Exploit: Ransomware
Scottish Association for Mental Health: Healthcare Provider
Risk to Business: 2.176 = Severe
The RansomEXX ransomware group hit the Scottish Association for Mental Health, snatching 12 GB of sensitive client data from the charity. The organization confirmed the attack in a statement, explaining “We are devastated by this attack. It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable.” Attackers reportedly gained access to internal employee communications as well as other data sources. The charity has also said that they’re working with Police Scotland to resolve the situation. No ransom demand was made public.
Rist to Individuals: 2.307 = Severe
The exposed data includes unredacted photographs of individuals’ driving licenses, passports, personal information such as volunteers’ home addresses and phone numbers, and some clients’ passwords and credit card details.
How it Could Affect Your Customers’ Business This situation is especially unfortunate because in addition to an expensive incident response, the organization likely faces costly penalties.
Source: bit defender