Data breaches are obviously damaging for victims, but organizations that experience such a cyberattack can also suffer great harm as well.

Not only could those entities face massive fines, but they also risk reputation damage, which can leave a lasting mark.

A study from Vercara found 66% of U.S. consumers would not trust a company that falls victim to a data breach.

Organizations know the risk they face should a breach befall them. It’s why they put security measures in place, but sometimes even the best laid plans are ultimately beaten.

In this installment of the BlackCloak Thursday Threat Update, we’ll look at a data breach affecting an ambulance service, as well as an emerging cyberscam targeting employees’ credentials.


Ambulance service breach impacts 900k patients

What we know: Fallon Ambulance Service disclosed it experienced a data breach affecting around 911,000 patients. While the company is no longer providing services, it still maintained a data storage archive to adhere to legal obligations. This archive was accessed by unauthorized individuals from February to April 2023. Compromised data points include patients’ names, addresses, Social Security numbers and other medical information.

Recommendations: As Social Security numbers were exposed in the breach, it’s highly recommended that any patient that used Fallon’s services place a credit freeze and fraud alert on their accounts as soon as possible. Despite no longer providing services, Fallon is offering two years of free identity protection services for anyone affected by the incident. Anyone who wishes to enroll must do so before March 27, 2024.


401K phishing scam targets employee credentials

What we know: Cybercriminals are sending phishing emails to employees claiming their 401Ks are changing. The emails purport to be from human resources, and may state that an employee’s 401K has been increased, and include a malicious QR code that will take the target to a phony webpage where they are asked for their login credentials. Cybercriminals can use these login credentials to access sensitive information stored within the company. Cybercriminals are also placing fake QR codes in emails regarding compensation and employee satisfaction surveys.

Recommendations: Pay close attention to any emails you may receive, and if you do see an email that asks you to scan a QR code, talk to human resources to see whether the message is legitimate. Additionally, employers should take the time to educate their employees about these phishing scams, and perhaps send additional communications informing employees when legitimate emails will be sent out through HR.


Learn how cyberattacks work, and what you should do to protect yourself.

Cyberattacks come in all different shapes and sizes, thus, it is crucial to keep up-to-date on emerging threats, as well as what you should do when you face risk.


Read this deep dive into how phishing attacks work, and learn what you should do when you fall victim to a data breach.