News and Events 
Keeper Security has once again earned the coveted title of “Test Winner” in a recent comparison of top password managers conducted by CHIP Magazine, a leading
4 min read
Published on August 09, 2024
2024 has been quite the year for malware attacks. So far this year, major companies like Change Healthcare, Ticketmaster, Ascension Hospital, ABN AMRO and CDK Global have all been affected by malware attacks.
Keep reading to learn more about each of these major malware attacks and how your company can protect itself from malware attacks.
Change Healthcare
On February 21, 2024, a Russian cybercriminal group called BlackCat removed over six terabytes of data during a malware attack on Change Healthcare. For those unfamiliar with Change Healthcare, it is one of the biggest payment processing companies in the healthcare industry worldwide. This malware attack caused an extensive amount of American medical claims to get backlogged, leaving medical offices, pharmacies and hospitals with significant financial problems and patients unable to access medical care. Change Healthcare is a subsidiary of UnitedHealth Group, and as a result of the malware attack, UnitedHealth Group paid a $22 million ransom. Following this cyber attack, Change Healthcare announced that sensitive patient data was compromised, including medical diagnoses and test results.
Based on a hearing after this malware attack, it was found that one of the reasons why Change Healthcare’s data was exposed is that UnitedHealth Group did not enable Multi-Factor Authentication (MFA) on one of Change Healthcare servers. Change Healthcare believes approximately 33% of Americans had sensitive medical data leaked on the dark web due to the malware attack. Change Healthcare advises anyone affected by this malware attack to visit their support page or call (866) 262-5342 for more information.
Ticketmaster
One of the most talked-about malware attacks occurred on April 2, 2024, to Ticketmaster, a ticket sales company for concerts, sporting games and other events. A hacking group called ShinyHunters took responsibility for taking the data of over 500 million Ticketmaster customers, including phone numbers, email addresses, credit card numbers and tickets to events. ShinyHunters asked for $500,000 as a ransom payment instead of selling the data on the dark web. Even though customer passwords were not reported to be part of the data breach, many Ticketmaster customers took action and changed their passwords to better protect their Ticketmaster accounts.
Ticketmaster’s parent company, Live Nation, launched an investigation and found unauthorized activity within one of their third-party cloud databases. Ticketmaster notified customers who were affected by the malware attack and advised them to monitor activity on bank accounts – even offering customers a free 12-month credit for an identity monitoring service.
Ascension Hospital
Unusual activity was detected on Ascension’s networks on May 8, 2024, due to a ransomware attack. Black Basta, a cybercriminal group, was involved in this attack on the Catholic health system with almost 150 hospitals in over 10 states. As a result, doctors, nurses and healthcare providers were locked out of medical systems that keep track of appointments, health records, medical prescriptions, procedures and more. This malware attack compromised private patient data, and many clinicians nationwide experienced lost lab results, errors in medication dosage and inability to take in emergency cases for over a month. Medical professionals were forced to use Google Docs and text threads to track medication and document important updates about patients. By June 14, 2024, Ascension announced that it had restored access to its Electronic Health Records (EHRs), but patient data would be temporarily unavailable until the company’s portals were updated with correct information.
ABN AMRO
On May 29, 2024, ABN AMRO, one of the largest Dutch banks, suffered a data breach after its third-party service provider, AddComm, was the victim of a ransomware attack. In this attack, unauthorized users accessed the data of many ABN AMRO clients, even though the bank’s systems were not directly affected. There has been no confirmation about what kinds of data were sold on the dark web, as experts are still investigating this cybercrime.
ABN AMRO has been contacting clients whose data was affected by the AddComm ransomware attack, even though there hasn’t been any evidence that unauthorized users have used ABN AMRO’s clients’ data. Although it is not confirmed if all of its customers were affected, ABN AMRO has over five million clients in retail, corporate and banking sectors who could have been victims of this data breach. ABN AMRO has stopped using AddComm’s services as a result of this attack.
CDK Global
North American car dealerships were impacted by a major malware attack on CDK Global on June 18, 2024. CDK Global provides software to thousands of car dealerships in North America that allows dealerships to manage their sales, finances, inventory and more. Over 10,000 car dealerships in the United States were targeted by BlackSuit, a cybercriminal group that stole customers’ private information. The kinds of information stolen in this attack included Social Security numbers, bank account numbers, home addresses, credit card information and phone numbers.
As a result of this attack, many dealerships were left to struggle without their digital systems, even reverting back to using pen and paper to conduct business operations. One week after the initial attack, CDK Global told its clients that it would be shutting down temporarily while it recovered from the malware attack. It began restoring car dealerships’ systems in phases at the start of July.
Protect your company from malware attacks
Although malware attacks can seem random, there are several ways you can keep your company safe from falling victim to them:
u003c!u002du002d wp:list u002du002du003ernu003cul class=u0022wp-block-listu0022u003eu003c!u002du002d wp:list-item u002du002du003ern tu003cliu003eUse u003ca href=u0022https://www.keepersecurity.com/resources/glossary/what-is-zero-trust/u0022u003ezero-trustu003c/au003e security and u003ca href=u0022https://www.keepersecurity.com/resources/zero-knowledge-for-ultimate-password-security.htmlu0022u003ezero-knowledge encryptionu003c/au003e to protect customer datau003c/liu003ern tu003cliu003eEnforce u003ca href=u0022https://www.keepersecurity.com/resources/glossary/what-is-role-based-access-control/u0022u003eRole-Based Access Controlsu003c/au003e (RBAC) to limit your employees’ amount of accessu003c/liu003ern tu003cliu003eEducate employees about signs of u003ca href=u0022https://www.keepersecurity.com/blog/2024/07/02/types-of-social-engineering-attacks/u0022u003esocial engineeringu003c/au003e scamsu003c/liu003ern tu003cliu003eSecure employees’ u003ca href=u0022https://www.keepersecurity.com/blog/2023/08/31/what-makes-a-strong-password/u0022u003epasswordsu003c/au003e with a business password manager and require them to use MFAu003c/liu003ern tu003cliu003eInvest in u003ca href=u0022https://www.keepersecurity.com/blog/2020/10/26/what-you-need-to-know-about-dark-web-monitoring/u0022u003edark web monitoringu003c/au003e, which will notify you immediately if an employee’s login credentials are found on the dark webu003c/liu003ernu003c!u002du002d /wp:list-item u002du002du003eu003c/ulu003ernu003c!u002du002d /wp:list u002du002du003e
You can ensure the safety of your employees and company by relying on Keeper®. Start your free 14-day trial of Keeper Business today to help your employees create strong passwords and store them in secure, digital vaults.
