We are now past the halfway point of the year, and if certain trends continue, 2023 could be another record year for a number of different cyber crimes.

Blockchain analysis firm Chainalysis found cryptocurrency-based ransomware attacks are on a record-setting pace. If the current trajectory holds, victim payments could reach close to $1 billion by the end of the year.

As the months and years pass, it’s important to stay up-to-date on both the latest cyber threats out in the world and ensure you do not waver on your cyber hygiene.

In this installment of the BlackCloak Thursday Threat Update, we will look at a healthcare data breach where millions of patients were affected and the discovery of malicious apps found on the Google Play store.


HCA Healthcare breach affects 11 million patients

What we know: HCA Healthcare disclosed it experienced a data breach where the personal data belonging to more than 11 million patients was stolen. Compromised information included patients’ names, contact information, dates of birth, appointment details and other data points. Social Security numbers, financial information and payment cards were not among the stolen pieces of data.

Recommendations: In its notice on the data breach, HCA Healthcare will provide credit monitoring and identity protection services when applicable. As contact information was exposed in the breach, HCA warns affected individuals to be on the lookout for suspicious calls, emails and SMS text messages and to avoid opening links and attachments sent from “untrusted sources.” HCA has opened a hotline where it will confirm the legitimacy of any invoice, balance or payment reminder that may be malicious. The number for the hotline can be found in the data breach breach notice above.


Malicious apps found on Google Play store download by 1.5 million users

What we know: A pair of malicious apps found on the Google Play store were downloaded by around 1.5 million users. The apps contained malicious malware, and did not require the device owner to actually use the application for the malware to be installed. Rather, the malware would be downloaded onto the device when, for example, the device would restarted. Google announced it removed the malicious apps within hours of the discovery.

Recommendations: Google and Apple have teams in place to review any apps that go on their respective stores, and while they catch the majority of bad applications, some occasionally slip through the cracks. It’s important to pay close attention to any app you download from these respective stores. Be sure to read the description of the app. Descriptions that contain misspellings and bad grammar are usually a sign the app in question is not legitimate. Take a look at the reviews as well. If there aren’t any user reviews, or the majority of reviews are negative or sound suspiciously similar, that’s another sign you should not download the app onto your device. Lastly, look into the app developer. If the developer does not appear on a search, then you should once again steer clear of the application.


Cybercriminals may try and contact you directly. Be ready

Social Security numbers and payment cards are obviously items you do not want to fall into the hands of cybercriminals, but they can also do a lot of damage if they have your phone number and email address as well. Should your contact information fall into the hands of a malicious actor, it’s important to stay vigilant.


Learn about the dangers of spam emails and other variations of phishing attacks, including SMS text message phishing scams, or “smishing,” and how cybercriminals can use artificial intelligence for “vishing” attacks.