Everything is bigger in Texas – including data breaches
This week, Texas Tech University Health Sciences Center started notifying 1.5 million people of a data breach following a ransomware attack (claimed by Interlock) in September 2024. Worldwide, this is by far the biggest breach we've seen on an educational institute this year (only 1.78 million records have been affected in total).
Also, if we compare it to the largest breaches in the healthcare sector (due to the breach impacting patient data), it's the eighth-largest attack this year to date. Or, if we want to go really big… it’s the 13th-largest breach via ransomware across all sectors this year.
There’s another new gang (with an unoriginal name) in town
This week saw the arrival of yet another new ransomware gang. Adhering to the saying, “If it looks like a duck and quacks like a duck, it probably is a duck…”, this gang has dubbed itself LeakedData.
And LeakedData does exactly what it says on the tin. It’s claimed 31 victims so far and looks set to release another 10 or so in the coming days.
Of the victims claimed so far, there are:
⚖️ 11 legal firms
💰 13 finance firms
🇺🇸 28 US companies
Hospital downtime
Yesterday, we released our annual report on ransomware attacks on US healthcare organizations. Our key findings from 2018 to present are:
- 654 individual ransomware attacks with a particular surge in 2023 (143)
- 89 million individual records were breached across these attacks. 2023 also took the crown with over 26.2 million breached that year alone
- An average day of downtime costs each healthcare organization around $1.9 million
- We estimate the total cost of these ransomware attacks is around $21.9 billion in downtime alone
- Average downtime is 17 days
- Average ransom demand is $1.18 million
Better security should be everyone’s New Year’s Resolution
We’ll be taking a break for the holidays, and hopefully, you are, as well! The Zero-Day newsletter will be back in action the first week of January, but unfortunately, it seems like cybercriminals don’t really honor the holiday season.
If you’re an IT leader, here’s our holiday gift to you: Our guide on How to Negotiate IT Software Prices with an RFP (Request for Pricing). You’re likely going to be investigating new cybersecurity tools in the new year, so we recommend getting started on the right foot by saving money. Vendors hate RFPs, but we love them for the simple fact that it forces them to be competitive in their pricing.
If you’re just getting you feet wet in IT and cybersecurity, check out our list of cybersecurity courses and our CISSP certification study guide and cheat sheets.
We’d say “Looking forward to a better cybersec landscape in 2025!” but we’re being realistic. Ransomware gangs seem to getting bigger, bolder, and more creative by the day. Instead, we’ll say this: Keep your eyes open and your networks shut.
See you next year! Let’s keep that zero-day count at zero!