On the brink of a massive nationwide effort to distribute long-awaited and much-needed COVID-19 vaccines, Americold — a company that specializes in providing cold storage and transportation — disclosed that it has been hit by a “cybersecurity incident.”
What does Americold do?
Today, Americold has over 185 locations and manages over 1 billion cubic feet of storage worldwide. The company is a key part of the supply chain connecting food producers, processors, distributors, and retailers to consumers.
In 2020, Americold’s infrastructure and expertise became urgently needed as COVID-19 vaccines were being developed. These vaccines need to be kept cold all the way from manufacturing to patient delivery. Pfizer’s vaccine candidate needs to be kept below minus 94 degrees Fahrenheit (or minus 70 degrees Celsius), while Moderna’s drug needs to be kept below minus 4 degrees Fahrenheit (0r minus 20 degrees Celsius).
The cold chain pharmaceutical logistics market was already seen as a growth industry before the pandemic. Now, Americold and its competitors are rushing to expand. In August, the company acquired three facilities in Florida and Texas for $107 million in cash.
In a November 16, 2020 filing with the Securities & Exchange Commission (SEC), Americold provided a brief disclosure:
Americold Realty Trust determined that its computer network was affected by a cybersecurity incident. As a precautionary measure, the Company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations. The Company has notified and is working closely with law enforcement, cybersecurity experts and legal counsel.
The company provided no further details about the “cybersecurity incident,” such as the method or target of the attack or what systems and information were affected.
However, Bleeping Computer reported that it was a ransomware attack that impacted numerous Americold systems, including phone, email, order fulfillment, and inventory management.
Several media outlets noted a Twitter post from a truck driver stuck waiting at an Americold facility because “their systems are down.”
At a Americold and their systems are down. They are unable to assign me to a door. Well let the waiting begin. pic.twitter.com/Ehkhzil42E
— What's your 20 (@Wyr20pod) November 16, 2020
“Security, in all its forms, remains a top priority at Americold, and the Company will continue to seek to take all appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information,” Americold said in its filing.
How do I avoid ransomware attacks?
With ransomware, hackers hold your data hostage until you pay a ransom payment to release it — and there’s no guarantee the data will ever be restored or will not be sold or released. Ransomware attacks have surged this summer, including many on healthcare systems.
Because ransomware is indiscriminate in the data it affects, they should be treated as data breaches. According to the U.S. Department of Health and Human Services (HHS), that means a potential HIPAA violation for covered entities.
On the technical side, Paubox Email Suite Plus allows users to send HIPAA compliant email and provides multilayered protection for the most common vector for malware attacks, including inbound email security.