Ohio Community College Data Theft Breach Affects Nearly 300K
p
Fraud Management Cybercrime
Government
Healthcare
ppAn Ohio community college is notifying 290000 people of a data theft breach this spring that may have compromised their personal financial and health informationppSee Also Live Webinar Generative AI Myths Realities and Practical Use CasesppIn a breach notification Wednesday Lakeland Community College did not provide any details on the attack which occurred between March 7 and March 31 but the Vice Society ransomware group earlier this year had listed the college on its data leak websiteppThis particular ransomware operation seemed to focus on the education sector presumably because they found it to be a lucrative niche said Brett Callow a threat analyst at security firm EmsisoftppWhile the community college breach may be relatively small the incident illustrates why small schools such as this are now favored targets of cybercriminals according to security researchers In fact a Sophos survey in June of 400 respondents in education found that about 80 of schools have reported hacking incidents including ransomware in the past yearppEducation traditionally struggles with lower levels of resourcing and technology than many other industries and the data shows that adversaries are exploiting these weaknesses Sophos saidppLakeland Community College based in Kirtland Ohio in a report filed Wednesday to the state of Maine attorney general said an investigation into the incident had concluded Aug 20 and determined that a variety of information was removed from the colleges network affecting 285948 individuals including two Maine residentsppIn a breach notice posted on its website Lakeland Community College said affected information includes individuals full names plus one or more of the following Social Security numbers birthdates drivers license numbers or state identification numbers financial account information credit or debit card information passport numbers medical information andor health insurance policy informationppLakeland Community College operates a health clinic on its campus which partners with University Hospitals a network of 21 hospitals in northeast OhioppLakeland said that to date it is unaware of any reports of identity fraud or improper use of any information as a direct result of its incident The college is offering complimentary identity and credit monitoring to individuals whose Social Security numbers were affectedppSecurity researchers say the education sector is an increasingly popular target for cybercriminalsppOverall the education sector continues to be battered by ransomware more school districts have been hit so far this year than were hit in the whole of last year said Emsisofts CallowppWhen it comes to K12 school districts Emsisoft counted 63 hits with ransomware in 2023 so far and 53 of those involved district data being stolen For all of 2022 Emsisoft counted 45 ransomware attacks on K12 school districts and 25 of those incidents involved data thefts Callow saidppAs the 20232024 school year recently kicked off the US federal government started taking measures to shore up cyber defenses in the education market especially for the K12 segmentpp In August the Cybersecurity and Infrastructure Security Agency said it would train 300 K12 entities over the 20232024 school year and conduct approximately one K12 cyber exercise per month this year see White House Pushes Cybersecurity Defense for K12 SchoolsppAlso CISA and the Department of Education have released guidance documents outlining steps to better protect educational infrastructure The recommendations include enabling multifactor authentication using strong and unique passwords recognizing phishing attempts and keeping software updated ppThe Federal Communications Commission has proposed a 200 million program to use the Universal Service Fund to strengthen the cyber defenses of school districts and public librariesppLast year the FBI was called in to respond after the Russianspeaking group Vice Society hit the Los Angeles Unified School District just as 500000 students across thousands of schools had been slated to start classes for the 20222023 academic year see LA School District Confirms Student Data Leaked in AttackppLakeland Community College did not immediately respond to Information Security Media Groups request for additional details including whether Vice Society was involved in its incident or if the school was reporting the incident as a HIPAA breach to federal regulatorspp As of Thursday the Lakeland Community College incident was not posted on the US Department of Health and Human Services Office for Civil Rights HIPAA Breach Reporting Tool website listing health data breaches affecting 500 or more individualsppExecutive Editor HealthcareInfoSecurity ISMGppMcGee is executive editor of Information Security Media Groups HealthcareInfoSecuritycom media site She has about 30 years of IT journalism experience with a focus on healthcare information technology issues for more than 15 years Before joining ISMG in 2012 she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeeks healthcare IT media sitepp
ppCovering topics in risk management compliance fraud and information securityppBy submitting this form you agree to our Privacy GDPR StatementppwhitepaperppwhitepaperppCritical Infrastructure SecurityppGovernance Risk ManagementppBreach NotificationppAIBased AttacksppCritical Infrastructure SecurityppContinue pp
90 minutes Premium OnDemand
ppOverviewppFrom heightened risks to increased regulations senior leaders at all levels are pressured to
improve their organizations risk management capabilities But no one is showing them how
until nowppLearn the fundamentals of developing a risk management program from the man who wrote the book
on the topic Ron Ross computer scientist for the National Institute of Standards and
Technology In an exclusive presentation Ross lead author of NIST Special Publication 80037
the bible of risk assessment and management will share his unique insights on how toppSr Computer Scientist Information Security Researcher
National Institute of Standards and Technology NISTppWas added to your briefcaseppOhio Community College Data Theft Breach Affects Nearly 300KppOhio Community College Data Theft Breach Affects Nearly 300Kpp
Just to prove you are a human please solve the equation
ppSign in now ppNeed help registering
Contact support
ppComplete your profile and stay up to dateppContact Support ppCreate an ISMG account now ppCreate an ISMG account now ppNeed help registering
Contact support
ppSign in now ppNeed help registering
Contact support
ppSign in now ppOur website uses cookies Cookies enable us to provide the best experience possible and help us understand how visitors use our website By browsing bankinfosecuritycom you agree to our use of cookiesp
Fraud Management Cybercrime
Government
Healthcare
ppAn Ohio community college is notifying 290000 people of a data theft breach this spring that may have compromised their personal financial and health informationppSee Also Live Webinar Generative AI Myths Realities and Practical Use CasesppIn a breach notification Wednesday Lakeland Community College did not provide any details on the attack which occurred between March 7 and March 31 but the Vice Society ransomware group earlier this year had listed the college on its data leak websiteppThis particular ransomware operation seemed to focus on the education sector presumably because they found it to be a lucrative niche said Brett Callow a threat analyst at security firm EmsisoftppWhile the community college breach may be relatively small the incident illustrates why small schools such as this are now favored targets of cybercriminals according to security researchers In fact a Sophos survey in June of 400 respondents in education found that about 80 of schools have reported hacking incidents including ransomware in the past yearppEducation traditionally struggles with lower levels of resourcing and technology than many other industries and the data shows that adversaries are exploiting these weaknesses Sophos saidppLakeland Community College based in Kirtland Ohio in a report filed Wednesday to the state of Maine attorney general said an investigation into the incident had concluded Aug 20 and determined that a variety of information was removed from the colleges network affecting 285948 individuals including two Maine residentsppIn a breach notice posted on its website Lakeland Community College said affected information includes individuals full names plus one or more of the following Social Security numbers birthdates drivers license numbers or state identification numbers financial account information credit or debit card information passport numbers medical information andor health insurance policy informationppLakeland Community College operates a health clinic on its campus which partners with University Hospitals a network of 21 hospitals in northeast OhioppLakeland said that to date it is unaware of any reports of identity fraud or improper use of any information as a direct result of its incident The college is offering complimentary identity and credit monitoring to individuals whose Social Security numbers were affectedppSecurity researchers say the education sector is an increasingly popular target for cybercriminalsppOverall the education sector continues to be battered by ransomware more school districts have been hit so far this year than were hit in the whole of last year said Emsisofts CallowppWhen it comes to K12 school districts Emsisoft counted 63 hits with ransomware in 2023 so far and 53 of those involved district data being stolen For all of 2022 Emsisoft counted 45 ransomware attacks on K12 school districts and 25 of those incidents involved data thefts Callow saidppAs the 20232024 school year recently kicked off the US federal government started taking measures to shore up cyber defenses in the education market especially for the K12 segmentpp In August the Cybersecurity and Infrastructure Security Agency said it would train 300 K12 entities over the 20232024 school year and conduct approximately one K12 cyber exercise per month this year see White House Pushes Cybersecurity Defense for K12 SchoolsppAlso CISA and the Department of Education have released guidance documents outlining steps to better protect educational infrastructure The recommendations include enabling multifactor authentication using strong and unique passwords recognizing phishing attempts and keeping software updated ppThe Federal Communications Commission has proposed a 200 million program to use the Universal Service Fund to strengthen the cyber defenses of school districts and public librariesppLast year the FBI was called in to respond after the Russianspeaking group Vice Society hit the Los Angeles Unified School District just as 500000 students across thousands of schools had been slated to start classes for the 20222023 academic year see LA School District Confirms Student Data Leaked in AttackppLakeland Community College did not immediately respond to Information Security Media Groups request for additional details including whether Vice Society was involved in its incident or if the school was reporting the incident as a HIPAA breach to federal regulatorspp As of Thursday the Lakeland Community College incident was not posted on the US Department of Health and Human Services Office for Civil Rights HIPAA Breach Reporting Tool website listing health data breaches affecting 500 or more individualsppExecutive Editor HealthcareInfoSecurity ISMGppMcGee is executive editor of Information Security Media Groups HealthcareInfoSecuritycom media site She has about 30 years of IT journalism experience with a focus on healthcare information technology issues for more than 15 years Before joining ISMG in 2012 she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeeks healthcare IT media sitepp
ppCovering topics in risk management compliance fraud and information securityppBy submitting this form you agree to our Privacy GDPR StatementppwhitepaperppwhitepaperppCritical Infrastructure SecurityppGovernance Risk ManagementppBreach NotificationppAIBased AttacksppCritical Infrastructure SecurityppContinue pp
90 minutes Premium OnDemand
ppOverviewppFrom heightened risks to increased regulations senior leaders at all levels are pressured to
improve their organizations risk management capabilities But no one is showing them how
until nowppLearn the fundamentals of developing a risk management program from the man who wrote the book
on the topic Ron Ross computer scientist for the National Institute of Standards and
Technology In an exclusive presentation Ross lead author of NIST Special Publication 80037
the bible of risk assessment and management will share his unique insights on how toppSr Computer Scientist Information Security Researcher
National Institute of Standards and Technology NISTppWas added to your briefcaseppOhio Community College Data Theft Breach Affects Nearly 300KppOhio Community College Data Theft Breach Affects Nearly 300Kpp
Just to prove you are a human please solve the equation
ppSign in now ppNeed help registering
Contact support
ppComplete your profile and stay up to dateppContact Support ppCreate an ISMG account now ppCreate an ISMG account now ppNeed help registering
Contact support
ppSign in now ppNeed help registering
Contact support
ppSign in now ppOur website uses cookies Cookies enable us to provide the best experience possible and help us understand how visitors use our website By browsing bankinfosecuritycom you agree to our use of cookiesp
