The IT Nerd

Over the weekend, Heathrow was among a number of airports hit by a cyber-attack. You can get details here:

https://www.msn.com/en-gb/travel/news/heathrow-and-major-european-airports-suffer-fourth-day-of-disruption-after-cyber-attack/ar-AA1N2MN7?ocid=BingNewsSerp

Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4 had this to say:

“More information has come to light: Dublin airports have also been affected, and a ransomware demand was made. This does not mean the motivation could not also have been sabotage, but one motivation is now clear: extortion.

We still need more information to actually understand the true impact and ramification of the attack.

The EU is still investigating the attack while the impact is widespread. We should not expect the EU to determine the source as early. That is because there is still a lack of clarity since authorities and corporations have confusing messaging. The NCSC is investigating a cyber incident. Collins Aerospace is talking about a cyber-related disruption. We require more transparency before we can make meaningful conclusions as to who is behind this and what their benefits are.

Organizations must ready themselves, as the incident highlights the urgency of protecting organizations and enforcing supply chain security. NIS2 and other regulations are more important than ever.”

Javvad Malik, Lead Security Awareness Advocate at KnowBe4 follows with this: 

“Air travel depends on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls, and staff forced into manual workarounds. 

It’s why it’s important to build in graceful failure by assuming the primary system will go down and rehearsing manual operations, offline boarding, and accessible contingencies, with cross‑trained staff and basic tools ready. 

Reduce single points of failure by diversifying providers where feasible, segmenting tenants, and ring‑fencing critical functions so one vendor outage doesn’t halt everyone. Above all, communicate clearly and often, prioritize vulnerable passengers, and empower frontline teams to make humane decisions.”

This is brutal for travellers. And unless governments and airport authorities do everything possible to beef up their defences from this sort of thing, the possibility exists that this scenario will repeat itself.

Car maker Stellantis has disclosed that a third-party provider supporting its North American customer service operations suffered unauthorized access. The incident exposed basic contact details but not financial or highly sensitive personal data. Stellantis has activated incident response, notified authorities, and is warning customers of phishing risks. 

You can read their press release here: https://media.stellantisnorthamerica.com/newsrelease.do?id=27079&mid=1

Javvad Malik, Lead CISO Advisor at KnowBe4, commented:

“The common thread in most of these recent attacks across various industries is the fact that supply chains are often compromised to gain access to systems. Criminals often target a smaller partner with weaker defenses with social engineering being a common tactic. This includes convincing emails, messages, or calls, which can be powered by AI and deepfake technology to trick people into sharing access or approving actions they shouldn’t. 

The approach to be taken is full human risk management which includes the use of technology and clear training, simple processes, and easy ways for people to ask for help so they can make safer choices in the moment. Incident response must cover more than the technical fix. It includes the need to communicate quickly and clearly with customers and stakeholders about what happened, what it means for them, and exactly what steps they should take.”

Anders Askasen, Director of Product, Radiant Logic follows with this:

     “Cyber incidents tied to third-party providers is unfortunately one of the blind spots that could cause CISOs to be sleepless at night and it also highlights the importance that identity security doesn’t stop at the enterprise perimeter. Attackers can weaponize leaked and compromised identity data for phishing and social engineering attacks that open the door to larger breaches. The automotive industry has a norm of a sprawling ecosystem of suppliers and contractors and not having the unified visibility and control creates systemic exposure.

Global initiatives such as the EU’s NIS2 Directive puts a sharp focus on third-party and supply chain risk, making continuous monitoring of identity security posture a compliance requirement. Meeting this standard demands a data-centric approach that unifies identity intelligence across suppliers and contractors, giving enterprises the observability to detect, contain, and minimize risk. Organizations that apply the same rigor to third-party identities as they do internal ones will be far better prepared to withstand inevitable attacks.”

This is the second carmaker to get pwned as Jaguar/Land Rover has been down for weeks due to a cyberattack. Proving that cyberattacks have far reaching and expensive consequences.

Comparitech reported today that Goshen Medical Center, Inc. has started notifying 456,385 people of a data breach following a cyber attack that started in February 2025. Ransomware gang BianLian claimed the attack in late March.

Commenting on this is Rebecca Moody, Head of Data Research at Comparitech: 

“This week has seen three of the six largest data breaches (via ransomware) on US healthcare companies this year. This attack on Goshen Medical Center becomes the third largest, while Medical Associates of Brevard, LLC takes fourth place (notifying nearly 247,000 of a January 2025 breach via BianLian) and New York Blood Center Enterprises takes sixth place (nearly 194,000 affected in a January 2025 attack via unknown hackers).”

“All three of these attacks highlight two key things. First, they demonstrate how the healthcare sector remains a dominant target for ransomware gangs because of the amount of sensitive data up for grabs. Second, they serve as a reminder that it’s often months before we find out about the extent of these attacks.”

“So, while ransomware attacks on the US healthcare sector may seem lower than last year (we’ve noted 61 confirmed attacks and 6.1 million breached records so far this year, compared to 174 attacks and 28.6 million breached records in total last year), we shouldn’t focus too much on these as of yet. It’s highly likely we’ll see a number of other major breaches coming through in the coming months. For example, we still don’t know how many were impacted in the attack on Kettering Health and out of 

Two things jump out at me. First BianLian is quite busy with a growing list of victims. Second health care is yet again a victim of a cyberattack. Clearly there’s no end to the madness which is bad news for all of us.

Comparitech reported today that New York Blood Center Enterprises this week confirmed it notified 193,822 people of a January 2025 data breach that leaked names, SSNs, ID numbers, bank account info, health info, and test results. The attack was first reported back in January.

Commenting on this is Rebecca Moody, Head of Data Research at Comparitech: 

“This attack becomes the 89th confirmed attack on a healthcare company (worldwide) this year so far. Across these attacks, nearly 6.7 million records are known to have been breached with this attack on NYBCe becoming the sixth largest based on records affected.”

“To date, no gangs have claimed the attack on NYBCe, and, with the attack happening back in January 2025, it’s unlikely we’ll see a claim from a gang now. This could mean that ransom negotiations were successful but NYBCe hasn’t confirmed this. Across the 89 confirmed attacks we’ve noted for this year, the average ransom demand has been just under $627,000.”

Once again the healthcare sector is ground zero for getting attacked by threat actors. I don’t know how much clearer it will have to become before something is done to put this sector on better footing.