Thursday Threats

Streaming Media Platform Plex and Novant Health Experience Data Breaches

Experiencing a data breach can be costly. The annual Data Breach Report from IBM and the Ponemon Institute found the average data breach costs $4.35 million in 2022, a figure that has risen 12.7% since 2020.

In addition to financial challenges, data breaches bring forth issues ranging from personal and corporate reputation harm and IP theft to data corruption, identity compromise and more. 

It’s why we continually encourage and attempt to empower individuals and businesses to do everything possible to minimize risk of becoming the next data breach victim.Unfortunately, even those who are well prepared can still fall victim.

In this week’s BlackCloak Thursday Threat Update, we will cover a pair of data breaches that affected a streaming media platform and a healthcare organization. 

Passwords among compromised data in Plex breach

What we know: The streaming media platform Plex informed customers that it experienced a data breach. The cause of the breach has yet to be determined, but Plex said that the compromised data included usernames, email addresses and encrypted passwords. Plex added “credit card and other payment data are not stored on our servers at all and was not vulnerable in this incident.”

Recommendations: While the exposed passwords are “hashed and secured in accordance with best practices,” Plex is still advising users to change their passwords out of an abundance of caution. When doing so, make sure that your new password is completely unique, and if you have used your Plex password for other accounts, now is a good time to ensure all of your account passwords are completely different from one another. Additionally, set up dual factor authentication for your Plex account, which you can do in your Account page.

Novant Health breach affects 1.3 million patients

What we know: Novant Health disclosed it experienced a data breach affecting 1.3 million patients. Sensitive information was accidentally collected by a Meta Pixel ad tracking script, which is used by Facebook advertisers to monitor how their ads are performing. Patient information that may have been exposed includes email addresses, phone numbers, IP addresses and emergency contact information.

Recommendations: Make sure that you, and anyone you’ve listed as an emergency contact, are on the lookout for suspicious emails, text messages and phone calls. While most phishing campaigns are sent via email, scammers can also conduct these schemes through text messages, a tactic known as “smishing” and via phone call and voice messages, which is called “vishing.”

Learn about the threats and how to protect yourself

To protect yourself, your family and your business from data breaches and other cybercrime, learn how phishing attacks work, why spam emails are a threat to cybersecurity and what you can do to reduce your risk of becoming a victim of data breaches, identity theft and financial fraud.