REQUEST A CONSULTATION
REQUEST A CONSULTATION
  • There are no suggestions because the search field is empty.
gray-wave-full
Security | 4 min read

5 Biggest Cyberattacks of 2022 and Lessons Learned

Patrick Flesch
Written by Patrick Flesch
09/14/2022

As the world remains more connected and online than ever, cyberattacks will continue to pose major risks to individuals and organizations. People’s savings can be wiped out, identities stolen — you name it. And businesses, while they may have more resources to fight back than an individual has access to, are not immune; cyberattacks can put them in a vulnerable legal liability position on top of everything else.

Cyberattacks in 2022

2022 has been another rollercoaster year among many in recent, more troubling times, and the continued prevalence of cyberattacks helped stir the chaos.

Despite efforts to inform and educate users about the dangers of clicking on suspicious email links and allowing hackers to gain access to information systems, phishing scams and ransomware continue to be leading cyberattacks.

Take a look at these five notable 2022 cyberattacks to see how they happened and who’s affected, and learn ways you can protect yourself and your company in the future through improved cybersecurity efforts.

5. Bernalillo County, New Mexico

When: January 2022
Number Affected: 676,000

The most populous county in New Mexico experienced a suspected ransomware attack to kick off 2022, which brought many government functions to a temporary standstill. Fortunately, safety and emergency services remained in operation based on reported contingency plans. But other functions, such as permit issuance and prisoner visitations, were postponed, delayed or otherwise limited.

This is a great example of how an attack on one specific entity — a county government in this case — can have wide-ranging effects for people who don’t even work for the entity or make specific use of it all the time. Such attacks can have devastating ripple effects, and those effects were reportedly felt for weeks in Bernalillo County given how many systems were offline.

Ransomware remains a growing problem, and it’s critical that any organization — government or private sector — strengthen their defenses against this crippling type of attack by keeping operating systems updated, securing their networks and teaching employees about the dangers of phishing.

4. Baptist Medical Center

When: April 2022
Number Affected: Estimated over 1 million

A lot of sensitive personal data is stored with health care services, and plenty of bad actors will want in. Someone did just that to Baptist Health System in Texas, where a data breach likely caused by malicious code compromised such data as patient names and dates of birth, social security numbers, health insurance information, medical records and other personal information.

If anyone who isn’t authorized to access this information gets ahold of it, there’s an incalculable amount of damage that can be done. Identity theft is a high possibility, and someone can upload personal data to the Dark Web for other malicious actors to take advantage of. Plus, sensitive medical information could be used against someone in any number of ways, including mimicking someone that individuals know, like their boss or friend, to try to trick them.

Organizations must reevaluate their cybersecurity defenses and implement strong encryption and security techniques to protect themselves and those they serve from accessing private data.

3. Shields Health Care Group

When: March 2022
Number Affected: 2 million

New England-area Shields Health Care Group saw 50 of its facilities targeted by an individual who gained unauthorized access to the personal identification information of about two million people. Not much was known or released about the methods the malicious actor used to gain access, but names, Social Security numbers, home addresses, insurance information, medical treatment and more were all compromised.

Like the Baptist Health incident, this is another example of the importance for an organization that is entrusted with such highly sensitive information to spare no expense at protecting and securing that data. When a cyberattack like this happens, it isn’t just the organization that could suffer; those who depend on it are put at risk of identity theft and other subsequent attacks themselves.


Further Reading: The 5 Best Cybersecurity Risk Assessment Tools


2. Cash App Investing

When: Reported in April 2022, occurred in December 2021
Number Affected: 8 million

A former employee was blamed for accessing Cash App Investing customers’ data when they downloaded it without permission. Full names, brokerage account numbers and portfolio values were among the compromised data.

Fortunately, the company seemed quite aware of who and how the data was accessed, but this incident emphasizes the importance of ensuring only those who are presently authorized to access company systems can do so. Once employees leave a company, regardless of the reason, all of their access to any company property, data or other assets must be revoked.

One way to help ensure only authorized users can access company data is to implement multi-factor authentication, which is especially important for remote workers.

1. Costa Rican Government

When: April/May 2022
Number Affected: Entire country

One of the biggest ransomware attacks in history saw the Costa Rican government stopped in their tracks and disrupted for months. A group of hackers used ransomware to bring down the Ministry of Finance, which cost the country millions of dollars in importing and exporting. Later, the Costa Rican Social Security Fund was targeted to completely disrupt the country’s health care system.

So massive was the attack that it was declared a national emergency. This is a unique cyberattack since it was reportedly carried out by an international hacking group wanted by law enforcement agencies across the globe, but it stands as an example of just how far-reaching — and costly — cyberattacks can be.

Preparing for Potential Cyberattacks

With each cyberattack, the importance of timely upgrades and security patches becomes more evident. Continued vigilance by employees and training to help them recognize potential phishing scams, ransomware attacks, cybercriminal tactics and security best practices can help mitigate the risks significantly.

How prepared is your organization for a cyberattack? Do you have backup systems ready in case your primary systems experience unexpected downtime from an attack? Are your employees educated on how to recognize phishing emails? We’ve created a tool to help you see how you’re doing with cybersecurity. Please click the link below to access our free Cybersecurity Risk Assessment. Just answer some important questions and you’ll be sent your score as well as possible next steps in boosting your defenses.

Sensitive data at risk

Subscribe by Email