Miltenyi Biotec, a German biotechnology company that delivers SARS-COV-2 antigens for COVID-19 vaccine development, recently had its order processing impaired by malware. The company’s global IT infrastructure component was affected. The IT infrastructure spans 73 nations, with the malware attack temporarily hindering order processing. In some countries, the cyber attack also caused a system outage that affected email and telephone systems. According to the website notice, while there is currently no indication that the malware has been inadvertently distributed to customers or partners, customers should expect order delays due to the attack.
What happened
While Miltenyi has not disclosed the source of the attacks, the Mount Locker ransomware gang claimed responsibility in November. In a ransom note, Mount Locker claimed that it had leaked 5% of 150GB worth of data stolen from Miltenyi’s network in the form of a ZIP archive. Mount Locker first began to breach corporate networks in July. In addition to data breaches, Mount Locker ransomware steals sensitive data and delivers payloads that encrypt the systems on the victim's network.
How Miltenyi fought back
Sensing malware attacks and containing them quickly has been key to Miltenyi’s ability to resume its operations functions, albeit with a few operational delays as a result of attack recovery. Unfortunately, many of the smaller players of the COVID-19 vaccine research space don’t have the IT resources provided by CISA (Cybersecurity and Infrastructure Security Agency) through Operation Warp Speed.
Ransomware has a history of social engineering
Hackers who employ email phishing tactics to deploy ransomware or malware use social engineering techniques that have been around for years.The COVID-19 pandemic in particular has made employees and individuals vulnerable to certain messaging that might contain malicious payloads that could render a systemwide outage. In this case, it was file extensions labeled with “.ReadManual.ID” and “RecoveryManual.html” that, when clicked on, deployed the viral strains. An OpenText survey found that one in five company employees or consumers received a phishing email related to COVID-19. Since this number is so high, it is extremely important for employers in the healthcare industry to properly train their staff and leverage communication platforms designed to protect against malicious agents. SEE ALSO: How to Ensure Your Employees Aren’t a Threat to HIPAA Compliance
Use Paubox to protect your email
Data breaches can leave you reeling. In addition to having important data stolen, the HHS and OCR can come after you in the form of millions of dollars in fines as hacking often discloses protected health information (PHI) which violates the HIPAA Privacy Rule. Hence, it is important for the healthcare industry to invest in a solution that can prevent this kind of thing from happening in the first place. Paubox Email Suite Plus is a HITRUST CSF certified HIPAA compliant email solution, meaning that it has gone through a rigorous process to protect against privacy and security vulnerabilities. Paubox Email Suite Plus protects against display name spoofing emails containing malware by blocking them before they have the chance to enter the inbox. Opportunistic actors are using the current pandemic to take advantage of vulnerabilities. Protect yourself and your data by using a solution that can protect you against harmful cyberattacks.