Omnicell Suffers Ransomware Attack, Impact To Internal Systems

By   ISBuzz Team
Writer , Information Security Buzz | May 19, 2022 06:59 am PST

It has been reported that multinational company Omnicell recently confirmed that it had experienced a data breach following a reported ransomware attack, impacting internal systems. The company, headquartered in Mountain View, California, USA, learned of the ransomware attack, which it disclosed on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission. More details are likely to be disclosed in the coming weeks.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
May 19, 2022 2:59 pm

At this point we don\’t know for sure exactly what information was exposed or what systems were impacted by the ransomware attack. Omnicell needs to contact possibly impacted companies and individuals about any possible exposure. Possibly affected parties are advised to change their passwords, make sure that no passwords are being reused on other sites, and to keep an eye on their overall credit and information security situation.

Last edited 1 year ago by Chris Hauk
Etay Maor
Etay Maor , Director of Security Strategy
InfoSec Expert
May 19, 2022 2:59 pm

While details are still unclear, the filing suggests the importance of network-based and network-aware protections. Patching internal systems has long been the Achilles heel of IT and it only becomes worse as more devices are connected to the network. With network-based protections, network-connected devices are protected, regardless of their patched state. And when those protections are analyzing the underlying networking traffic patterns, the network symptoms indicative of ransomware can be detected before ransomware can impact the organization.

In addition it also highlights the weakness of security point solutions. Many enterprises today have multiple security products addressing specific threats, however, a breach points to a systematic failure of all point solutions (alerts were missed, movement was not stopped, exfiltration and encryption were not detected etc). Enterprises have to approach security holistically and not try to patch holes in their security posture using a single point solution.

Last edited 1 year ago by Etay Maor

Recent Posts

Would love your thoughts, please comment.x