Recent cybersecurity breaches have shaken major corporations across various sectors, raising concerns about data security. Pharmaceutical giant Cencora joins the ranks of targeted companies, disclosing a significant data breach involving the theft of corporate IT systems. Lurie Children's Hospital in Chicago faces operational disruptions following a ransomware attack orchestrated by the Rhysida gang. Additionally, U-Haul grapples with the aftermath of a cyber intrusion.

Cybersecurity News Roundup for March 1, 2024

Here are the details regarding the latest cybersecurity news:

U-Haul, a prominent American moving equipment and storage rental company, has recently revealed a cybersecurity breach, affecting its internal system utilized by dealers and team members for managing customer reservations. 

In a statement, U-Haul said: 

While no payment data was compromised, the breach exposed personal information such as full names, dates of birth, and driver's license numbers. U-Haul promptly reset passwords for affected accounts and reinforced security measures to forestall future breaches.

Affected customers, numbering approximately 67,000 across the United States and Canada, are being notified and offered a one-year identity theft protection service. Despite efforts to mitigate the impact, U-Haul's website remains offline, and inquiries for further details have yet to receive a response.

This incident follows a previous breach in 2022, emphasizing the ongoing challenges companies face in safeguarding customer data against sophisticated cyber threats.

Lurie Children's Hospital, a renowned pediatric care facility in Chicago serving over 200,000 children annually, fell victim to a debilitating cyberattack orchestrated by the Rhysida ransomware gang earlier this month. The hospital released a statement about the incident.

Rhysida ransomware, notorious for its extortion tactics, has listed Lurie Children's on the dark web, boasting about pilfering 600 GB of sensitive data. The gang demands a hefty ransom of 60 BTC (approximately $3.7 million) for the data's release, threatening to sell it to multiple parties if not paid within seven days.

The attack forced the hospital to shut down its IT systems, leading to disruptions in medical services, including delayed appointments and compromised access to critical patient data. Ultrasound and CT scan results became inaccessible, prompting doctors to resort to manual record-keeping.

Efforts to restore normalcy at Lurie Children's are ongoing, with some services still impaired. As the hospital grapples with the aftermath, concerns mount over the irreversible compromise of children's medical records, underscoring the urgent need for robust cybersecurity measures in healthcare institutions.

Cencora, a leading pharmaceutical services provider with a revenue of $262.2 billion in 2023, disclosed a recent cyberattack resulting in data theft. The company, formerly AmerisourceBergen, reported the incident in a Form 8-K filing with the SEC, citing exfiltration of data from its corporate IT systems, potentially including personal information.

Although containment measures were promptly implemented, Cencora is collaborating with law enforcement and cybersecurity experts to investigate the breach. While financial and operational impacts remain undetermined, the company emphasizes its proactive approach to addressing the breach.

Notably, Cencora clarified that the incident is unrelated to the recent Optum Change Healthcare ransomware attack. Despite prior claims from ransomware group Lorenz in 2023, no specific attribution has been made regarding the latest breach. Authorities continue to probe the breach's origins, emphasizing the critical need for robust cybersecurity measures in the pharmaceutical industry.

Want to catch up on the latest security news? Check out:

• GoldPickaxe, Google Cloud Run, and ChatGPT Security Alert Make Headlines

• Cloudflare, CitiBank, Johnson Controls Make Cybersecurity Headlines

• 23andMe, Payoneer Breaches, and WordPress Plugin Vulnerability in the Spotlight