Friday, the Centers for Medicare & Medicaid Services (CMS) and the Wisconsin Physicians Service Insurance Corporation (WPS) said sensitive information belonging to 946,801 Wisconsin residents was breached during last year’s MOVEit cybercriminal campaign.
“Acting on new information,” in May 2024 WPS conducted another investigation with an unnamed cybersecurity company, and they confirmed that before WPS had applied the patch hackers copied files from their system between May 27 and May 31, 2023.
Evan Dornbush, former NSA cybersecurity expert had this to say:
“The MOVEit breach underscores a stark reality – zero-day vulnerabilities remain a formidable threat even for organizations with robust patch management practices. While timely patching is essential, sole reliance on it can be perilous. Organizations must adopt a defense-in-depth strategy, including advanced network threat detection capabilities, to mitigate risks posed by elusive zero-day vulnerabilities.
“The rapid exploitation of zero-days such as MOVEit highlights urgent need for coordinated efforts to disrupt the underground market for such exploits. Organizations should consider investing in threat intelligence services to stay informed about emerging threats and proactively adjust their security posture accordingly.”
And I thought that the whole MOVEit thing was over as I assumed that companies and organizations had either moved off the MOVEit platform or have patched all the things. Cleary it isn’t the case. Thus I would not be surprised if there’s more stories like this to come.
Like this:
Like Loading...
Related
This entry was posted on September 10, 2024 at 8:12 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
1 Million Medicare Users Notified Of MOVEit Breach After 2nd Investigation
Friday, the Centers for Medicare & Medicaid Services (CMS) and the Wisconsin Physicians Service Insurance Corporation (WPS) said sensitive information belonging to 946,801 Wisconsin residents was breached during last year’s MOVEit cybercriminal campaign.
“Acting on new information,” in May 2024 WPS conducted another investigation with an unnamed cybersecurity company, and they confirmed that before WPS had applied the patch hackers copied files from their system between May 27 and May 31, 2023.
Evan Dornbush, former NSA cybersecurity expert had this to say:
“The MOVEit breach underscores a stark reality – zero-day vulnerabilities remain a formidable threat even for organizations with robust patch management practices. While timely patching is essential, sole reliance on it can be perilous. Organizations must adopt a defense-in-depth strategy, including advanced network threat detection capabilities, to mitigate risks posed by elusive zero-day vulnerabilities.
“The rapid exploitation of zero-days such as MOVEit highlights urgent need for coordinated efforts to disrupt the underground market for such exploits. Organizations should consider investing in threat intelligence services to stay informed about emerging threats and proactively adjust their security posture accordingly.”
And I thought that the whole MOVEit thing was over as I assumed that companies and organizations had either moved off the MOVEit platform or have patched all the things. Cleary it isn’t the case. Thus I would not be surprised if there’s more stories like this to come.
Share this:
Like this:
Related
This entry was posted on September 10, 2024 at 8:12 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.