cybercrime Worcester cybersecurity data breach UMass Memorial Health
WORCESTER — Would you rather have a mosquito bite or a shark chomp down on your flesh?
That choice was posed by Craig Shue, associate professor of computer science and chairman of the graduate cybersecurity program at Worcester Polytechnic Institute.
Shue presented the question to highlight what organizations — large and small — face when a cybercriminal corrupts sensitive in-house information.
A mosquito bite occurs when security protections are in place to minimize the damage.
Shark bites can happen if an organization devotes limited resources to cyberthreats and suffers the consequences.
This choice in bites comes as the frequency of data breaches appears to have picked up in Worcester.
Anna Maria College was victimized by a phishing scheme that corrupted an employee’s email account, said Michael Miers, executive vice president and chief information officer at Anna Maria.
The scheme happened in April, and the college became aware of it within 24 hours. Most of the compromised information belonged to students. Some to a handful of employees.
Email encryption protection was in place before the attack, but the hacked email account included old information not protected by the encryption.
Anna Maria conducted an investigation with its insurance company and a law firm that supplied a forensics team. It determined the data that was compromised, who was impacted, and notifications were sent to the effected parties.
Many who received notices live in Massachusetts. Some in Vermont, New York and one person who resides in Canada.
In the wake of the breach, Anna Maria is providing all electronic users impacted by the phishing scheme with one year of identity protection. And the college’s insurance company has a 24-7 call center for any concerns or questions.
Another layer of protection — multifactor authentication — is being rolled out for all on-campus electronic accounts.
The last data breach at the college occurred 12 years ago, Miers said. He noted all users of the college’s electronic accounts are trained on the latest steps to keep data safe and protected.
"We train our users. They're really safe with user data."
Bemis, UMass Memorial, Coghlin cases
Bemis Associates Inc in Shirley was hit by a newer strain of ransomware known as BlackByte, according to HackNotice, a cybersecurity alert system.
Bemis Associates did not respond to a Telegram & Gazette phone call and email that requested comment.
In October, UMass Memorial Health announced a data breach that impacted more than 200,000 individuals between January 2020 and January 2021.
The health system determined a limited number of employees email accounts may have been accessed by an unauthorized person.
In July, Coghlin Electric Contractors Inc. in Worcester was hit with a ransomware attack. All files were recovered without paying hackers, according to a company official.
Why are cyberattacks apparently on the rise?
Miers believes remote work brought on by the coronavirus pandemic may be a factor.
Businesses had to pivot quickly, and may have lacked adequate protections. As a result, those businesses face a greater risk of getting hacked.
Another factor is the high cost of protective technologies that can be cost prohibitive for some businesses.
Additionally, hackers are smart, and getting smarter.
“If you don’t have a dedicated information technology security team, then you’re definitely at a disadvantage,” Miers said.
Worcester team in place
The city’s information technology team includes more than 30 employees responsible for protecting the city’s electronic communications.
Potential problems are flagged by the city’s association with several alert networks, including the Multi-State Information Sharing and Analysis Center.
Another association is with the Commonwealth Fusion Center. Under the direction of the Massachusetts State Police, it’s the principal state source for threat-related information.
There is also a partnership with the Deloitte Threat Notification Center that provides information to detect and manage cyberthreats.
“We get notifications from a lot of angles of ongoing potential issues,” said Walter Guertin, acting chief information officer for the city of Worcester.
When a cyber threat reaches an emergency stage, the city's Emergency Operations Center comes into play. Located near Worcester Regional Airport, city department heads and public safety leaders meet in one room to hash out a plan.
"In the case of a cybersecurity breach, we use that command center to bring all experts into a room, begin an investigation and plan a response," said Nicole Valentine, assistant city manager.
She noted the city's technical services department would lead the effort.
Anna Kournikova computer worm
Guertin mentioned this electronic menace impacted Worcester City Hall roughly 20 years ago. Some computers were unplugged, and new hard drives were ordered.
“It was an all-hands-on deck effort,” Guertin said.
Tight-lipped about other possible hacking incidents at City Hall because he didn’t want to give the city’s playbook away to potential enemies, Guertin did offer one piece of advice.
“Protect yourself,” he said. That means make sure you’re up-to-date with software and “patching.” That last term is computer jargon for closing any weak links in a software network.
Class in session
Worcester trains its employees to be on the lookout for electronic scammers.
The Municipal Cybersecurity Awareness Grant Program is one tool.
Run through the state’s Executive Office of Technology Services and Security, the program includes classes on risk concepts like phishing and tailgating. An example of the latter term is when an employee uses a passcode to open a door, and a stranger posing as an employee gains access to a restricted area.
Worcester also contracts with KnowBe4 for internet security. The service includes weekly cybersecurity tips for the city’s roughly 1,600 employees.
Despite Worcester’s best efforts, the alert systems and classes aren’t foolproof.
“We’re all fallible. We’re all human,” Guertin said.
Given that weakness in all of us, the goal is to constantly remind employees that cybersecurity is important. So when a questionable email hits an inbox, think twice before clicking on it.
Hackers are more sophisticated
Getting employees to remember that last point is tough, because hackers are getting more sophisticated by the minute, said Shue of WPI.
He advises organizations to take a hard look at themselves to determine what security files require maximum protection — and which ones don’t.
“Once an organization identifies what is important to them, protecting them becomes more straightforward.”
“Layered controls” can be an effective protection strategy, said Shue. Much like the number of bank robberies that have plummeted because of multiple layers of security, organizations that do business electronically need a similar strategy.
That could mean sophisticated passwords on all computers and backup files in case of a breach.
Ultimately, Shue believes it’s important for any organization to be prepared for the worst.
“Many people are going to be hacked," Shue said. "If it hasn’t happened yet, it’s probably good to start thinking about what to do if it happens.
“Have a plan to execute, recover and move on.”
Contact Henry Schwan at henry.schwan@telegram.com. Follow him on Twitter @henrytelegram
Gloss