Disability nonprofit Easterseals filed a breach notification with regulators after the Rhysida ransomware group attempted to extort $1.3 million from the organization this week.
Easterseals, which provides support to disabled children, seniors, military veterans and others, stated that on April 1 its Peoria-based Central Illinois location “experienced a network disruption that impacted the functionality and access of certain systems.”
The investigation determined that the bad actor accessed certain files from Easterseals’ network, some of which includes personal information of almost 15,000 individuals, such as:
- Full names
- Addresses
- Driver’s licenses
- SSNs
- Medical information
- Passports
The nonprofit serves more than 1.5 million people across the country and provides additional services to 100,000 physicians. Easterseals says that more than 80% of its fundraising is spent directly on care for the disabled.
Stephen Gates, Principal Security SME, Horizon3.ai had this to say:
“Nonprofits are no longer immune to cyberattacks, despite their humanitarian missions. Attackers likely target them for three main reasons: their vast stores of confidential donor data, often weak security postures, and constrained IT budgets. These organizations face the growing challenge of doing more with less.
“Now is the time for non-profits to conduct thorough assessments of their networks, identifying blind spots beyond just known vulnerabilities. Easily compromised credentials, exposed data, misconfigurations, weak security controls, and inadequate policies are significant threats. The cost of traditional, human-led risk assessments can be prohibitive, but autonomous solutions are now available to deliver affordable, efficient assessments that anyone can use.”
This of course isn’t good. But it does illustrate that any sector is a target from threat actors like these. Thus every group needs to do what they need to do to keep threat actors out, and by extension not become the next headline.
Related
This entry was posted on October 24, 2024 at 3:24 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Easterseals Pwned By Ransomware Group
Disability nonprofit Easterseals filed a breach notification with regulators after the Rhysida ransomware group attempted to extort $1.3 million from the organization this week.
Easterseals, which provides support to disabled children, seniors, military veterans and others, stated that on April 1 its Peoria-based Central Illinois location “experienced a network disruption that impacted the functionality and access of certain systems.”
The investigation determined that the bad actor accessed certain files from Easterseals’ network, some of which includes personal information of almost 15,000 individuals, such as:
The nonprofit serves more than 1.5 million people across the country and provides additional services to 100,000 physicians. Easterseals says that more than 80% of its fundraising is spent directly on care for the disabled.
Stephen Gates, Principal Security SME, Horizon3.ai had this to say:
“Nonprofits are no longer immune to cyberattacks, despite their humanitarian missions. Attackers likely target them for three main reasons: their vast stores of confidential donor data, often weak security postures, and constrained IT budgets. These organizations face the growing challenge of doing more with less.
“Now is the time for non-profits to conduct thorough assessments of their networks, identifying blind spots beyond just known vulnerabilities. Easily compromised credentials, exposed data, misconfigurations, weak security controls, and inadequate policies are significant threats. The cost of traditional, human-led risk assessments can be prohibitive, but autonomous solutions are now available to deliver affordable, efficient assessments that anyone can use.”
This of course isn’t good. But it does illustrate that any sector is a target from threat actors like these. Thus every group needs to do what they need to do to keep threat actors out, and by extension not become the next headline.
Share this:
Like this:
Related
This entry was posted on October 24, 2024 at 3:24 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.