Massachusetts Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
Massachusetts.jpg
 

Public Safety

Town of Tisbury, Town of Tisbury Police Department Dukes County

Breach Type - Phishing, Malware

Vineyard Gazette

  • Employee opened malicious phishing email, convinced the was sent by a regular town vendor
  • The email launched malware which crippled Tisbury email and internet services
  • Affected departments include the library, the council on aging, and the police department
  • Computer access was disabled for at least 24 hours & the town will implement cyber monitoring for the time being
Read More

 
Dighton PD Locked Out of Computer Systems

Breach Type - Ransomware

Turn to 10

  • Ransom more than $4,600
  • Hackers from Russia, threaten to wipe entire computer system
  • Dighton pays ransom
  • Chief of Police paid out of pocket, Dighton Town reimburses later
Read More

 
Hit on Melrose PD

Breach Type - Ransomware

Wicked Local

  • Email transfers virus to detective
  • Most data backed up, except vital data on detective’s laptop
  • PD pays ransom in bitcoin to recover data
  • Payment of $489 made to hackers
Read More

 
Tewksberry PD Pays Ransom

Breach Type - Ransomware

News BTC


Read More

 
BACK TO TOP

Local Government

Committee for Public Counsel Services, Suffolk County

Breach Type - Phishing, Ransomware

Boston Globe

  • CPCS attacked by ransomware, e-mail systems and attorney payments disabled, hearings delayed
  • Agency refused to pay ransom, opted to restore system from backup files
  • Ransomware program known as Ryuk appeared to originate in Russia
  • Agency believes ransomware was installed using trojan virus programs via link, file, or e-mail
  • IT team confident in restoration of data once trojan viruses were eliminated
Read More
CrowdFundInsider

  • Massachusetts Committee for Public Counsel Services victim of Ryuk ransomware
  • Organization had external backups of affected files, believed virus did not extract data
  • Infected link in phishing e-mail determined to be likely culprit
Read More

 
City of Quincy, Norfolk County

Breach Type - Phishing, Malware

The Patriot Ledger

  • Hackers compromise official City of Quincy email accounts via phishing scheme
  • Malicious emails contained Emotet or Trickbot malwares which quickly infected all city departments
  • The compromised accounts were used to spread viruses to those in contact with city officials
Read More

 
Town of Marblehead, Essex County

Breach Type - Phishing, Ransomware

Marblehead WickedLocal

  • Town Finance Director sought cyber assessment after malware attacks
  • Ransomware struck Town via phishing email
  • IT restored files & systems
Read More

 
Massachusetts Clean Energy Center, Suffolk County

Breach Type - Phishing

Boston Herald

  • Cyber scammer steals $93,679 in public funds through phishing scheme
  • Recovered a fraction of the funds stolen, but scheme was unreported for 8 months
  • The Massachusetts Clean Energy Center did not consider cyber threats in its risk assessment
Read More

 
Cambridge Housing Authority, City of Cambridge

Breach Type - Phishing

Cambridge Day

  • Authority loses $7,000 to BEC scam
  • Phishing attack causes loss, but housing authority isn't alone in fight against cybercrime
  • City uses a protective program to help lessen the load of phishing schemes coming through each day
Read More

 
Holyoke City

Breach Type - Phishing

Massachusetts Live

  • City treasurer falls victim to Business Email Compromise (BEC) scam
  • Scammed out of roughly $10,000
  • Treasurer realized cyber attack and contacted Holyoke Police Department
  • Treasurer has cooperated with investigation
Read More

 
Websites: Town of Westford, City of Framingham, Town of Andover, Belmont

Breach Type - Cryptojack/Other

WCCF Tech

  • Over 4,200 victims hijacked to mine Monero cryptocurrency
  • Secretly hijacked using compromised plug-in called "Browsealoud"
  • Though sites were affected for hours, no user data was affected/compromised
Read More

 
Brookline Town

Breach Type - Hack

Boston Herald

  • Business Email Compromise scam almost empties Brookline's funds from treasury
  • Town treasurer recognized the scam and reported to the town's IT department
Read More
Wicked Local

  • Brookline police detectives investigating case
  • Town has taken several preventative measures to ensure future cyber safety
Read More

 
Medfield Norfolk County

Breach Type - Ransomware

Boston.com

  • Paid $300 to hackers to unlock town computer systems
  • Town made attempts to restore files, virus infected backup server
  • Some sensitive files were not compromised, due to not being held on the town serve
  • Paid ransom as most expedient way to resolve
  • IT dept. taking steps to better their cyber security
Read More

 
BACK TO TOP

Medical

Baystate Health of Springfield, Hampden County

Breach Type - Phishing, Data Breach

Kansas City

  • Almost 12,000 patients were exposed following a data breach style attack
  • A phishing incident caused the exposure when affecting the accounts of several employees
  • Patient’s sensitive information included birth dates, health information, social security and more
Read More

 
Cambridge Health Alliance

Breach Type - Hack

Boston Globe

  • Breach results in financial information of 2,500 patients exposed to hackers
  • No medical records included in the breach
  • Cambridge Health notified patients two months after attack
  • No current evidence has surfaced of hackers misusing this data
Read More

 
Partners Healthcare

Breach Type - Hack

Partners

  • Partners monitoring systems identified suspicious malware activity
  • Implemented aggressive mitigation to contain malware
  • One server with personal data may have been affected
  • Partners notified patients out of abundance of caution – believing no data was misused
Read More

 
Massachusetts General Hospital Dental Group

Breach Type - Hack

Data Breaches

  • FTP server leak (Patterson Dental Supply Inc.) also affected MGHDP
  • Patterson launched law-enforcement led investigation
  • Personal data of patients may have been compromised
Read More

 
Eaglesoft Software by Patterson Dental

Breach Type - Accidental Data Breach

Data Breaches

  • Patterson Dental patient databases unsecured on FTP Server
  • Massachusetts General Hospital Dental Group included in unsecured server
  • The FTP server was later taken offline
Read More

 
Brigham and Women's Faulkner Hospital

Breach Type - Hack

Data Breaches

  • Hackers used employee's credentials to access email account
  • Limited number of individuals affected
  • Emails did not contain health insurance numbers or financial information
  • Notified potentially affected individuals
  • No information on how hacker obtained credentials
Read More

 
BACK TO TOP

Education

Lynn Public Schools, Essex County

Breach Type - Unknown, Malware

Item Live

  • A large computer virus caused Lynn schools to be without internet
  • In order to isolate the threat, Lynn schools shut down their internet systems and connections
  • It is unknown where the virus started and when it started
Read More

 
Cape Cod Community College, Barnstable County

Breach Type - Phishing, Malware

Cape Cod Times

  • Phishing email believed to have distributed polymorphic virus to Cape Cod Community College
  • Virus was embedded in malicious attachment
  • The malware targeted the college’s financial transactions, overwriting URL address for the college’s bank
  • Hackers transferred nine fraudulent funds – totaling $807,130 from the college
Read More

 
Leominster School District

Breach Type - Ransomware

Sentinel & Enterprise

  • Files encrypted in ransomware attack and School District analyzed data at risk
  • No private information was accessed by hackers
  • In attempts to regain its network, Leominster paid $10,000 ransom to its cyber extortionists
  • Email system had been down for two weeks
Read More

 
Dracut Public Schools

Breach Type - Phishing

Lowell Sun

  • Employee personal data exposed in advanced phishing scheme
  • No student or parent information compromised in attack
  • FBI and law enforcement launched investigation
Read More

 
Lawrence Public Schools

Breach Type - Phishing

Boston Globe

  • Unspecified number of employees fell for phishing scheme
  • Breach may have exposed personal information of employees
  • No bank account information compromised
  • Superintendent notified personnel
Read More

 

BACK TO TOP