People and businesses are losing their life savings and critical information to hackers and other malicious actors. Accessing unsafe web pages, opening suspicious mail, and sharing password lists are among 2022’s leading causes of cyber insecurities.

This article samples five massive attacks we’ve seen in 2022 and lessons on how to avoid these attacks from those who have been affected.

1. Cash App Investing

Around April 2022, 8 million customers’ confidential information, like full names, portfolio values, and brokerage account numbers were accessed, downloaded, and compromised by a former employee at Cash App. This security incident shows why only authorized employees should have access to customer data.

Organizations must revoke access from ex-employees and routinely update their systems. Other measures to avert such an issue include the use of multi-factor authentication.

2. Shields Health Care Group

Massachusetts-based Shields Health Care Group provides surgical center management and medical imaging services throughout New England. The health information of up to 2 million individuals was compromised in March 2022. Names, Social Security numbers, birth dates, home addresses, provider information, diagnosis, billing information, insurance numbers, and other medical treatment information was accessed.

Automating network security processes can help to ensure that they are executed consistently and predictably. Keeping the network security posture current and compliant with policy through automated tasks may also help prevent some attacks.

3. Baptist Medical Center

Between March 3 and April 24 an unauthorized actor infected the hospital network with malicious code and was able to remove some data from the network. The information involved included the names, Social Security numbers, health insurance information, and medical record numbers of 1.2 million patients. Tenet Healthcare and affiliate Baptist Health System are now facing a healthcare data breach lawsuit for failing to implement proper technical safeguards to prevent a security incident.

If anyone who isn’t authorized to access this information gains access to it, there’s an incalculable amount of damage that can be done. Now is the time to re-evaluate cybersecurity policies and implement strong encryption and security practices to protect your business and your clients from bad actors.

4. Government of Costa Rica

An international group of hackers used malware to invade the ministry of finance and the social security fund in the government of Costa Rica. The healthcare system along with the export and import sectors lost millions of dollars. The attack occurred in April/May 2022, resulting in a national emergency declaration.

This cyber attack was unique as it was reportedly carried out by an international hacking group wanted by law enforcement from around the globe. It stands out as an example of how far-reaching and infiltrative cyber attacks can be.

5. Bernalillo County, New Mexico

In Bernalillo County, in January 2022, the computer systems in the government offices and the websites of several county departments were taken offline by a ransomware attack. The attack impacted the 675,000 residents in Bernalillo County, including those living in New Mexico’s most populous city, Albuquerque. Inability to register voters, grant marriage licenses, or approve the transfer of deeds were among the services affected. Inmates were confined to their cells because of camera and security outages.

With a wide, flat network, if a hacker can gain access to one part of the network, then they have access to everything. If it’s a government system, they can shut down a whole county, town, or city. Good segmentation is important.

Need for Pro-Active Awareness Programs & Preventive Measures

Cyber breaches continue to grow in frequency and severity. Recent cyber attack trends have taught us a few valuable lessons. For one, strong backup systems, education, continual system updates, automation, and segmentation are necessary cyber security optimization measures.

And, while effectively responding to these types of attacks is important, preventing them should be the real goal.

About OIT

OIT is a leading IT provider and Modern Office Methods company. Services include Managed IT, Managed Cybersecurity, Microsoft Office 365 Services, Cloud Services, IT Consulting and IT Projects.