Several large organizations have fallen victim to cyberattacks. Compromised email accounts were noticed at the International Monetary Fund (IMF). The South Scottish branch of the English NHS is also reporting an ongoing cyberattack. Meanwhile, it has now been revealed that Ireland's Covid vaccination portal was configured insecurely and allowed unauthorized data access.
Advertisement
At the weekend, the International Monetary Fund announced that the organization discovered in mid-February that there had been a cyber incident. During the investigation that was then initiated with the help of IT security experts, the cause was determined and countermeasures were implemented. The analysis revealed that eleven email accounts were compromised and were able to be secured again. There are currently no indications of further compromises beyond the email accounts. However, the investigations are still ongoing.
Cyber incident: Once again in the NHS
In the middle of last year, an NHS trust, Barts Health NHS Trust, fell victim to a cyber attack. Over the weekend, NHS Dumfries and Galloway announced that it was the target of a targeted and ongoing cyberattack. The organization responded immediately and worked in accordance with established protocols with partner agencies such as Police Scotland, the National Cyber Security Center and the Scottish Government.
The authority said this could result in the interruption of services. During the break-ins into the IT systems, the attackers may have obtained significant amounts of data. Investigations continued to find out what data was accessible. There is reason to believe that this also includes data that concerns patients and employees.
Irish vaccination register: data leak due to insecure configuration
Towards the end of last week it was also revealed that the Irish Covid vaccination portal allowed unauthorized access to data. The underlying vulnerability was discovered back in December 2021 by Aaron Costello and closed in mid-the following January by the Health Service Executive (HSE), which provides services to the Irish healthcare sector. Due to misconfigurations in the Salesforce Health Cloud used for the vaccination portal, users were given access rights that were too extensive. This allowed them to view personal information, including the health status of other registered people. Access to internal HSE documents was also possible. A coordinated, timely release failed, but Costello didn't want to completely dismiss the incident.
There have been several IT attacks on well-known organizations and companies reported in the past week. Many millions of French people are affected by an attack at the French employment office.
(dmk)