect suspicious activity in your environment. This invaluable tool enhances your security stance by analyzing and correlating event data and sending alerts of suspicious activity.
  7. Vulnerability Management: Secure your environment by proactively managing risks and promoting continuous improvement in processes and practices with nGuard’s Vulnerability Management. Whether your focus is on remediation validation, PCI compliance, or possible exploits, rest assured that nGuard’s Vulnerability Management services are ahead of the curve.
  8. Framework Alignment: Establish a systematic procedure for assessing service providers responsible for safeguarding sensitive data or managing your organization’s vital IT platforms and processes. This exercise aims to verify that these providers are effectively securing both the platforms and the data they handle. Strategic Security Assessments guide teams in designing the definitive policies and procedures around clear frameworks for cybersecurity compliance and best practice.

 
The MOVEit compromise highlights the critical need for assertive cybersecurity measures. To ensure strong posture it is essential to take proactive action to secure systems, conduct comprehensive audits, and prioritize the protection of customer data. By implementing robust cybersecurity practices, institutions can not only protect their clients but also safeguard their reputation and financial stability.

Cybersecurity in Healthcare: A Growing Concern

The healthcare industry, with its vast repositories of sensitive patient data, has always been an attractive target for cybercriminals. Recent incidents have underscored the urgent need for robust cybersecurity measures in this sector.

Rhysida Ransomware’s Impact on Healthcare
The Rhysida ransomware operation has been particularly aggressive in its targeting of healthcare organizations. The U.S. Department of Health and Human Services (HHS) and various cybersecurity firms have released detailed reports on Rhysida’s modus operandi. This group’s audacity is evident in its willingness to compromise critical healthcare infrastructure, jeopardizing patient data and potentially delaying essential medical services. Such attacks not only disrupt operations but can also erode trust between patients and healthcare providers.

Missouri’s Medicaid Data Breach
Missouri’s recent data breach serves as a stark reminder of the vulnerabilities inherent in the healthcare sector. The breach, a result of an attack on IBM’s MOVEit system by the notorious Clop ransomware gang, exposed protected Medicaid healthcare information. This breach affected a vast number of individuals, with data ranging from personal identification details to medical histories. Such incidents underscore the importance of securing third-party systems and ensuring that vendors adhere to stringent cybersecurity standards.

Nationwide Cyberattack
A recent cyberattack had a cascading effect on hospitals and clinics across several states. The attack, targeting facilities run by Prospect Medical Holdings, disrupted computer systems, leading to the temporary shutdown of emergency rooms and the diversion of ambulances. Such widespread attacks can have dire consequences, especially in life-threatening situations where every second counts. The incident also highlights the interconnected nature of healthcare systems and the need for a unified response to cyber threats.

nGuard: Your Partner in Cybersecurity
In the face of these escalating threats, organizations must be proactive in their approach to cybersecurity. nGuard is here to assist:

  • HIPAA Strategic Security Assessments: Our in-depth assessments pinpoint gaps in HIPAA compliance, ensuring that your organization remains aligned with regulations.
  • Penetration Testing: With a suite of testing options, we identify potential vulnerabilities, enabling you to fortify your defenses against cyber threats.
  • Vulnerability Management: Our regular scans ensure that your systems remain impervious to the ever-evolving landscape of cyber threats.
  • Incident Response: Should the worst happen, our rapid response team is on hand to mitigate damage and guide your organization back to normalcy.

In an era where data breaches can have tangible real-world consequences, partnering with nGuard ensures that your organization remains both secure and compliant.

SEC Implements New Rules for Cybersecurity Incident Disclosure: A Call for Strengthened Preventative Measures

The U.S. Securities and Exchange Commission (SEC) has taken a step towards increasing transparency and investor protection by announcing new rules that requires public companies to disclose cybersecurity incidents within 4 days. The regulations aim to address the rising threat landscape, including the increase in cyberattacks and data breaches resulting from the digitalization of operations. This security advisory explores the background of the new rules, what they entail, and how organizations can prepare for compliance while bolstering their cybersecurity defenses through preventative measures.

The new SEC cybersecurity incident disclosure rules come at a critical time when the impact of cyberattacks is becoming increasingly evident. One of the notable cases that underscored the severity of such incidents is the MOVEit breaches. The breaches, perpetrated by Russian cybercriminals, targeted a widely used file transfer program, impacting hundreds of organizations, including major government agencies, universities, and prominent corporations.


Background of the New SEC Cyber Disclosure Rules:

In March 2022, the SEC proposed new rules to standardize and enhance disclosures regarding cybersecurity risk management, strategy, governance, and material cybersecurity incidents for publicly traded companies. Cybersecurity threats have become an escalating risk for businesses, investors, and market participants due to the rapid evolution of technology and the monetization of cyber incidents by criminals. The new rules aim to provide consistent, comparable, and decision-useful disclosures to enable investors to assess the potential impact of cybersecurity risks on companies.

Requirements of the New Rules:

The newly adopted rules introduce a brand-new Form 8-K Item 1.05, obliging companies to disclose any cybersecurity incident deemed “material” for shareholders. The disclosure must include a description of the nature, scope, and timing of the incident. It should also include its material impact, or reasonably likely material impact, on the company’s financial condition and results of operations. To clarify, the clock for the four-day disclosure window only starts ticking after the company determines the materiality of the incident.

Additionally, companies will be required to comply with a new Regulation S-K Item 106, which necessitates the description of their processes for assessing, identifying, and managing material risks from cybersecurity threats. The rule also mandates the disclosure of the board of directors’ oversight of cybersecurity risks and management’s role and expertise in handling such threats.

Timelines and Important Dates:

After adopting the release of the final rules in the Federal Register, they will take effect after 30 days. Starting from December 15, 2023, all registrants must include the specified disclosures in their annual reports for fiscal years ending on or after this date. Regarding the incident disclosure requirements in Form 8-K Item 1.05 and Form 6-K, all registrants, except smaller reporting companies, must comply within 90 days after the Federal Register publication date or by December 18, 2023, whichever is later. However, smaller reporting companies have an additional 180 days, and their compliance must begin 270 days from the effective date of the rules or June 15, 2024. For structured data requirements, all registrants should tag the necessary disclosures under the final rules in Inline XBRL starting one year after they have initially complied with the related disclosure requirement.

Preparation for Compliance and Preventative Measures:

Preparing for compliance with the new SEC rules will be a challenge for organizations, but there are essential steps that can be taken to prepare for the new requirements and reduce the risk of a breach:

  • Establish a Methodology for Determining Materiality: Organizations need to develop a robust methodology for assessing and determining the materiality of cybersecurity incidents. This methodology should consider the potential impact on the company’s operations, financial condition, and investor decisions.
  • Implement a process and template for creating 8-Ks: Include templates for various types of breaches and attacks to ensure your organization meets the deadline to report them.
  • Employ Managed SIEM for Logging and Alerting: A Managed Security Information and Event Management (SIEM) solution can help organizations monitor and analyze security events, enabling faster detection and response to potential threats.
  • Implement Multi-Factor Authentication (MFA) and Strong Password Policies: Enforcing MFA and strong password policies adds an extra layer of security to protect against unauthorized access to sensitive data and systems.
  • Implement Incident Response Plans: Having a well-documented and tested incident response plan is crucial to responding promptly and effectively to cyber incidents. This plan should outline the necessary steps to investigate, contain, and mitigate the effects of a breach.
  • Conduct Annual Internal and External Penetration Testing: Regular penetration testing helps identify vulnerabilities in the company’s systems and applications, allowing for proactive remediation before attackers can exploit them.
  • Conduct Ongoing Vulnerability Scanning: Continuous vulnerability scanning is essential to detect and address potential weaknesses in real-time, reducing the risk of successful attacks.

The SEC’s new cybersecurity incident disclosure rules represent a critical step in promoting transparency and accountability among publicly traded companies. By complying with these rules, organizations can better inform investors about the material impact of cybersecurity risks and incidents, thereby enhancing investor confidence. To prepare for compliance and mitigate cyber risks, companies should focus on establishing methodologies for determining materiality, implementing robust incident response plans, and conducting regular penetration testing and vulnerability scanning. Employing managed SIEM services can further bolster their cyber defenses and ensure timely detection of potential threats. Ultimately, the combination of compliance and preventative measures will help fortify businesses against the ever-evolving cyber threat landscape.