Cybersecurity / Data breaches

Third-party involvement in cyberattacks has doubled to 30% of breaches, indicating that cybercriminals are increasingly exploiting vulnerabilities in partners and suppliers to gain access to target organizations. This trend underscores the need for businesses to enhance their cybersecurity measures by closely monitoring and securing their supply chains.

Third-party attacks often occur when cybercriminals exploit vulnerabilities in a partner or supplier's systems to gain unauthorized access to a target organization. To mitigate these risks, organizations should implement robust access controls, conduct regular security audits of their partners, and adopt a zero-trust framework to limit potential damage from compromised third-party connections.

Per-member payouts depend on class size and settlement terms, ranging from $0.50 to $12.65 per claimant. Smaller class sizes typically yield higher individual payouts, while attorney fees (often ~30% of settlements) and security improvement costs reduce available funds.

Settlements often require companies to implement enhanced cybersecurity measures, such as real-time monitoring systems and multi-year security audits, alongside identity protection services for affected individuals.

In 2024, at least 35.5% of all data breaches stemmed from third-party compromises, a 6.5% increase from 2023. However, the actual figure is likely higher due to underreporting of third-party involvement in breach disclosures.

Cybercriminals are diversifying targets beyond technology vendors to include professional service providers like law firms and accountants, while supply chain attacks have surged by over 2,600% since 2018. This reflects systemic vulnerabilities in interconnected business ecosystems.

The data breach involved the theft of personal information, including names, addresses, and Social Security numbers, associated with clients' end-users. The breach did not result in any public disclosure of the stolen data as of now.

Conduent is continuing its investigation into the breach, focusing on determining the full impact and notifying affected clients as necessary. The company has engaged cybersecurity experts to assess the nature and scope of the stolen data. Despite the breach, operations were quickly restored, and there is no evidence that the stolen data has been leaked on the dark web.

The data breach exposed various types of personal information, including full names, contact details, ID numbers, banking information, driver’s license numbers, and in some cases, medical records related to account closures following deaths[2][3].

Affected individuals can apply for Protective Registration with the South African Fraud Prevention Services (SAFPS) to alert credit providers to take extra care when verifying their identity. They should also remain vigilant against phishing attempts, monitor financial accounts regularly, and avoid disclosing personal information unless there is a legitimate reason to do so[1][2].

A zero-trust approach enhances third-party risk management by implementing stringent access controls, network segmentation, real-time monitoring, and continuous authentication. This ensures that third-party entities have only the necessary access to resources, minimizing the attack surface and potential damage from breaches.

Key components of a zero-trust strategy for third-party access include vendor privileged access management (VPAM), comprehensive audits, multi-factor authentication, and continuous monitoring. These components ensure that third-party vendors are granted only the necessary access and are continuously verified to maintain security.

Proactive data monitoring offers several key benefits, including early issue detection, reduced downtime, enhanced security, and cost savings. By identifying potential issues early, companies can prevent major problems, minimize system downtime, and ensure business continuity. This approach also helps in optimizing IT resources and improving customer satisfaction[1][2][3].

Proactive monitoring enhances security by continuously surveilling network traffic and system vulnerabilities, allowing IT teams to detect and respond to threats quickly. This approach aids in compliance with regulatory standards and helps prevent data breaches by identifying potential security risks before they can be exploited[3][4].

Rhysida is a ransomware-as-a-service group that emerged in mid-2023. It operates by stealing sensitive data from organizations, including healthcare providers, and then threatening to sell or leak this data unless a ransom is paid. Rhysida primarily targets organizations in various sectors, including healthcare, education, and government[1][2][3].

Rhysida typically steals sensitive personal and medical data, including Social Security numbers, addresses, phone numbers, credit card numbers, and patient medical files. This data can be sold on the dark web or used for extortion[1][2].

Healthcare organizations are vulnerable due to the sensitive nature of their data and the criticality of their systems. They often have limited resources for cybersecurity and may be more inclined to pay ransoms to avoid disruptions to life-saving services[5].

Healthcare data breaches often involve sensitive personal and medical information, including names, addresses, dates of birth, Social Security numbers, medical test results, diagnoses, treatment information, and health insurance details[1][4].

Healthcare data breaches are often more severe due to the sensitive nature of the data involved and the high cost associated with these breaches. In 2024, the average cost of a healthcare data breach was $9.77 million, making healthcare the sector with the most expensive data breaches for the 14th consecutive year[1][5].

Common methods include hacking/IT incidents, which are the most prevalent, followed by unauthorized internal disclosures. Ransomware attacks, including those using double extortion tactics, are also increasingly common[4][1].