Recent Cyber Security Breaches: Toshiba, City of Tulsa and More

As a managed IT service provider it is important to us to make sure to stay in know about the latest cyber security breaches. Every few weeks we like to share our findings with you here on our blog. Please take a peek below to learn more about some of the most recent cyber security attacks here and around the world.

Toshiba (Japan)

Electronics Manufacturer

The Hack: Ransomware

Quick Summary: “European units of Japanese tech giant Toshiba are investigating a security incident in which scammers may have used a similar hacking tool to the malware used against IT systems at Colonial Pipeline. The company announced that it had been forced to disconnect network connections between Japan and Europe to stop the spread of ransomware. The attack is believed to have been perpetrated by the DarkSide ransomware gang. Toshiba Tec Group, a unit of the multinational conglomerate which makes printers and other technologies, said the firm had not yet confirmed that customer related information was leaked externally. The incident is under investigation and the company says that it has not paid any ransom.” -ID Agent

City of Tulsa (United States)

Municipality

The Hack: Hacking

Quick Summary: “The city of Tulsa, Oklahoma, has been hit by a ransomware attack that affected the city government’s network and brought down official websites. The attack, which took place on the night between Friday and Saturday, is under investigation and city IT crews have begun restoring functionality and data from backups. This follows a string of ransomware attacks on other US municipalities in recent weeks. City officials were careful to note that no customer information has been compromised, but residents will see delays in-network services. While emergency response is not hampered, 311, some credit card payment systems and the city’s new online utility billing system were impacted.
City of Tulsa hit by ransomware over the weekend.” -ID Agent

Swiss Cloud (Switzerland)

Cloud Hosting Provider

The Hack: Ransomware

Quick Summary: “Cloud hosting provider Swiss Cloud was hit by a ransomware attack that brought down the company’s server infrastructure. The company is currently working to restore operations from its backups with the help of experts from HPE and Microsoft. The impacted servers are expected to be restored by next week. The disruption has impacted server availability for more than 6,500 customers.” -ID Agent

Illinois Office of the Attorney General (United States)

State Government Agency

The Hack: Ransomware

Quick Summary: “The DopplePaymer ransomware gang has leaked a large collection of files from the Illinois Office of the Attorney General after the agency declined to pay the ransom that they gang demaded. The cybercrimnals released information from court cases orchestrated by the Illinois OAG, including some private documents that do not appear in public records. The data also contains personally identifiable information about state prisoners, notes of their grievances, and case information.” -ID Agent

The Resort Municipality of Whistler (Canada)

Municipal Government

The Hack: Ransomware

Quick Summary: “The Resort Municipality of Whistler (RMOW) has temporarily suspended all online and some in-person services in the wake of a ransomware attack purprtedly carried out by an unamed new ransomware gang. The group leaked some data on it’s unfinshed dark web site and claims to have stolen 800 GB of data. RMOW states that they are currently working with cybersecurity experts and the Royal Canadian Mounted Police (RCMP) to investigate further.” -ID Agent

CaptureRX (United States)

Medical Software Company

The Hack: Ransomware

Quick Summary: “Texas-based CaptureRx, fell victim to a ransomware attack in which cybercriminals snatched files containing the personal health information (PHI) of more than 24,000 individuals. The security breach impacted 17,655 patients of Faxton St. Luke’s Healthcare and a further 6,777 patients at Gifford Health Care as well as an indeterminate number of Thrifty Drug Store patients. CaptureRx is currently unclear how many of its healthcare provider clients have been affected by the attack. Nor has the company finished its final tally of how many individuals had their PHI exposed because of the incident.” -ID Agent

*****

To learn more about how to keep your company safe and secure from cyber security attacks, click here  to explore our San Diego IT Services & IT Security plans that are offered by SDTEK.

June 17, 2025
Meeting IT security compliance standards is crucial for businesses that handle sensitive data, particularly in industries such as healthcare, finance, defense, and e-commerce. Regulatory frameworks such as HIPAA, CMMC, PCI-DSS, and GDPR exist to help ensure businesses protect customer information and maintain robust cybersecurity practices. Unfortunately, many organizations fall short of these requirements, often due to common, avoidable mistakes. These gaps can result in costly fines, data breaches, and reputational damage, which can significantly impact the business's bottom line and customer trust. 1. Failing to Conduct Regular Risk Assessments The Pitfall: Many businesses overlook the importance of conducting routine risk assessments. Without these, it’s challenging to identify vulnerabilities or evaluate whether your current cybersecurity controls meet compliance standards. How to Avoid It: Implement a regular risk assessment schedule. Work with a qualified IT provider to evaluate your systems, identify weaknesses, and document remediation plans. These assessments should be performed at least annually, or whenever significant changes to the system occur. 2. Inadequate Employee Training The Pitfall: Your employees are your first line of defense—and often your most significant vulnerability. A common compliance issue arises when businesses fail to train staff on cybersecurity best practices or on handling sensitive data appropriately. How to Avoid It: Invest in ongoing cybersecurity awareness training. Ensure employees understand how to recognize phishing emails, create strong passwords, and report any suspicious activity. Training should be updated regularly to reflect current threats and compliance requirements. 3. Improper Data Handling and Storage The Pitfall: Storing sensitive data in unsecured locations, failing to encrypt information, or retaining data longer than necessary are significant compliance risks. These practices are often flagged during audits. How to Avoid It: Adopt data classification policies that define how different types of data should be handled; encrypt sensitive data both at rest and in transit. Establish clear data retention policies and ensure that obsolete data is disposed of securely. 4. Lack of Incident Response Planning The Pitfall: When a security incident occurs, time is of the essence. Many businesses lack a documented incident response plan, or their existing plan hasn’t been thoroughly tested. This can lead to delayed responses, increased damage, and regulatory penalties. How to Avoid It: Develop a formal incident response plan that includes roles, responsibilities, communication protocols, and steps for containment and recovery. Run simulated breach scenarios with your IT team to ensure everyone knows how to respond effectively. 5. Using Outdated Software or Systems The Pitfall: Running outdated operating systems, software, or firmware is a common issue that can lead to compliance failures. Unsupported technologies are more vulnerable to exploitation. How to Avoid It: Keep all systems and applications up to date with the latest patches. Use automated tools to track software versions and receive alerts about end-of-life technologies. Schedule regular maintenance windows to apply updates and upgrades. 6. Insufficient Access Controls The Pitfall: Allowing too many employees access to sensitive data—or failing to revoke access when it’s no longer needed—can lead to data breaches and non-compliance. How to Avoid It: Implement role-based access controls and follow the principle of least privilege. This principle means that each user should have the minimum level of access necessary to perform their job. Regularly audit user accounts and permissions to ensure access is current and appropriate. Use multi-factor authentication (MFA) to add an additional layer of protection. 7. Neglecting Third-Party Vendor Risks The Pitfall: Businesses often overlook the fact that their compliance responsibilities extend to third-party vendors. If a vendor mishandles your data, you could still be held accountable. How to Avoid It: Vet third-party vendors carefully. Ensure they meet the same compliance standards as your business and include security requirements in your contracts. Conduct periodic audits or request compliance certifications from your vendors. 8. Failing to Document Policies and Procedures The Pitfall: Even if your security practices are strong, failing to document your compliance policies can result in audit failures. Regulators want to see evidence that you have formal processes in place. How to Avoid It: Create and maintain clear documentation for all compliance-related policies, including data protection, access control, incident response, and employee training. Make these documents easily accessible for audits and regularly review them to ensure updates are current. Conclusion Compliance with IT security standards is not a one-time project—it requires ongoing attention, regular updates, and a proactive approach to maintain effectiveness. By understanding and addressing these common pitfalls, your business can stay ahead of regulatory requirements, strengthen its security posture, and reduce the risk of costly incidents. This ongoing attention is crucial to maintaining your business's security and audit readiness. If you’re unsure whether your business is meeting current IT compliance standards, professional support can help. Contact SDTEK today to schedule a compliance assessment and learn how our IT services can keep your business secure and audit-ready. With our support, you can navigate the complex landscape of IT security compliance with confidence.
April 9, 2025
In today’s digital-first world, cybersecurity isn’t just a luxury—it’s a necessity. Whether you run a small startup or a growing enterprise in Fort Wayne , protecting your business’s data, systems, and clients is essential for long-term success. From ransomware attacks to phishing scams, cyber threats are evolving every day, and the best way to stay ahead of them is by partnering with a reliable IT services provider that understands the unique needs of local businesses. Here’s why investing in professional business IT support is one of the smartest decisions Fort Wayne businesses can make—and how working with SDTEK helps protect your operations, your data, and your reputation.