Zog Blog | Information Technology, Cybersecurity, Non-Profit IT, & More

A Recent History of Cybersecurity in Philadelphia

Written by Megan Vogel | Dec 15, 2022 10:02:05 PM

Cyberattacks have become one of the growing threats of the 21st century and Philadelphia is no stranger to these attacks. In the first half of 2022, US companies reported 817 cases and more than affecting more than 53 million people. The increasingly frequent attacks are causing widespread damage and losses throughout the city.

Philadelphia-based organizations faced several cyberattacks this year which we’ll dive deeper into throughout this post.

When And How Cyber-Criminals Attacked Philadelphia

Following are some of the most notable cyberattacks on Philadelphia establishments:

Philadelphia FIGHT Community Health Center Cyberattacks 

On November 30, 2021, the Philadelphia FIGHT community health centers faced cyberattacks. A team of investigators was assigned to determine the scope and nature of the breach. Upon investigations, authorities confirmed that the community health center’s clinic and electronic medical record systems remained intact. 

Further investigations revealed that attackers successfully got their hands on non-clinical systems that contained data from more than 15,000 patients. However, there were no records of data breaches and missing information. The problem was that investigators couldn’t determine whether the information was viewed. 

The breached data had patients’ social security numbers, birth dates, names, diagnoses, health insurance, and treatment information. The Philadelphia FIGHT said they would review cybersecurity measures and enhance the protocols to prevent future data breaches and attacks. 

Philly Health Employees Email Data Breach

Philadelphia authorities released an update on the ongoing investigations of a data breach that left some employee email accounts vulnerable to unauthorized people. In March 2020, details from a health employee’s email account were revealed in a phishing attack. 

Between March 11 and November 15, CBH and DBHIDS accounts were accessed without authorization. People who are taking services from the Department of Behavioral Health, Intellectual Disabilities Services, and a nonprofit contractor, Community Behavioral Health, were the victims of the data breach. The breach also impacted other city departments. 

The attacks are believed to be a part of a series targeting healthcare and social service organizations during the pandemic. The data breach exposed much critical information like social security numbers, medical records, health insurance, and other information. 

Cyber Criminals Rip Off Philadelphia Business Owner 

A small business and brick-and-mortar store named Ali’s Wagon has been operating in the city for years. They used Shopify for their website and integrated digital transactions with it. The business owner reported that cyber criminals replaced the owner’s bank account with three different bank accounts and stole $33,000 in sales. 

All the Black Friday and other sales were wiped out. The business received an email from Shopify that their bank account had been replaced, but it was too late, and criminals hacked the email system. However, no customer data or cards were compromised. The two-factor authentication was not enabled and paved the way for a smooth cyberattack.

How Can You Prevent Your Business Against Cyberattacks?

Cybercriminals are always lurking for prey and can attack in multiple ways. The first and foremost thing is to understand the different types of attacks.

Following are the common threats business face:

  1. Ransomware attacks
  2. Malware attacks 
  3. Phishing attacks 
  4. Brute force attacks
  5. Distributed Denial Of Service (DDoS) attack 

You can protect your establishment from such attacks by using the following strategies:

Use Two-Factor Authentication 

2FA or two-factor authentication is an access management and identity security method that requires two authentication processes to allow access to data and resources. Strong passwords can help keep your data safe, but in any event of password theft, you need another layer of security. 2FA adds another layer of security and asks for identification before moving forward. Moreover, it also informs the user about the login or any change attempt.

Use Strong Passwords 

Weak and common passwords are easy to hack. Hackers use brute force attacks to guess passwords. In such cases, passwords like names and consecutive numbers are easy to hack. Set passwords that are complex, hard to guess, and contain unpredictable patterns of numbers, patterns, and symbols. Strong password example” KJL&sy#TE!a”

Apply Security Updates And Patches 

Unpatched applications and software are prime targets for cybercriminals to exploit. They can use such applications and get access to networks, devices, and other applications. Using security updates and patches to the operating system is an ideal way to close network gaps and vulnerabilities. It is necessary to keep your applications, devices, and software patch.

Create Awareness Against Phishing 

Phishing is often the root cause of many cyberattacks, and mainly the business staff falls into the trap. Companies should train their employees to identify the phishing threat and how to report it when they recognize the threat. Sometimes these attacks are difficult to identify, but if an employee gets into the trap, they should immediately report it without hesitation. The longer you wait, the deep attackers will penetrate the system.

Use Anti-Virus Software 

Every system should have antivirus software and firewall protection. They help identify malicious links, phishing attempts, malware, and other issues created and distributed by cybercriminals, like every other application. This software should also be up-to-date, active, and working optimally.

Know Your Network Well 

You cannot defend a network you don’t know. Understanding your network is crucial because there are many ways hackers can enter your system via the net. You will need an active team that should monitor all the connected devices and users. Moreover, they should be able to detect suspiciously activates on the network. 

Backup The Data 

Data backup is an integral part of an organizational cybersecurity plan. If hackers damage or destroy the data, you should have a backup. In addition, backing up data daily is vital so that the latest information is safe. It would be best to store the data in a safe and secure location like an external hard drive. 

Wrapping Up 

With the evolving threats, individuals and companies should keep their cyber defenses updated. We can learn so much from the history of cyberattacks in Philadelphia and use the above strategies to make a robust cyber defense strategy.