Ransomware attacks against U.S. organizations in 2024 disrupted healthcare systems, supply chains, and government services, and led to tens of millions of dollars in ransom payments. Here are 10 of the most prominent attacks against U.S. organizations for the year 2024:
LoanDepot
On Jan. 8, California-based mortgage lender LoanDepot disclosed an attack in an 8K filing with the U.S. Securities and Exchange Commission (SEC). The company said attackers were in its systems from Jan. 3 through Jan. 5 and engaged in malicious activity that included "access to certain Company systems and the encryption of data."
Veolia
On Jan. 19, Veolia North America disclosed it was investigating a ransomware attack that occurred one week prior and disrupted certain software applications and systems in the company's network. The Boston-based water, waste and energy recycling management company forced its back-end systems offline, which disrupted customer billing and payment services.
Change Healthcare
One of the year's most significant attacks, if not the most significant, occurred against UnitedHealth Group's Change Healthcare on Feb. 21. The healthcare technology company, which provides payment and reimbursement services, suffered a massive data breach, prolonged disruptions and substantial recovery costs.
Ascension
Ascension is another healthcare organization that suffered a significant ransomware attack this year. On May 8, the St. Louis-based healthcare system disclosed that ransomware disrupted its electronic health record (EHR), some phone systems, patient portals and other important systems patients use to order tests, procedures and medications. Patient portals and EHR systems remained down for a little more than one month.
Cleveland city government
On June 10, Cleveland's city government disclosed it was forced to shut down city hall following a disruptive ransomware attack. City hall remained closed for 11 days while the staff worked to restore systems. The attack affected residents' ability to submit payments, permits and building or house applications.
CDK Global
CDK Global experienced a damaging ransomware attack on June 18. The automotive technology provider, which currently serves 15,000 dealerships, forced most of its systems offline to contain the threat. Subsequently, the ransomware attack caused significant disruptions for downstream customers.
McLaren Health Care
A ransomware attack on Aug. 5 significantly disrupted services at Michigan-based McLaren Health Care. The healthcare organization was forced to reschedule nonemergency and elective procedures, but the attack also affected primary and specialty care clinics as well as cancer care. Patients were asked to bring in a list of medications, printed physicians orders and a list of known allergies as the electronic medical records remained down due to the attack. McLaren operates 13 hospitals in Michigan with 28,000 employees and more than 113,000 network providers.
Port of Seattle
On Aug. 24, the Port of Seattle in Washington began experiencing outages related to a ransomware attack. The Port of Seattle is a public agency that also oversees the Seattle-Tacoma International Airport. While the port's website was down, the airport suffered the brunt of disruptions as bag checking, check-in services, flight information displays and phone systems went down due to the attack. Some services remained down two weeks after ransomware encrypted the agency's systems.
Blue Yonder
On Nov. 22, Arizona-based Blue Yonder disclosed it suffered a ransomware attack one day prior. The attack disrupted the supply chain management company's managed services hosted environment and led to massive fallout for downstream customers including Starbucks, Sainsbury's and Morrisons Supermarkets. Morrisons was forced to rebuild a new warehouse management system for fresh foods and produce while Sainsbury's suffered service disruptions.
Krispy Kreme
Ransomware disrupted online ordering services for Krispy Kreme on Nov. 29. The doughnut giant disclosed the attack in an 8k filing with the SEC on Dec. 11. Krispy Kreme said it was notified of suspicious activity on its information and technology systems on Nov. 29 and subsequently initiated
an investigation, contained the threat and began remediation. In addition to online ordering, deliveries to retail and restaurant partners were also disrupted.
These are not all - just 10 of the biggest. There are many, many more! If I just wanted to report
one of these each day, I would have no trouble in doing so - and I'm just making reference to
entities within the USA!!!
Well, looking at the bright side of things, the future looks good for persons interested in pursuing
a career in Cybersecurity. Someone's gotta guard the hen house, cause the foxes sure ain't goin
away!!!
yet teachable moment about the complexity of cybersecurity.