Cyber attacks and data breaches in review: August 2021

In August, we found 84 publicly disclosed cyber attacks and data breaches, which accounted for almost 61 million breached records.

You can find the full list of incidents on our sister site, but, as always, we delve into some of the notable breaches affecting European organisations here.

This month’s list includes a politically motivated attack on the Belarusian government and bad news for organisations in Ireland.

Hackers release data from Belarusian government in protest of Lukashenko regime

Last month, a criminal hacking group compromised dozens of Belarusian police and interior ministry databases as part of a campaign to overthrow President Alexander Lukashenko.

The Belarusian Cyber Partisans have released data from alleged police informants, personal information about top government officials and spies, and video footage gathered from police drones and detection centres, as well as secret recordings of phone calls from a government wiretapping system.

Additionally, the breached data includes mortality statistics that indicate that thousands more people in Belarus died from COVID-19 than the government has publicly acknowledged.

The attackers also claim to have compromised physical security measures, stating in an interview and on social media that they sabotaged more than 240 surveillance cameras.

Experts have warned that this attack could have significant knock-on effects. Indeed, the attackers said their aim was to remove President Lukashenko from power, and this move could encourage international agencies to investigate his actions and potentially prosecute him.

The Belarusian digital security expert Nikolai Kvantaliani said that the incident shows “that officials knew they were targeting innocent people and used extra force with no reason.”

As such, “more people are starting to not believe in [state media] propaganda”, which suppressed images of police violence during anti-government demonstrations last year.

Meanwhile, Tanya Lokot, an associate professor at Dublin City University who specialises in protest and digital rights issues in Eastern Europe, said: “If ever Lukashenko ends up facing prosecution in the International Criminal Court […] these records are going to be incredibly important.”

Irish hospitals continue to expose medical records in public places

Letterkenny University Hospital was responsible for two separate incidents in which patients’ medical data has been leaked, according to new data.

Both cases involved physical records being found in public places – in the first instance in a pub and in the second a carpark.

The breaches were among 123 incidents recorded by Ireland’s HSE (Health Service Executive) in the western region last year, according to documents released under the Freedom of Information Act.

There were another 47 reported breached in the first four months of 2021, which represents a continued upward trajectory in incidents during the COVID-19 pandemic – although it’s not clear to what extent lockdowns and other changes have played a part.

However, we wouldn’t be surprised if the pandemic was a contributing factor, given the stress and additional workload put on healthcare staff – not to mention the sudden implementation of new procedures.

The report notes a couple of examples where that was the case, with one involving a COVID-19 sample bag going missing and another in which the results of a COVID-19 test were sent to the wrong person.

A spokesperson for Saolta University Health Care Group noted: “The HSE takes all breaches of data protection seriously and all such cases are fully investigated to establish how they occurred.”

They added: “After we investigate breaches of data protection, we put preventative measures in place to reduce the risk of such breaches happening again. We manage all breaches of data protection in line with data protection legislation and HSE policy.”

Ireland has the sixth worst cyber security measures in Europe

Given Irish hospitals’ struggles to protect sensitive medical records, it isn’t a surprise to learn that the country is the sixth least cyber secure nation in Europe, according to a new study.

The study, conducted by researchers at ESAT, ranked countries based on factors including their commitment to cyber security, their cyber security legislation and a three-year overview of data breaches.

It found that 15% of people in Ireland had had their social media or email accounts hacked, 10% were victims of online banking or bank card fraud, and 6% were victims of identity theft.

Additionally, 21% of organisations based in Ireland said they had discovered malware on their systems in the past three years.

Ireland also ranked among the worst in Europe for its commitment to cyber security, which was measured by the International Telecommunication Union.

And although Ireland boasts strong cyber security legislation, thanks to the GDPR (General Data Protection Regulation), this is something it has in common with other EU member states.

Commenting on the report, ESAT Cybersecurity Specialist Jake Moore noted that countries across Europe must strengthen their data protection practices.

“A truly holistic approach to cybersecurity requires a breadth of knowledge about potential approaches, including how and when they work best.

“Ultimately, cybersecurity works best when we work together, whether that’s between individual people or entire countries.”

Do you have a plan for disaster?

If you find yourself facing a cyber security disaster, IT Governance is here to help.

Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.