Website Preloader

The ProcessBolt Platform


ProcessBolt AI

AI-assisted vendor risk management, and real-time threat monitoring platform. 



Attack surface management and security rating solution.



Document intelligence and analytics.


Share Center

Secure and timebound document sharing for the enterprise.


Assessment & RFP Response Solution

Answer questionnaires using Knowledge Base and documents with AI assistance.

The Worst, Largest, and Most Dangerous Cyber Attacks of 2022

December 13, 2022

Here’s a staggering statistic: Cybercriminals can penetrate 93% of company networks. A pentesting study, conducted by Positive Technologies on various industries including financial, energy, government, IT and other sectors, found it takes just two days on average for a hacker to penetrate a company’s internal network. Once inside, data is stolen, systems are locked down, and, in the case of a ransomware attack, millions are requested in order to get the data back.

As technologies advance, and cybercriminals become more sophisticated, cybercrimes are rising to a near epidemic level, forcing security executives to dramatically increase security budgets and staff. Still, most infosec teams admit they are unprepared for the onslaught of cybercrimes predicted in the future.

For now, let’s take a look back on 2022. From Russia’s invasion of Ukraine to the aftermath of the pandemic, the threat landscape has grown, both in number of attacks and cost. In 2022, data breaches cost an average of $4.35 million—up from $4.24 million in 2021.

Here’s some of the more notable breaches from this year.

Third-Party and Fourth-Party Breaches

It is essential that vendor risk management be a critical component of every company’s security posture. Over 60% of security breaches are caused by third- and fourth-party vendors. Allowing third- and fourth-party vendors access to an organization’s environment is a must to keep business running smoothly.  However, when there is a lack of security measures in place, hackers can easily infiltrate these external partners, which can grant them backdoor access into the organization’s systems. This is why it is important to not only monitor one’s security risks, but also their vendor’s risks. Here’s a few third- and fourth-party breaches from 2022 that may have been avoided with the right vendor risk management platform:


Date: February 2022

Impact: When Toyota’s third-party plastic supplier, Kojima, experienced a data breach, the auto manufacturer was forced to shut down all operations in Japan. Since Kojima had access to Toyota’s manufacturing plants, pausing production at the plant was necessary to protect their data.  Unfortunately, the damage had been done, causing Toyota to lose approximately 13,000 cars of output.


Date: March 2022

Impact: When Quantum Group was attacked, exposing HighMark’s sensitive patient data, this healthcare company had to scramble to secure patient information. An example of a fourth-party attack, this breach resulted from Quantum Group receiving customer data from Webb Mason, HighMark’s marketing vendor.

Seattle Children’s Hospital

Date: June 2022

Impact: When third-party printing vendor Kaye-Smith suffered a ransomware attack, exposing the health information of 6,750 patients, Seattle Children’s had to inform a subset of its patients that their names, addresses, provider names, medical record numbers, visits, lab information and more had been compromised.



As attack methods evolve, ransomware is quickly becoming the worst type of security breach. In years past, hackers would encrypt stolen data and demand a fee for the decryption key. Now entire communication networks and even small devices are being hijack.  This type of attack can be devasting to all types of businesses and could even  turn life-threatening to individuals involved.

Bernalillo County, New Mexico

Date: January 2022

Impact:  Computer systems and websites in the government offices were taken offline during a ransomware attack. A network shutdown of the Metropolitan Detention Center put prisoners in lockdown when security cameras and data systems were affected, and the automatic doors went offline.

Costa Rican Government

Date: April 2022

Impact: The country declared a national emergency when the ransomware attack impacted government services and the private sector engaged in import/export. Hackers demanded $10 million and later increased it to $20 million.

CommonSpirit Health

Date: October 2022

Impact: When the nation’s second-largest nonprofit hospital chain fell victim to a ransomware attack, appointments and surgeries were canceled at CommonSpirit hospitals across the country after more than a week of IT outages. When the attack was discovered, CommonSpirit was forced to take certain systems offline.

Data Breaches

Yahoo’s data breach of 2013 is well known as one of the largest (if not the largest) data breach with more than three billion customer accounts leaked. Luckily, the stolen data did not include bank information or passwords.

Here’s a few data breaches worth mentioning from 2022:

SuperVPN, GeckoVPN, and ChatVPN

Date: May 2022

Impact: When these three Android VPNs were hacked, user credentials and device data were stolen from 21 million users and posted on a Telegram group, where it could be downloaded by anyone. This sensitive data included name, email, passwords, payment information and more.


Date: July 2022

Impact: Personal information (name, email, password, gender, and more) of 69 million users and 460 MB of source code was stolen from Neopets’ database. The hackers attempted to sell the data for bitcoin.

Los Angeles Unified School District

Date: September 2022

Impact: Half a terabyte of data was stolen from the Los Angeles Unified School District by the Russia-linked hacking group, Vice Society, and dumped on the dark web.

Get Ready for 2023

What cybersecurity challenges will the world face next year? The unpredictable political climate combined with supply chain issues can wreak havoc on businesses, and open doors for cybercriminals. It’s only a matter of time before most businesses suffer some type of breach. The key question to ask yourself is: How can my organization minimize the likelihood of a breach?

No longer can businesses ignore this threat or assume they are too small or insignificant to warrant a data breach. Budgets must be revamped, and dollars need to be carved out for two necessary components of any business’s security program: vendor risk management software and attack surface management software.

If you’d like to see exactly how a hacker views the gaps in your environment, fill out the below form to schedule a demo of ThreatScape—ProcessBolt’s attack surface management software, part of the ProcessBolt vendor risk management platform. After the demo, you’ll receive ThreatScape free for one month.

Please enable JavaScript in your browser to complete this form.
Please enter your business email address.

You May Also Like…