In 2023, cybersecurity news was dominated by breaches, with the Change Healthcare breach being the most significant event of the year. The unexpected Crowdstrike update debacle also shook the technology community and the world.
As the year began, Google settled a $5 billion class action lawsuit for privacy violations in its Chrome browser’s Incognito mode. The settlement amount raised questions about the actual benefit to individual users. Ransomware continued to increase throughout the year, leading to discussions about banning ransomware payments to deter cybercriminals.
The first half of January was relatively quiet in terms of cybersecurity attacks, with minor layoffs in the tech industry. A study released by Consumer Reports revealed the extent of data sharing across apps, dispelling conspiracy theories about devices listening to conversations.
In February, Bloomberg News reported on the challenges faced by spy agencies in managing the vast amount of data available online. The Cybersecurity & Infrastructure Security Agency highlighted an attacker group from China infiltrating critical infrastructure sectors using the Living Off The Land method. A BBC News story revealed how remote work led to insider trading based on overheard conversations.
Deepfake technology was used in a scam to defraud a company of $25 million, showcasing the potential risks of AI manipulation. In March, the Change Healthcare ransomware attack made headlines, with evidence emerging of a failed $22 million ransom payment. The restoration process took over two weeks, costing the company over $1 billion.
In April, news emerged of a $21 million ransom payment by Change Healthcare to protect patient data. The UK passed a law banning default passwords for IoT devices, setting a precedent for global implications. May saw a testimony by United Health Group’s CEO on the Change Healthcare attack, highlighting the growing threat of ransomware in the healthcare sector.
June witnessed a major cyberattack on CDK Global, affecting numerous automotive industry locations worldwide. The theft of one million patient records by a subcontractor employee raised concerns about insider threats and data security in the healthcare sector. The month ended with the discovery of a massive botnet responsible for fraudulent activities and child pornography distribution.
The progression of healthcare attacks underscored the importance of cybersecurity measures in critical infrastructure sectors. With increasing threats against energy organizations, industry professionals must prioritize security to prevent widespread breaches. The year showcased the evolving landscape of cyber threats and the urgent need for robust security measures.