BlogNews29TH FEB 2024
AuthorShayan Naveed
5 min read
News

U-Haul, Cencora, Chicago Hospital Hit By Data Breaches

Twitter
Facebook
WhatsApp
Email
LinkedIn
This is the feature image for the March 1 security roundup

Recent cybersecurity breaches have shaken major corporations across various sectors, raising concerns about data security. Pharmaceutical giant Cencora joins the ranks of targeted companies, disclosing a significant data breach involving the theft of corporate IT systems. Lurie Children's Hospital in Chicago faces operational disruptions following a ransomware attack orchestrated by the Rhysida gang. Additionally, U-Haul grapples with the aftermath of a cyber intrusion.

Cybersecurity News Roundup for March 1, 2024

Here are the details regarding the latest cybersecurity news:

U-Haul Data Breach Exposes Customer Information 

U-Haul, a prominent American moving equipment and storage rental company, has recently revealed a cybersecurity breach, affecting its internal system utilized by dealers and team members for managing customer reservations. 

In a statement, U-Haul said: 

“U-Haul learned on December 5, 2023, that legitimate credentials were used by an unauthorized party to access a system U-Haul Dealers and Team Members use to track customer reservations and view customer records.”

While no payment data was compromised, the breach exposed personal information such as full names, dates of birth, and driver's license numbers. U-Haul promptly reset passwords for affected accounts and reinforced security measures to forestall future breaches.

Affected customers, numbering approximately 67,000 across the United States and Canada, are being notified and offered a one-year identity theft protection service. Despite efforts to mitigate the impact, U-Haul's website remains offline, and inquiries for further details have yet to receive a response.

This incident follows a previous breach in 2022, emphasizing the ongoing challenges companies face in safeguarding customer data against sophisticated cyber threats.

Children's Hospital Hit by Rhysida Ransomware Attack

Lurie Children's Hospital, a renowned pediatric care facility in Chicago serving over 200,000 children annually, fell victim to a debilitating cyberattack orchestrated by the Rhysida ransomware gang earlier this month. The hospital released a statement about the incident.

Rhysida ransomware, notorious for its extortion tactics, has listed Lurie Children's on the dark web, boasting about pilfering 600 GB of sensitive data. The gang demands a hefty ransom of 60 BTC (approximately $3.7 million) for the data's release, threatening to sell it to multiple parties if not paid within seven days.

The attack forced the hospital to shut down its IT systems, leading to disruptions in medical services, including delayed appointments and compromised access to critical patient data. Ultrasound and CT scan results became inaccessible, prompting doctors to resort to manual record-keeping.

Efforts to restore normalcy at Lurie Children's are ongoing, with some services still impaired. As the hospital grapples with the aftermath, concerns mount over the irreversible compromise of children's medical records, underscoring the urgent need for robust cybersecurity measures in healthcare institutions.

Cencora Pharmaceutical Giant Hit by Cyberattack, Data Breach Confirmed

Cencora, a leading pharmaceutical services provider with a revenue of $262.2 billion in 2023, disclosed a recent cyberattack resulting in data theft. The company, formerly AmerisourceBergen, reported the incident in a Form 8-K filing with the SEC, citing exfiltration of data from its corporate IT systems, potentially including personal information.

Although containment measures were promptly implemented, Cencora is collaborating with law enforcement and cybersecurity experts to investigate the breach. While financial and operational impacts remain undetermined, the company emphasizes its proactive approach to addressing the breach.

Notably, Cencora clarified that the incident is unrelated to the recent Optum Change Healthcare ransomware attack. Despite prior claims from ransomware group Lorenz in 2023, no specific attribution has been made regarding the latest breach. Authorities continue to probe the breach's origins, emphasizing the critical need for robust cybersecurity measures in the pharmaceutical industry.

Previous Coverage

Want to catch up on the latest security news? Check out:


Shayan Naveed
Shayan Naveed / Contributor
Shayan has covered various topics as a journalist with over a decade of experience. She is currently focusing on the ramifications of cybersecurity incidents and their impact on our digital lifestyle as whole. Reach out to her for tips, pitches and stories.
FAQsFrequently Asked Questions
Ransomware attacks can result in data loss, financial losses, operational disruptions, and reputational damage. Depending on the severity of the attack and the importance of the encrypted data, organizations and individuals may face significant consequences.