Fraud Management & Cybercrime , Governance & Risk Management

Cold Storage Firm Reports Cybersecurity Incident

Company Reportedly In Talks to Help With COVID-19 Vaccines
Cold Storage Firm Reports Cybersecurity Incident

A cold storage firm that was reportedly in talks to help in the effort to distribute COVID-19 vaccines filed a Securities and Exchange Commission document on Monday saying that it's dealing with a cybersecurity incident that affected its network.

See Also: Unintended Risks Downloaded into Development

Atlanta-based Americold Realty Trust says in its SEC 8K filing: “As a precautionary measure, the company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations.”

Americold says it has notified law enforcement officials, cybersecurity experts and legal counsel.

“Security, in all its forms, remains a top priority at Americold, and the company will continue to seek to take all appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information,” the filing notes.

Ransomware Involved?

News site BleepingComputer reports that the incident is believed to have involved ransomware.

Americold declined to comment further about the incident.

In October, logistics trade news site Air CargoWorld reported that Americold was in talks to partner with Chicago Rockford Airport for temperature-controlled storage used in the distribution of COVID-19 vaccines.

A source familiar with the situation tells ISMG that Americold’s niche is providing cold storage for food at up to minus 20 degrees Fahrenheit and that providing storage for COVID-19 vaccines that might require much colder temperatures was likely a longshot.

Other Attacks

The cybersecurity incident affecting Americold comes as organizations involved with COVID-19 response - including hospitals caring for coronavirus patients, makers of personal protective gear and related equipment, and vaccine and treatment developers - have suffered ransomware and other attacks.

In recent months, government agencies in the U.S. and other countries have issued warnings about such attacks (see: U.S. Hospitals Warned of Fresh Wave of Ransomware Attacks).

In August, Boyce Technologies Inc., a New York-based manufacturer of transit communication systems that pivoted to building ventilators during the COVID-19 pandemic, was reportedly a victim of the DoppelPaymer ransomware gang (see Ransomware Reportedly Hits Ventilator Maker).

Last month, Philadelphia-based eResearchTechnology, which provides clinical trial oversight software to drug makers and testing firms, confirmed that it was recently hit by a variant of the Ryuk ransomware (see Ransomware Attack Hits Clinical Trial Software Vendor).

Growing Target

Vishwas Gadgil, director of pharmaceutical maker Merck's IT risk management and security organization, says the healthcare sector’s supply chain is facing a number of escalating threats as it deals with the COVID-19 pandemic.

“The suppliers of the big companies that are into COVID-19 research are not always capable of handling cybersecurity threats the way the large organizations can,” he noted in a recent ISMG interview. “The fear is that mass scale and successful attack on this drug supply chain can impact and delay the pandemic’s effects far beyond health and economic impact.”

Attacks such as the one on Americold demonstrate the potential of these incidents to cause disruption within the supply chain, says Brett Callow, a threat analyst at security vendor Emisoft.

“The advice to healthcare supply chain companies is the same as the advice to every other company: Ensure best practices are adhered to. That means using multifactor authentication everywhere that it can be used, disabling PowerShell when not needed, limiting admin rights, segmenting networks and patching promptly.”

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.