CISO Case Files: Pirates Aboard the HMS Cyber


A Pirates Life For Me: 

Back in the golden age of piracy Bartholomew Roberts, a.k.a. Black Bart, took 400 ships but kidnapped up to 600 surgeons and physicians pressing them into service as officers. In our digital age, pirates of a different kind are trawling not for physicians but for the information on their patient’s injuries, illnesses, and more.    Make no mistake ship doctors treat numerous injuries, burns, broken bones after a fall or being crushed by cargo, inhalation of toxic fumes, suffocation in a vat of grain.  Those are just the dramatic ones. If modern pirates have located a ship doctor’s data, ransomware could rob sailors of this vital protector. Hackers are like all pirates, once they find their quarry you will pay for it.

Details from the Crime Scene: 

Our client, a multinational shipping company, hired a third-party provider of medical equipment and services to support their fleet. This partner is responsible for the health and safety of the crew via remote medical assistance.  With direct remote access to a fleet of ships, this third party was privy to a wide assortment of data from medical records, safety, security, environmental emergencies.  See more on preventing medical leaks and third-party risks After a ten-year partnership, the medical service providers also had access to contracts, invoices, as well as internal documentation. During the partner’s data archiving process, a decade’s worth of documentation was housed on an unsecured corporate server.  With no authentication or protections, these documents could be accessed by anyone who located the unprotected server. The release of any of these documents could risk heavy fines from regulators, reputational damage, or difficulty in attaining licenses. 

CybelAngel Investigates: 

CybelAngel protects our customers by continuously scanning billions of IP addresses across the internet for digital threats and leaked documents. CybelAngel found thousands of files containing sensitive information ranging from financial documents, medical records, and incident reports from our client.  Our solution immediately detected the leaked documents, which were processed through our Machine Learning algorithms applying a first sensitivity screening and predicting a critical incident.  This prediction triggered an alert, which our Analyst Team investigated. Learn how machine learning helps detect data leaks here

Arresting the Leak: 

The combination of Machine Learning and Human analysis allowed CybelAngel to quickly locate and verify the leak. With veracity confirmed, an investigation was launched identifying the leaking party through file paths, IP address, and file content.  Our analysts’ investigation provided actionable information for our client, including a list of the documents leaked such as financial documents, medical records, and emergency incident reports. With the detailed incident report in hand, our clients could contact the leaking party ordering an immediate removal of the offending server and greater security controls. 

Detective’s Notes: 

Medical files are some of the richest targets for hackers. They contain a wealth of PII in every file and are ripe for ransomware.  CybelAngel reviews a number of common issues and solutions for medical data leaks in the whitepaper Full Body Exposure But keep in mind we shouldn’t fixate on the medical files. Financial documents such as invoices are useful in phishing scams for double billing.  The safety reports could be used in a blackmail scheme via doxware or used to threaten licenses.  This is the real issue with leaks and breaches, one incident gives birth to multiple threats.  We solve this issue in the same way piracy is always ended but giving them nowhere to hide. CybelAngel continuously scans billions of IP addresses leaving leaks nowhere to hide and giving no quarter to digital pirates. You try this level of threat awareness with CybelAngel’s free Data Exposure Dashboard.