PHI of 10,500 Patients Found in Illinois Basement
Oct16

PHI of 10,500 Patients Found in Illinois Basement

The medical history of more than 10,000 patients have been discovered in a basement in Aurora, Illinois. The documentation was located at the house, rented from Naperville-based psychiatrist Dr. Riaz Baber, M.D., by the woman who rented it. The files had been stored in the basement for at least 4 years. The female tenant, Barbara Jarvis-Neavins, claims that she was given access to the basement by the psychiatrist’s wife when workmen had carry out some work at the house. She says she was advised that she must be in the presence of the workers when they were in the basement. Ms. Jarvis-Neavins said she felt that she should report the fact that the files were stored in the basement ,which she could access, to the relevant authorities. However she feared that by doing so would lead to her...

Read More
51,000 Plan Subscribers Hit by Network Health Phishing Attack
Oct12

51,000 Plan Subscribers Hit by Network Health Phishing Attack

Network Health has advised 51,232 of its plan subscribers that some of their protected health information (PHI) has possibly been accessed by unauthorized people. In August 2017, some Network Health Wisconsin-based employees received sophisticated phishing emails. Two of those staff members responded to the scam email and divulged their login credentials to the attackers, who used the details to gain access to their private email accounts. The compromised email accounts stored a range of sensitive information including names, phone numbers, addresses, dates of birth, ID numbers, and provider data. No financial data or Social Security numbers were included in the compromised accounts, although certain peoples’ health insurance claim numbers and claim details were potentially accessed. The...

Read More
Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization
Oct06

Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization

After a seemingly prolonged period of inactivity, the hacking group TheDarkOverlord has revealed another attack on a U.S. healthcare supplier, Mass-based SMART Physical Therapy (SMART PT). The hack reportedly happened on September 13, 2017, with the announcement of the data theft released by TDO on Twitter on Friday 22, 2017.  No details were given as to how access to the data was gained, although it was revealed to databreaches.net that the attack took advantage of the use of fragile passwords. The entire database of patients was reportedly obtained. Databreaches.net was provided with the patient database and has was able to  confirm that the attack was genuine. The database held a wide range of data on 16,428 patients, including contact information, dates of birth and Social Security...

Read More
128,000 Arkansas Patients Attacked by Ransomware
Oct05

128,000 Arkansas Patients Attacked by Ransomware

128,000 patients at the Arkansas Oral Facial Surgery Center in Fayetteville have had their private information potentially impacted following a a ransomware. Ransomware was believed to have been placed on its network between July 25 and 26, 2017. The attack was identified quickly, although not before files, x-ray images, and documents had been encrypted. The incident did not break through the encryption of its patient database, except for a ‘relatively limited’ set of patients who data related to their recent visits encrypted. Those patients had visited the center for medical services in the three weeks before to the ransomware attack. The ransomware attack is still under review, although to date, no proof of data theft has been located. Arkansas Oral Facial Surgery Center believes the...

Read More
Medical Records Illegally Acccessed at PeaceHealth Over Six-Year Period
Oct04

Medical Records Illegally Acccessed at PeaceHealth Over Six-Year Period

It has been discovered that the medical records of almost 2,000 patients was illegally accessed by a former employee at PeaceHealth, a not-for-profit Catholic health system based in Vancouver, WA.   The unauthorized access was identified by PeaceHealth on August 9, 2017, leading tyo an investigation. PeaceHealth found the inappropriate access started in November 2011 and went on until July 2017. The inquiry revealed that Social Security numbers and financial information were not obtained by the employee, although patient names, medical record numbers, admission and discharge dates, medical diagnoses, and progress notes were all seen. Due to the nature of information that was accessed, and the results of the internal inquiry, PeaceHealth does feel any patients impacted by the breach...

Read More
1,140 Patients Have Private Data Violated at Our Lady of the Angels Hospital
Oct03

1,140 Patients Have Private Data Violated at Our Lady of the Angels Hospital

An investigation has show that a former member of staff obtained the medical records of 1,140 patients without authorization at Our Lady of the Angels Hospital. The former staff member had been granted access to the protected health information in order to conduct work duties; however, hospital staff found that the employee was accessing medical records without any acceptable work reason for doing so. The unauthorized access was found on July 25, 2017, and the employee’s access to the medical record system was immediately deactivated.  The employee was also fired. Rene Ragas, President and CEO, Our Lady of the Angels Hospital, commented, “Patient privacy is a top priority and we have a zero-tolerance policy for employees who improperly access patient data.” A compete investigation was...

Read More
Mercy Health Love County Hospital Breach Might have Exposed Records of 13,000 Patients
Oct02

Mercy Health Love County Hospital Breach Might have Exposed Records of 13,000 Patients

The personal data of more than 13,000 patients at Mercy Health Love County Hospital in Oklahoma may have been breached. On June 23, 2017, the hospital found that an employee had stolen a laptop computer and paper records from a storage unit which was owned by the hospital. The breach notice broadcast by Mercy Health revealed that the records of 10 patients were taken from the device along with the laptop. The theft of PHI was first investigated by the Love County Sheriff’s Office. That  showed the former member of staff had used the stolen data to fraudulently obtain credit cards in the patients’ names. A second person is also understood to have been involved. Mercy Health had up to 60 days to make patients aware of the breach under HIPAA Rules. However, all ten patients were notified...

Read More
3,725 Veterans Have Their PHI Exposed Due to Missing Laptop
Sep26

3,725 Veterans Have Their PHI Exposed Due to Missing Laptop

A laptop computer, no longer in use, owned by the Mann-Grandstaff VA Medical Center (MGVAMC) in Spokane, WA, has gone missing, potentially leading to the exposure of sensitive patient data. The laptop was linked to a hematology analyzer and held data related to hematology tests. The laptop was in operation between April 2013 and May 2016, but was put out of use when the device became unusable. The laptop, which had been purchased from a vendor, was replaced; however, an equipment inventory showed the device to be missing. The device should have been returned to the vendor it was purchased from, although the vendor has no record of the laptop ever being recalled from MGVAMC. An inventory of equipment at the MGVAMC lab found the device was missing. A complete search of the medical center...

Read More
Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified
Sep26

Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified

The HHS’ Office of Inspector General (OIG) has completed an audit of Alabama’s Medicaid data and information systems to adetermine whether the state was in compliance with federal regulations. The review included the Medicaid Management Information System (MMIS) and associated policies and processes. OIG also carried out a vulnerability scan on networked devices, databases, websites, and servers to identify vulnerabilities that could potentially be exploited to gain access to systems and sensitive information. The audit showed Alabama’s MMIS had multiple weaknesses that could possibly be exploited by hackers to gain access to its systems and Medicaid data. Alabama had implemented a security program for its MMIS, although several weaknesses had been allowed to continue. OIG stated in its...

Read More

Hurricane Maria Disaster Zone: Partial HIPAA Privacy Rule Waiver Issued by HHS

A third HIPAA waiver has been issued by the U.S. Department of Health and Human Services, following applying two earlier partial waivers of HIPAA sanctions and penalties in areas affected by hurricanes previously in 2017. On this occasion the waiver is in relation to the Hurricane Maria disaster zone in Puerto Rico and the U.S. Virgin Islands. As with the waivers issued in relation to Hurricane Harvey and Hurricane Irma, the waiver only applies to covered bodies in areas where a public health emergency has been declared, only for 72 hours following the implementation of the hospital’s disaster procedures, and only for specific provisions of the HIPAA Privacy Rule: The requirements to receive a patient’s agreement to speak with family members or friends involved in the patient’s...

Read More
Consolidated Inc. Data Breach Impacts 21,856 People
Sep23

Consolidated Inc. Data Breach Impacts 21,856 People

Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and found an unfamiliar account on the server. Closer inspection of that account showed it was being used to download sensitive data from the server, including the protected health information of patients that used its medical supplies. 21,856 people who received durable medical supplies from the group through their Medicare coverage have potentially been affected. The types of data taken by the hacker included names, addresses, dates of birth, insurance details, and Social Security numbers. While personal information was breached, the hacker was not able to obtain details of any medical conditions suffered by patients, nor details...

Read More
Data Breaches Drop For Second Consecutive Month
Sep22

Data Breaches Drop For Second Consecutive Month

The latest report of the Breach Barometer from Protenus/Databreaches.net Healthcare shows that data violations have dropped for the second consecutive month, according to . In August, there were 33 reported healthcare data violations, down from 36 incidents in July and 56 in June. While the drop int he number of data breaches is encouraging, that is still more than one healthcare data breach per day. While it was the second best month of the year so for in terms of the number of reported incidents, it was the third worst in terms of the number of individuals impacted. 575,142 people were impacted by healthcare data breaches in July, with the figure rising to 673,934 individuals in August. That figure will rise even more as two incidents were not included in that total since it is not yet...

Read More
Equifax Announces Second Data Breach Occurred Five Months Ago
Sep19

Equifax Announces Second Data Breach Occurred Five Months Ago

The Equifax data breach that exposed the records of 143 million consumers was not the only data breach the firm experienced this year. Equifax has said a second, earlier breach was discovered in March. A statement released by the credit monitoring agency says the two attacks were unrelated; however, Bloomberg suggests one person close to the investigation suggested both attacks were performed by the same individuals. It may be that the attacks were performed by different groups with different goals, including using Equifax to gain access to the systems of partner organizations such as banks and other financial institutions. When the first breach was discovered, cybersecurity firm Mandiant was called in to assist with the investigation. It would appear that Equifax felt the first breach...

Read More
Piriform Alerts Users That CCleaner Contained Malware
Sep19

Piriform Alerts Users That CCleaner Contained Malware

Piriform’s CCleaner, a free PC cleaning app with 130 million users around the world, has been discovered to contain malware. Researchers at Cisco Talos recently announced that CCleaner contains a backdoor that was inserted by hackers. The backdoor was present in two versions of the application – the 32-bit version of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. The backdoor was inserted into those versions at least a month before it was discovered, giving the hackers behind the malware plenty of time to gather information on compromised computers, of which there are many. An estimated 2.27 million users have downloaded the infected version of the application, according to Avast, which purchased Piriform this summer. Initially it was thought that as many as 3% of users may have been...

Read More
Beware of Equifax Data Breach Phishing Scams
Sep14

Beware of Equifax Data Breach Phishing Scams

Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the breach, which potentially exposed their names, dates of birth, email addresses, phone numbers, home addresses, Social Security numbers and driver’s license numbers. 209,000 Americans also had their credit card numbers stolen. As is common following any data breach, victims have to be alert to the risk of identity theft and fraud. Criminals are quick to use credit...

Read More
Equifax Data Breach Affects 143 Million Consumers
Sep10

Equifax Data Breach Affects 143 Million Consumers

A massive Equifax data breach has resulted in the exposure, and possible theft, of 143 million American’s records, including highly sensitive data such as Social Security numbers.  To put that figure into perspective, that’s virtually half the population of the United States. Hackers gained access to a website database via an unpatched vulnerability in a web application. Security experts are suggesting the vulnerability was in Apache Struts and that a patch had been issued in March, two months before the attack occurred. In addition to Social Security numbers, the data exposed/stolen included names, addresses, telephone numbers, email addresses, birthdates, and in some cases, driver’s license numbers. Approximately 209,000 individuals also had their credit card numbers stolen, while...

Read More
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Sep01

Kaleida Health Suffers Second Phishing Attack in Space of 2 Months

Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers, diagnoses, treatment information, and other clinical data. Some patients Social Security numbers were also exposed. Patients affected by the phishing attack were notified of the privacy breach on August 25. Even though their information may not have been accessed or obtained, credit monitoring services have been offered out of an abundance of caution. Kaleida...

Read More
City of Hope Phishing Attack Impacts 3,400 Patients
Aug14

City of Hope Phishing Attack Impacts 3,400 Patients

A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not believe the attack was conducted in order to steal data, rather to use the email accounts for further phishing and spam campaigns. That determination was based on an analysis of the actions of the attackers once access to the accounts was gained. However, while data theft was not believed to be the primary goal, it remains a possibility. The investigation...

Read More
2,789 Patients’ PHI Compromised in Phishing Attack
Aug02

2,789 Patients’ PHI Compromised in Phishing Attack

Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one email account. That account contained patients’ names, medical record numbers, diagnoses, dates of birth, treatment information, and other clinical data. The investigation did not confirm that ePHI had been accessed, although the possibility of a PHI compromise could not be ruled out. Patients have now been notified of the incident by mail in accordance with...

Read More
Anthem Inc Announces 18,580 Record Data Breach
Jul31

Anthem Inc Announces 18,580 Record Data Breach

Anthem Inc., has recently settled a class-action lawsuit filed by the victims of its 2015 data breach that saw 78.8 million health insurance records stolen by hackers. The insurer settled the case for $118 million. A month after the settlement was announced, the company has confirmed its plan members have been affected by another data breach. This time the insurance records of 18,580 individuals have been exposed. The breach occurred at one of Anthem’s business associates – LaunchPoint Ventures. LaunchPoint Ventures is contracted to provide coordination services to Anthem, which involves being provided with a limited amount of personal information of plan holders. Some of that information was accessed by a former employee of the firm and was emailed to a personal email account....

Read More
ITRC Report Shows Hacking Continues to be the Main Cause of Data Breaches
Jul21

ITRC Report Shows Hacking Continues to be the Main Cause of Data Breaches

The main cause of data breaches in the United States is still hacking according to a new report released by the Identity Theft Resource Center (ITRC). The report also shows that in the year to June 30, 2017, U.S data breaches have hit a record high, with 791 confirmed data breaches reported. The data breach count has increased by 29% since the report was issued last year, with ITRC expecting the data breaches to reach 1,500 by the end of the year. That would represent a 37% increase from 2016, which was also a record-breaking year with 1,093 data breaches reported. While the reporting of data breaches is improving, a record number of organizations have withheld details of the extent of the breaches. ITRC reports that 67% of breach reports and public notices did not detail the number of...

Read More
Ransomware Investigation Uncovered 15-Month Data Breach
Jul20

Ransomware Investigation Uncovered 15-Month Data Breach

When Peachtree Neurological Clinic was attacked with ransomware all was not lost as data were recoverable from backups; however, the ransomware investigation revealed something far worse. Its systems had been breached 15 months previously. The ransomware incident resulted in the encryption of the provider’s electronic medical records. A ransom demand was issued. Payment was required in exchange for the keys to unlock the encryption. Since Peachtree Neurological Clinic had a backup up its data, it was not necessary to pay the ransom. The encrypted files could be restored. A forensic investigation was conducted to determine whether all traces of the ransomware had been removed. Peachtree Neurological Clinic conducted various scans of its system to determine whether the ransomware had been...

Read More
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
Jun15

Southern Oregon University Phishing Attack Results in Theft of $1.9 Million

A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise or BEC. It involves a criminal impersonating a legitimate organization and fooling an employee into making a bank transfer to the criminals’ account. BEC attacks often result in transfers of hundreds of thousands of dollars being made. Those funds can rarely be recovered. By the time the scam is uncovered, the money has been withdrawn from the criminals’...

Read More
Patient Portal Security Flaw Exposed Data of Molina Healthcare Patients
May31

Patient Portal Security Flaw Exposed Data of Molina Healthcare Patients

A patient portal security flaw has resulted in the exposure of patient claims information. Claims information had been uploaded to the patient portal of the Long Beach, California-based managed care company Molina Healthcare; however, the information was accessible without any authentication checks. Patients who had been sent a link to their claims could click those links without any checks being performed to ensure they were the intended recipients of the links. Any individual with access to the link could access patients’ claims information. Further, the system used to number claims meant that if a digit in the URL was changed, it was possible to view the claims information of other patients. For example, if the claim number was 1234567, changing the claim number to 1234560 would bring...

Read More
Children’s Mercy Hospital Alerts 5,500 Patients to a Potential PHI Breach
May31

Children’s Mercy Hospital Alerts 5,500 Patients to a Potential PHI Breach

Children’s Mercy Hospital in Kansas City has started notifying more than 5,500 patients that some of their electronic protected health information has been exposed online. Personally identifiable information and protected health information were discovered to have been uploaded to a website set up by one of the hospital’s physicians. The website was intended to serve as an educational resource. The physician had protected the site with a password before uploading patient health information. The physician believed that the site had been appropriately secured and patient health information could not be accessed by unauthorized individuals. However, the website, which was not owned nor maintained by Children’s Mercy Hospital, violated hospital policies and did not meet the...

Read More
Healthcare Data Breach Reporting Improves; IT Security Incidents Rise
May23

Healthcare Data Breach Reporting Improves; IT Security Incidents Rise

The monthly Breach Barometer Report from Protenus shows healthcare data breach reporting is improving, data breaches are down, and there was a significant reduction in healthcare data breach victims in April, 2017. The Health Insurance Portability and Accountability Act (HIPAA) places a time limit on reporting healthcare data breaches to the HHS’ Office for Civil Rights (OCR) and sending breach notifications to patients. That time limit is 60 days from the discovery of the breach. Healthcare organizations face fines for late breach notifications, with this year seeing the first settlement with a covered entity based solely on delayed breach notifications. OCR sent a message to healthcare organizations with that settlement. Delaying breach notifications is a serious HIPAA violation and...

Read More
True Health Diagnostics Website Flaw Exposes Patient Records
May09

True Health Diagnostics Website Flaw Exposes Patient Records

The health reports of patients of the True Health Group have been exposed online and were viewable by other patients for months – most likely years – due to a True Health Diagnostics website flaw. True Health Diagnostics is a Frisco, TX-based company that offers a wide range of testing procedures for genetic and other diseases. The company operates a web portal which patients can access to view their test results. Logging into the web portal allows patients to access PDF files containing their personal information and testing data. However, logging into the site did not only allow patients to view their own records, but also those of other patients. The PDF file names had sequential numbers. Changing the PDF file name in the URL would easily allow patients to view other test...

Read More
Suspected Ransomware Attack Impacts Erie County Medical Center Patients
Apr12

Suspected Ransomware Attack Impacts Erie County Medical Center Patients

It has been a bad month for healthcare industry ransomware attacks and malware infections. A ransomware attack on Ashland Women’s Health was confirmed this week which impacted 19,272 patients and last week an ABCD pediatrics ransomware attack impacted 55,447 patients. On Sunday, another healthcare organization discovered a ‘virus’ had arrived via email and made its way onto the network. Erie County Medical Center in Buffalo, New York was forced to shut down its computer systems to prevent the spread of the virus. So far, the incident has resulted in computer systems being offline for three days. The hospital is still without access to email and the hospital website is still out of action, although other computer systems have now been brought back online. The virus caused some disruption,...

Read More
Ashland Women’s Health Ransomware Attack Confirmed
Apr12

Ashland Women’s Health Ransomware Attack Confirmed

The ransomware attacks on healthcare providers are continuing, with one of the latest victims a small one-practitioner gynecology practice in Ashland, Kentucky. Ashland Women’s Health recently informed the Department of Health and Human Services’ that the attack had potentially resulted in patients’ protected health information being accessed by the attackers. Ransomware attacks are reportable to OCR unless a healthcare provider can demonstrate there was a low probability that ePHI was compromised. In this case, that could not be ruled out with a high degree of certainty. Potentially the ePHI of up to 19,727 patients was compromised. While Locky, CryptXXX, Cerber, and Samsa have been extensively used in targeted attacks on healthcare providers, in this case the attack involved a lesser...

Read More
Ransomware Attack on ABCD Pediatrics Impacts 55,000 Patients
Apr05

Ransomware Attack on ABCD Pediatrics Impacts 55,000 Patients

The protected health information of more than 55,000 patients has potentially been compromised in a recent ransomware attack on ABCD Pediatrics. Attackers gained access to ABCD Pediatrics’ servers and Dharma ransomware was installed, resulting in the encryption of some PHI. Dharma ransomware is a variant of CrySiS ransomware. CrySiS ransomware was one of the most popular ransomware variants in 2016, although late last year ESET released a decryptor that allowed victims to recover their files free of charge. Last month, a free decrytptor was developed for Dharma ransomware following the release of decryption keys online.  However, the ransomware attack on ABCD Pediatrics occurred on February 6, almost a month before the decryptor was released. ABCD pediatrics was able to recover from the...

Read More
Med Center Health Data Breach Impacts 160,000 Patients
Mar24

Med Center Health Data Breach Impacts 160,000 Patients

The Federal Bureau of Investigation is investigating a major Med Center Health data breach that impacts many affiliates and around 160,000 patients. The Med Center Health data breach was not the result of hackers, instead data is believed to have been stolen by a former employee. The employee is understood to have taken a wide range of sensitive data including patients’ names, addresses, insurance details, procedure codes, billing information and Social Security numbers. Medical records do not appear to have been taken. Individuals affected by the incident had previously received medical services at the organization’s medical centers in Bowling Green, Franklin and Scottsville or the Commonwealth Regional Specialty Hospital, Cal Turner Rehab or Specialty Care and Medical Center EMS. The...

Read More
Insider Healthcare Data Breaches Soar in February
Mar20

Insider Healthcare Data Breaches Soar in February

February saw a major increase in insider healthcare data breaches, according to the latest healthcare data breach report from Protenus. The February Breach Barometer report indicates there were 31 reported healthcare data breaches in February. While the figure is on a par with January, which also saw 31 healthcare data breaches reported, there was a significant rise in insider healthcare data breaches last month. Insider incidents accounted for 58% of the total number of reported breaches, twice that of the previous month. Those incidents were fairly evenly split between malicious acts and errors. Eight incidents were the result of insider wrong doing while nine incidents were logged as errors made by healthcare employees. The rise in insider healthcare data breaches is a concern....

Read More
Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted
Feb23

Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted

The largest healthcare W-2 phishing scam of the year to date has recently been reported by American Senior Communities of Indiana. While many organizations have already reported being fooled by phishing emails this tax season, this was the largest healthcare W-2 phishing scam by some distance, impacting more than 17,000 of the organization’s employees. This year has already seen 74 organizations scammed, and that number is certain to rise over the coming weeks. Schools have been extensively targeted this year, although there have been at least 9 healthcare organizations that have fallen for the phishing scam this year. Campbell County Health, Pointe Coupe Hospital, Adventist Health (Tehachapi Valley), SouthEast Alaska Regional Health Consortium, eHealthinsurance, Citizens Memorial...

Read More
Google Removes Ransomware App from Its Play Store
Jan26

Google Removes Ransomware App from Its Play Store

An app in the Google Play store has been discovered to have been loaded with ransomware. Google has recently removed the ransomware app from its Play Store, although it is not known how many individuals have already been infected. The app in question is called EnergyRescue. The purpose of the app was to help users manage the use of their phone batteries. However, that was not the real purpose of the app. According to researchers at CheckPoint, the app was malicious and contained a form of malware dubbed Charger. The malware was an information stealer and was used to steal SMS messages from infected devices. The Charger malware was also capable of stealing other sensitive data from infected Android phones and had a ransomware component that would lock users’ phones after information had...

Read More
SEC Investigation of Yahoo Breach Launched
Jan25

SEC Investigation of Yahoo Breach Launched

The U.S. Securities and Exchange Commission will be investigating Yahoo over the two massive data breaches announced late last year. The SEC investigation of Yahoo will not be concerned with the controls put in place by the company to prevent data breaches, but whether Yahoo should have informed its investors of the breaches more quickly. In September, Yahoo announced that it had experienced a massive data breaches that had impacted hundreds of millions of its users. Since that announcement, the company has been heavily criticized for its handling of the breach. Questions have also been asked about when the company first became aware that its systems had been breached and why it took so long for notifications to be issued. In December, a second announcement was made, this time about a...

Read More
Sentara Healthcare Data Breach Investigated
Jan16

Sentara Healthcare Data Breach Investigated

Sentara Healthcare is investigating a data breach suffered by one of its third-party vendors that resulted in patients’ protected health information being accessed by an unauthorized individual. Sentara Health was notified of a potential ePHI breach by law enforcement on November 17, 2016. An internal investigation was then immediately launched to determine the source of the breach, which led to one of its vendors. The vendor of the 12-hospital healthcare system is not responsible for providing healthcare services to patients. The company was contracted to provide data and benchmarking services. However, no further information about the vendor or the source of the breach have been released. It is therefore unclear whether a hacker gained access to the vendor’s systems or if data were...

Read More
Ransomware Infection Impacting 19,000 Individuals Investigated by Highmark BCBS of Delaware
Jan15

Ransomware Infection Impacting 19,000 Individuals Investigated by Highmark BCBS of Delaware

A subcontractor of Highmark Blue Cross Blue Shield of Delaware has experienced a ransomware infection and cyberattack that has potentially compromised the personal information of approximately 19,000 beneficiaries of employer-paid health plans. The ransomware attack occurred at Highmark BCBS subcontractor Summit Reinsurance Services on August 5, 2016, although affected individuals have only just been notified of the incident. An investigation into the ransomware attack has now been launched by Highmark BlueCross BlueShield of Delaware which has revealed that 16 current and former self-insured customers have been affected. While it was the ransomware infection that tipped off SummitRe that its systems had been compromised, an investigation into the cyberattack revealed that access to its...

Read More
ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles
Jan09

ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles

E-Sports Entertainment Association (ESEA) has announced it has been the victim of an extortion attempt after a hacker infiltrated one of its game servers. The ESEA hacking incident resulted in the theft of 1.5 million player profiles and other user data. The hack occurred on December 27, 2016. Access was gained to an ESEA game server, data were exfiltrated, and a $100,000 ransom demand was issued by the attacker. The hacker said that if the ransom was paid, no mention of this incident would be made and the data would not be sold on or published. Failure to pay the ransom would result in the data being published online. Contact was made with ESEA through its bug bounty program. ESEA obtained the attacker’s email address and requested proof of data theft. ESEA was able to rapidly confirm...

Read More
Los Angeles Valley College Ransomware Attack: 28K Paid for Key
Jan09

Los Angeles Valley College Ransomware Attack: 28K Paid for Key

A Los Angeles Valley College ransomware attack on January 6, 2017 resulted in student data being locked and 1,800 college administrators and teachers being prevented from gaining access to their computer system and essential files. Ransomware is malicious software that encrypts a wide range of file types, including databases. The data is not moved or copied, just renamed and encrypted. In order to unlock the encryption, a unique key is required. The only key to unlock the encryption is held by the attacker. Payment of the ransom should see the key supplied to allow data to be unlocked, although there are no guarantees. There have been numerous instances where ransom payments have been made, yet the attackers have failed to supply a viable key to unlock the data. Unfortunately, many...

Read More
Switcher Trojan Infects Wi-Fi Routers via Android Mobiles
Jan03

Switcher Trojan Infects Wi-Fi Routers via Android Mobiles

An incredibly dangerous new Trojan has been detected by Kaspersky Lab which is being used to attack Wi-Fi routers via Android devices. The new malware – named the Switcher Trojan – is currently only being used to attack routers in China, although Kaspersky Lab researchers warn that this new malware signals a dangerous new trend – One that could well become a global problem. The typical way that hackers gain control of Wi-Fi routers is by performing direct attacks; however, this method of attack is far more efficient. The attackers are infecting Android users and they are used as pawns in Wi-Fi router attacks. Once a user’s device is compromised, any Wi-Fi router that they attempt to connect to will be subjected to a brute force attack. If the attack succeeds the attackers will gain...

Read More
Yahoo Breach the Work of Cybercriminals with Nation-State Connections
Dec20

Yahoo Breach the Work of Cybercriminals with Nation-State Connections

Data from the Yahoo breach of 1 billion user accounts has already been sold on the black market on multiple occasions, according to InfoArmor. While Yahoo maintains that the attack was performed by a nation-state sponsored hacking group, InfoArmor’s research suggests otherwise and many security experts agree. Instead of a nation-state sponsored hacking group, it has been suggested that it was a criminal organization behind the attack, with those actors believed to reside in Russia and/or Ukraine. InfoArmor’s chief intelligence officer Andrew Komarov claims the attack was performed by a hacking group operating under the name “Group E.” The group comprises of four hackers of Eastern European and Russian origin. The group is involved in hacking organizations to obtain data which are then...

Read More
1Bn Accounts Compromised in 2013 Yahoo Cyberattack
Dec15

1Bn Accounts Compromised in 2013 Yahoo Cyberattack

In September 2016, Yahoo announced it had been hacked and half a billion accounts were compromised; however, yesterday it was revealed that a 2013 Yahoo cyberattack that was twice the size. The credentials of more than 1 billion users were reportedly stolen in the 2013 Yahoo cyberattack. The Yahoo cyberattack announced in September was the largest data breach ever reported. This was particularly bad news as the company had just agreed to sell its core business to Verizon Communications. While the deal is not believed to have been derailed, Verizon is now seeking a substantial reduction in the purchase price as a result of the Yahoo brand being devalued. It since emerged that some individuals at Yahoo were even aware of the breach long before the deal with Verizon was agreed. It has been...

Read More
Madison County Pays $220,000 to Improve Defenses After Ransomware Attack
Dec14

Madison County Pays $220,000 to Improve Defenses After Ransomware Attack

The Madison County ransomware attack that took out many of the county’s computer systems last month could only be resolved by paying a $21,000 ransom as no viable backup existed. On the advice of the County’s insurance company, the ransom was paid. Madison County will not be required to cover the cost of the ransom, only the deductible. However, a ransomware attack costs considerably more to resolve than the cost of the ransom to obtain keys to unlock the encryption. The costs have continued to rack up since the November 4, ransomware attack. Madison County first had to pay a company to restore the files that had been encrypted. U.S. Signal was contracted to complete the task and was paid $17,500. Now, the County has committed a further $198,180 to pay for a new ransomware defense system...

Read More
Arkansas Sherriff’s Office Pays 3 Bitcoin Ransom to Unlock Files
Dec14

Arkansas Sherriff’s Office Pays 3 Bitcoin Ransom to Unlock Files

The cybercriminals behind a ransomware attack on an Arkansas Sherriff’s office have been paid 3 Bitcoin ($2,400) to supply the keys to decrypt files locked by the ransomware. The ransomware attack on the Carrol County Sheriff’s office occurred on December 5, 2016 and resulted in its computer systems being taken out of action for just under a week. The attackers used a fairly new ransomware variant called Dharma, which is from the same ransomware family as CrySIS. Dharma ransomware is understood to be primarily delivered to end users using exploit kits that probe for security weaknesses in web browsers, although DLL file attacks, malicious JavaScript and drive-by downloads are also used to spread infections. Multiple files were encrypted including the Police department’s management...

Read More
Dailymotion Cyberattack Impacts 85 Million Users
Dec06

Dailymotion Cyberattack Impacts 85 Million Users

According to LeakedSource, a recent Dailymotion cyberattack has resulted in email addresses, usernames, and passwords being obtained by hackers. Dailymotion is one of the leading web video platforms and is rated by Alexa as the 113th most popular website. In April 2015, the site attracted 148 million visitors. The Dailymotion cyberattack is understood to have occurred on or around October 20, 2016, which means account credentials may have already been used for phishing attacks or sold on to multiple individuals. The Dailymotion cyberattack is believed to have impacted approximately 85.2 million of the site’s users. Individuals affected by the breach have had their unique username and email address compromised, although the individual behind the attack is only believed to have obtained...

Read More
San Francisco Transport System Ransomware Attack Reported
Nov28

San Francisco Transport System Ransomware Attack Reported

A San Francisco Transport System ransomware attack occurred this weekend that resulted computers used by the city’s light rail system being encrypted. The attackers demanded a 100 Bitcoin ($70,000) ransom to supply the key to unlock the encryption. A statement released by the San Francisco Municipal Transportation Agency (SFMTA) confirmed that while the attack resulted in computer systems being taken out of action, transport was unaffected. “There’s no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact.” The attack did force SFMTA to allow passengers to travel free of charge during the attack, but all data have now been restored and it appears the ransom was not paid. The computer system has now been brought back online. The...

Read More
Facebook’s Darknet Password Buying Practice Revealed
Nov17

Facebook’s Darknet Password Buying Practice Revealed

The data obtained from cyberattacks is often listed for sale on Darknet marketplaces for cybercriminals to purchase, yet who actually buys these data? Passwords are bought by cybercriminals to gain access to users’ online accounts for a wide variety of nefarious activities, but it is not only criminals that are interested in these data. It has recently emerged that Facebook also buys stolen passwords. Facebook CSO Alex Stamos revealed last week that the social media giant buys stolen passwords on the black market and uses them to better protect users’ accounts. Facebook can use the stolen passwords and their associated email addresses to scan its users’ accounts to check for a match. If password recycling is discovered, Facebook can then force users to reset the passwords on their...

Read More
Light Cast on Cause of the Tesco Bank Hack
Nov16

Light Cast on Cause of the Tesco Bank Hack

The cause of the Tesco bank hack is not yet known, although security firm Digital Shadows has been narrowing down the possible causes that led to the criminals siphoning off $3.1 million from customers’ bank accounts. Tesco believed up to 20,000 customers may have been affected by the cyberattack on November 5 and 6, although the investigation into the attack has revealed that around 9,000 customers had funds taken out of their accounts. The attackers first attempted to take a small amount of money from customers’ accounts – around $25. If that transaction was successful, a second, larger transaction occurred of between $620 and $990. Tesco Bank is investigating the cyberattack, as is the National Crime Agency, although few details have so far been released on how the perpetrators...

Read More
Patients Informed of Seguin Dermatology Ransomware Attack
Nov15

Patients Informed of Seguin Dermatology Ransomware Attack

Patients have been warned of a Seguin Dermatology ransomware attack that may have resulted in their electronic protected health information being accessed by the attackers. The Texas dermatology clinic was attacked on or around September 12, 2016, although it took until October 26 for a full forensic analysis of the affected computer to be completed. The investigation of the attack did not confirm that patient data had been stolen, although the possibility could not be ruled out entirely. According to a press release from the legal firm Brin and Brin of San Antonio, the forensic analysis revealed there was “a high likelihood” that ePHI was accessed by the attackers. Consequently, the ransomware attack has been reported to the Department of Health and Human Services’ Office for Civil...

Read More
Massive FriendFinder Data Breach Announced: 412 Million Records Exposed
Nov15

Massive FriendFinder Data Breach Announced: 412 Million Records Exposed

A massive FriendFinder data breach has been discovered that impacts more than 412 million users of six adult-oriented friendship, dating, and porn websites. Six databases used by Friend Finder Network Inc., were hacked in October this year, with the hackers managing to steal credentials from hundreds of millions of accounts. The worst hit was the adult dating website Adultfriendfinder.com, which is touted as the world’s largest sex and swinger community. 339,774,493 current and former users of the site have had their account details exposed. Since the site did not delete the credentials of lapsed users of the site when membership expired, their details have also been obtained by hackers. Account details from the past 20 years have been exposed. 62,668,630 users of Cams.com have also had...

Read More
Hackers May Have Used Cookies for Persistent Access to Yahoo Accounts
Nov10

Hackers May Have Used Cookies for Persistent Access to Yahoo Accounts

Yahoo has revealed more about the massive data breach experienced in 2014 and says that in addition to the initial hack that provided hackers with users’ credentials, those actors may also have used cookies to bypass Yahoo security measures. This would have allowed the hackers to access users’ accounts for a considerable period of time after the initial attack. In a US Securities and Exchange Commission filing, Yahoo explained that “Forensic experts are currently investigating certain evidence and activity that indicates an intruder, believed to be the same state-sponsored actor responsible for the security Incident, created cookies that could have enabled such intruder to bypass the need for a password to access certain users’ accounts or account information.” Yahoo is currently trying...

Read More
2016: A Particularly Bad Year for Data Breaches
Nov10

2016: A Particularly Bad Year for Data Breaches

Take a look at any of the websites that track data breaches and one thing is clear: Data breaches are now occurring much more frequently than in previous years, even though organizations have increased cybersecurity budgets and are committing more resources to breach prevention. Since records of data breaches fist started being kept by the Identity Theft Resource Center (ITRC) in 2005, there have been 6,619 data breaches and more than 881 million records have been exposed or stolen. 2014 was a particularly bad year for data breaches, with 783 data exposure or data loss incidents tracked by the ITRC. In 2015, 781 incidents were reported, although the scale of some of those incidents were notable. 2015 saw the colossal data breach at Anthem Inc., which resulted in the theft of a huge...

Read More
Madison County Ransomware Attack: Ransom Paid to Unlock Files
Nov09

Madison County Ransomware Attack: Ransom Paid to Unlock Files

A Madison County ransomware attack over the weekend has resulted in most of the Indiana county’s computer systems being taken out of action, causing major disruption to county services. The ransomware is believed to have been installed on Saturday November 4, and was noticed by Central Dispatch after access to files could not be gained. The voting system was unaffected and emergency services continued to run as normal, although the attack did take out systems used by the courts and on Monday, many of the county’s offices remained closed while efforts continued to resolve the infection. Madison County holds a cyber insurance policy with Travelers, which was contacted once it was clear that file access was prevented as a result of a ransomware attack. According to John Richwine,...

Read More
BEC Attack on El Paso Resulted in Theft of $3.2 Million
Nov04

BEC Attack on El Paso Resulted in Theft of $3.2 Million

The threat from business email compromise attacks has been clearly highlighted by the recently discovered BEC attack on El Paso, TX. According to the Mayor of El Paso, Oscar Leeser, city officials notified law enforcement in October that employees had fallen for phishing scams. Those scams resulted in the attackers stealing $3.2 million in funds from the city. The BEC attack on El Paso was similar to numerous attacks that have taken place in the United States in recent years. The attacker posed as a vendor and informed the city that payment had not been received. A payment of $300,000 was sent, followed by a further payment of $2.9 million from the Camino Real Regional Mobility Authority. The first payment was identified by the CFO after it was noticed that the money had been misdirected...

Read More
UK Government to Commit £1.9bn to Cybersecurity Defenses
Oct31

UK Government to Commit £1.9bn to Cybersecurity Defenses

The increasing threat to the UK’s critical infrastructure has prompted the government to commit more funds to cybersecurity defenses. In a recent speech, the UK chancellor Phillip Hammond promised to spend a further £1.9 billion on defenses to prevent foreign attackers from conducting successful attacks. Hammond believes further investment is required in order for the UK to continue to be able to mount a defense against increasingly sophisticated methods of attack used by cybercriminals. According to Hammond, “If we do not have the ability to respond in cyberspace to an attack which takes down our power network – leaving us in darkness or hits our air traffic control system grounding our planes – we would be left with the impossible choice of turning the other cheek,...

Read More
4.3 Million IoT Devices Recalled in Effort to Curb DDoS Attacks
Oct26

4.3 Million IoT Devices Recalled in Effort to Curb DDoS Attacks

Hangzhou Xiongmai Technology – a major Chinese electronics company – has announced it is recalling thousands of IoT devices after they were hijacked by hackers and used in a spate of massive distributed denial of service (DDoS) attacks. Many of its devices have been added to the Mirai botnet – a network hundreds of thousands of IoT devices used to flood Internet services with traffic rendering them unavailable. The Mirai botnet has been used for massive DDoS attacks on Krebs on Security and the French Hosting company OVH in early October, the latter exceeding 1 Tbps. The Mirai botnet was also used in a massive DDoS attack that took down large sections of the Internet on Friday. The latest attack resulted in some of the biggest websites on the Internet being made inaccessible for...

Read More
Phishing Scam Fools Baystate Health Employees and Exposes PHI
Oct24

Phishing Scam Fools Baystate Health Employees and Exposes PHI

Phishing is a technique commonly used by cybercriminals as an easy way of gaining access to healthcare data. The aim of the scam is to convince individuals into revealing login credentials or infecting their computers with malware. Even when robust cybersecurity defenses are employed to prevent networks and databases from attack, those protections can easily be undone by employees. If employees can be convinced to click malicious links, open infected email attachments, or disclose their login credentials, the attackers can gain a foothold in the network. Phishing scams can be speculative, although increasingly cybercriminals are using highly targeted campaigns. Well-crafted and highly convincing emails are sent that appear to be genuine requests from colleagues to divulge information....

Read More
Weebly Data Breach Impacts 43 Million Customers
Oct21

Weebly Data Breach Impacts 43 Million Customers

A massive Weebly data breach has been uncovered that impacts 43,430,316 customers who have previously created websites using the drag and drop website creation platform. The data breach is understood to have occurred around 8 months ago, although Weebly has only just been informed that it was attacked. Rapid action was taken to shore up security and protect customers. The security breach came to light after an anonymous individual sent the stolen credentials to LeakedSource. The LeakedSource database has now been updated and Weebly was informed of the breach. Notification emails started to be sent to customers on Thursday October 20, 2016. At present, the cause of the breach is unknown. An investigation into the breach is ongoing although steps have already been taken to enhance security...

Read More
2012 LinkedIn Data Breach: Suspect Arrested in Prague
Oct20

2012 LinkedIn Data Breach: Suspect Arrested in Prague

The 2012 LinkedIn data breach was one of the largest ever reported. More than 117 million user credentials were stolen in the attack. This year those records were listed for sale online, although the individuals behind the cyberattack has remained a mystery. The data were listed for sale on Darknet marketplace theRealDeal recently by a hacker going by the name Peace_of_Mind (Peace). However, it is unclear whether Peace was responsible for the attack or was just selling the data. However, Police in the Czech Republic believe they have apprehended one of the hackers behind the 2012 LinkedIn data breach in Prague. The arrest was made on October 5, although the announcement of the arrest was only made yesterday. The identity of the suspect is unknown, although NBC News has identified him as...

Read More
Rainbow Children’s Clinic Ransomware Attack Announced
Oct18

Rainbow Children’s Clinic Ransomware Attack Announced

A recent Rainbow Children’s Clinic ransomware attack has resulted in the protected health information of patients being encrypted and made inaccessible to pediatricians and other clinic staff members. Rainbow Children’s Clinic provides medical services to children in the Arlington and Grand Prairie areas of Texas. On August 3, 2016, the clinic was prevented from accessing certain data that were stored on its servers. An investigation was immediately launched which revealed a hacker had installed ransomware which was used to encrypt data. A third-party computer forensic expert was hired to investigate the attack. It was discovered that in addition to encrypting data, some protected health information had been deleted and was permanently lost. No mention was made of any ransom being paid...

Read More
CalOptima Data Breach Announced: 56K Members Impacted
Oct18

CalOptima Data Breach Announced: 56K Members Impacted

A second CalOptima data breach has been announced just a few weeks after 1,000 members were informed that some of their protected health information had been exposed due to a printing error. CalOptima spokeswoman Bridget Kelly confirmed to the Orange County Register that the latest CalOptima data breach has impacted approximately 7% of CalOptima members – around 56,000 individuals. CalOptima, a public agency created to manage the Medi-Cal program in Orange County, CA,, notified affected members of a breach of sensitive data on October 14. Two months ago, a departing employee was discovered to have downloaded a range of sensitive data to a thumb drive prior to leaving employment at CalOptima. The data were copied onto a thumb drive, which has since been recovered. The CalOptima data...

Read More
Saint Francis Health System Alerts Patients to Warren Clinic Data Breach
Oct15

Saint Francis Health System Alerts Patients to Warren Clinic Data Breach

Tulsa, Oklahoma-based Saint Francis Health System has experienced a cyberattack that has resulted in the theft of patient data. The incident does not impact all Saint Francis patients, only certain patients that have previously received medical services at the Warren Clinic – a network of 70 clinics in Tulsa and eastern Oklahoma. The cyberattack was not detected at the time. Instead, Saint Francis Health System was informed that an attack had occurred by the individuals responsible for the breach. On September 7, 2016, Saint Francis Health System received an email advising of a cyberattack on an external server. The healthcare organization was told that patient data had been exfiltrated and was being held by the attackers. The attackers demanded a payment be made using an anonymous...

Read More
Integrity Transitional Hospital Hack Impacts Multiple Healthcare Providers
Oct15

Integrity Transitional Hospital Hack Impacts Multiple Healthcare Providers

Denton, Texas-based Integrity Transitional Hospital has notified patients, many of whom are children, that some of their protected health information has potentially been viewed and copied by an unauthorized individual who managed to gain access to one of its computer systems. A network intrusion was discovered on August 15, 2016 after suspicious network activity was identified. Rapid action was taken to shut down access and prevent the exfiltration of data. A third party computer forensics company was contracted to conduct a thorough investigation of the hospital’s systems to determine the extent to which its network had been compromised and which, if any patient data has been viewed or copied by the attackers. The investigation revealed a system used to store laboratory data had been...

Read More
Massive Amazon Data Breach? Just a Precautionary Password Reset Apparently
Oct13

Massive Amazon Data Breach? Just a Precautionary Password Reset Apparently

Rumors have been circulating that a massive Amazon data breach had occurred following the decision by the online retail giant to reset the passwords of users’ accounts. Amazon started resetting the passwords on certain accounts on Saturday and the process is ongoing. Emails have now been sent to users to advise them that their passwords were resent as a security precaution. The decision was taken to protect customers whose credentials had been posted online; however, those credentials were not stolen as a result of an Amazon data breach. Instead they are believed to have been obtained in a breach of another platform. The password reset was performed as a proactive defense to prevent Amazon users’ accounts from being compromised. The password reset is understood to only have been...

Read More
Apria Healthcare Data Breach Discovered
Oct13

Apria Healthcare Data Breach Discovered

A recently discovered Apria Healthcare data breach has been discovered which has impacted 1,987 patients. the security breach has resulted in the exposure of a wide range of patient data. The cyberattack was discovered on August 5, 2016 and rapid action was taken to shut down access to Apria Healthcare’s systems. An external computer forensics firm was called upon to investigate the Apria Healthcare data breach. The investigation revealed a single email account had been compromised. The electronic health record system was not compromised in the attack. Apria Healthcare did not disclose how access to the email account was gained. The investigation involved checking every email in the employee’s account to check for the presence of any confidential and sensitive patient data. The...

Read More
Peachtree Orthopedics Discovers Patient Database has been Hacked
Oct13

Peachtree Orthopedics Discovers Patient Database has been Hacked

Peachtree Orthopedics has announced a hacker gained access to a patient database containing names, addresses, dates of birth, email addresses, treatment codes, prescription records, and Social Security numbers. The breach notification letters sent to patients on October 7, 2016 explain that the hacker potentially stole the contents of the database. The data breach was discovered on September 22. Rapid action was taken to secure patient health information and block data access. Outside IT security experts were also brought in to conduct a forensic examination and ensure that its systems were secured to prevent future breaches of ePHI. The FBI was also informed and is investigating the breach. Data theft was not confirmed but it could not be ruled out. Patients have therefore been offered...

Read More
Yahoo Acquisition Price May Be Reduced After Massive Data Breach
Oct07

Yahoo Acquisition Price May Be Reduced After Massive Data Breach

According to a recent article in the New York Post, the Yahoo acquisition price may be reduced following the massive data breach that was reported to have affected 500 million users. Prior to the announcement of the data breach, Verizon was due to buy Yahoo for $4.8 billion. The deal was arranged before news of the data breach broke, but not before the data breach actually occurred. The deal was arranged over the summer, but two weeks ago news broke that the credentials of hundreds of millions of Yahoo users had been stolen by hackers. As if that was not enough bad news, last week two former Yahoo employees revealed that Yahoo had been secretly scanning users email accounts at the request of either the NSA or FBI. Last year, it is alleged that Yahoo built the software to enable a...

Read More
Marin Healthcare Ransomware Attack Reported
Oct06

Marin Healthcare Ransomware Attack Reported

A Marin Healthcare ransomware attack has been reported that resulted in sensitive patient data being encrypted. The attack affected one of Marin Healthcare’s vendors, Marin Medical Practices, which provides medical billing and EHR services. In accordance with HIPAA Rules, the vendor performed backups of protected health information. Under normal circumstances this would have allowed the organization to recover the locked files without having to pay the attackers for a decryption key. However, the process of restoring files from a backup failed. To prevent data loss, it was necessary to pay the ransom demand to obtain the decryption key. After obtaining the key, Marin Medical Practices was able to recover from the infection and regain access to the encrypted files, which included clinical...

Read More
Another Public Health Service Data Breach is Discovered
Oct03

Another Public Health Service Data Breach is Discovered

Another public health service data breach has recently been discovered. This time around it is current and former members of the Commissioned Corps that have been affected. This week the Surgeon General emailed current, former, and retired Commissioned Corps officers to alert them to a potential breach of their data after it was discovered that an unauthorized individual gained access the agency’s personnel system. The system is used for payroll and other HR functions, including logging annual leave, hours worked, and attendance. Names, dates of birth and Social Security numbers may have been viewed and/or copied. The security breach was discovered on September 20, 2016 although it is unclear from the breach notification email when access to the system was gained. The attack occurred via...

Read More
Yahoo Cyberattack Potentially More than Twice Reported Size
Oct03

Yahoo Cyberattack Potentially More than Twice Reported Size

The massive Yahoo cyberattack was recently reported to have impacted 500 million users. Yahoo also claimed that the attack appeared to have been conducted by a nation-state backed hacker. However, security experts have questioned that claim, as the facts about the Yahoo cyberattack that have been released so far do not tally with a state-sponsored attack. Now, a former Yahoo executive has spoken out about the attack and says the Yahoo breach could have affected substantially more users. In fact, more than twice as many users could have been affected. The breach is already the largest ever discovered, yet more than 1 billion users may have been affected. In an interview with Business Insider, a former executive at Yahoo said that the architecture of Yahoo’s systems is such that a breach...

Read More
New Jersey Spine Center Ransomware Attack: No Alternative but to Pay Ransom
Sep30

New Jersey Spine Center Ransomware Attack: No Alternative but to Pay Ransom

A recent New Jersey Spine Center ransomware attack resulted in electronic patient health records being locked with powerful encryption. The attack involved the ransomware variant Cryptowall, which has been used in numerous attacks over the past few months. Unfortunately, while decryptors have been published for a number of ransomware variants, the latest version of Cryptowall has resisted security companies’ efforts to crack it. Infection with this ransomware variant leaves organizations with three choices. Accept data loss, recover the files from a backup, or pay the ransom demand to obtain the key to decrypt the data. Since patient health data were locked, accepting data loss wasn’t an option. Unfortunately, recovering data from a backup was not possible as the most recent backup had...

Read More
State-Sponsored Hackers Not Responsible for Yahoo Breach, Says InfoArmor
Sep29

State-Sponsored Hackers Not Responsible for Yahoo Breach, Says InfoArmor

It was the biggest cyberattack ever reported, affecting more than 500 million individuals, but there is currently considerable debate as to who was responsible. Yahoo has announced that a state-sponsored attacker was behind the attack, yet many doubt this to be the case. Now independent security firm infoArmor claims that its research shows that state-sponsored hackers were not involved. Instead, it has been claimed the attack was conducted by criminal hackers. InfoArmor has been investigating a team of professional hackers for over 3 years. The hackers are believed to come from Eastern Europe. The group of five individuals mostly sell hacked data to spammers and are not understood to be sponsored by any nation state. InfoArmor believes it is these hackers behind the attack. During the...

Read More
1Tbps DDoS Attack Recorded by Web Hosting Company
Sep29

1Tbps DDoS Attack Recorded by Web Hosting Company

A series of DDoS attacks have hit a French web hosting company over the past few days, culminating in a 1Tbps DDoS attack – The largest DDoS attack ever reported. Denial-of-Service attacks have increased significantly in recent months; however, the scale of the recent DDoS attacks is particularly alarming. Attacks of 300+Gbps can cause significant damage, but even attacks on this scale were rare. However, in the space of a week two record breaking DDoS attacks have been reported. First Brian Krebs reported an attack that resulted in the Krebs on Security site being taken down. At 620Gbps at its peak, it was the largest ever DDoS attack to date. However, that was just the start. The DDoS attack on OVH exceeded 1Tbps. According to OVH CEO Octave Klaba, the attack involved 145,000 devices,...

Read More
Hacking Group Holds WestPark Capital to Ransom
Sep28

Hacking Group Holds WestPark Capital to Ransom

After stealing data from a number of healthcare organizations and demanding a ransom not to release the information, the hacking group TheDarkOverlord has now targeted the investment bank WestPark Capital. A host of sensitive data including non-disclosure agreements, reports, and contracts were stolen from the firm and a ransom demand has been issued. If WestPark refuses to pay, the hacking group says it will publish the stolen data. TheDarkOverlord has already published links to around 20 documents including NDAs, reports, presentations and contracts. WestPark has not disclosed how much money the attackers demanded, although a report in the Los Angeles Times suggest the ransom was in excess of $1 million. TheDarkOverlord group conducted similar attacks on healthcare organizations over...

Read More
Yahoo Data Breach Confirmed: 500 Million Users Affected
Sep22

Yahoo Data Breach Confirmed: 500 Million Users Affected

Two months ago, a massive Yahoo data breach appeared to have been uncovered. The records of more than 200 million Yahoo email account holders seemed to have been listed for sale on a Darknet marketplace. The hacker who placed the listing on the site – Peace – had previously listed other large databases for sale, including the data from the MySpace and LinkedIn data breaches. Peace is the co-founder of the Darknet marketplace TheRealDeal, where the data were listed for sale. The Yahoo Data Breach is the Biggest Ever Reported Yahoo conducted an investigation into the apparent breach and now, more than two months later, the Yahoo data breach has been confirmed. However, the Yahoo data breach is far worse than the data listing suggested. The account details of more than 500 million...

Read More
ClixSense Data Breach Reported: 6.6 Million Users Affected
Sep15

ClixSense Data Breach Reported: 6.6 Million Users Affected

A massive ClixSense data breach has occurred that has resulted in a treasure trove of user data being obtained by hackers. In total, the ClixSense data breach impacts more than 6.6 million users, 2.2 million of which have had their sensitive data dumped online. The data of the remaining 4.4 million users is being offered for sale online. ClixSense is an online service that pays its members to take part in online surveys. Due to the nature of the service, any individual signing up to take part must provide highly sensitive information such as bank account details. The hackers were also able to steal up-to-date user data. Some of the compromised accounts were only created a month ago. That makes this breach far more serious that the cyberattacks at LinkedIn and MySpace. Data obtained by...

Read More
World Anti-Doping Agency Cyberattack: Olympics Stars’ Medical Files Published
Sep13

World Anti-Doping Agency Cyberattack: Olympics Stars’ Medical Files Published

The medical records of a number of leading U.S athletes have been leaked online. The data came from a hack of the World Anti-Doping Agency and Court of Arbitration for Sport (WADA-CAS). A group of hackers operating under the name Tsar Team / Fancy Bears successfully hacked WADA’s anti-doping administration and management system (ADAMS) database and stole sensitive data on U.S. athletes. The data have now been uploaded to the hacking group’s website. While medical data is often stolen for financial gain, the recent WADA-CAS hack appears not to be financially motivated, instead it was the intention of the hackers to gain access to medical data to show that it is not only Russian athletes that are involved in doping. The hackers claim that they stand for” fair play and clean sport.” On the...

Read More
Survey Reveals Extent of UK Ransomware Infections
Sep09

Survey Reveals Extent of UK Ransomware Infections

A recent survey conducted on more than 300 IT decision makers has revealed the extent of UK ransomware infections and provides some interesting insights into the lack of preparedness for attacks. The aim of the study was to raise awareness of the ransomware threat and show how much of an impact ransomware is having on businesses in the United Kingdom. The threat from ransomware has been widely documented over the course of the past 12 months in line with the increasing number of attacks that are being performed. However, what was not clear was how many companies had actually experienced ransomware attacks. The Trend Micro survey has revealed that UK ransomware infections are occurring at an unprecedented rate. 44% of the surveyed companies revealed that they had already experienced a...

Read More
18,000 Patients Impacted by Highline Medical Center Data Breach
Sep08

18,000 Patients Impacted by Highline Medical Center Data Breach

CHI Franciscan Health Highline Medical Center has notified 18,399 patients that some of their protected health information has been exposed on the Internet as a result of an error made by a business associate. The HIPAA business associate responsible for the breach was R-C Healthcare Management. An employee of the firm had made an error with the configuration of a firewall after maintenance work was conducted. The error was made on April 21, 2016, but was not discovered until June 13. During the time that the security protection was removed, files containing Highline Medical Center patients’ personal information was freely accessible over the Internet. The exposed files contained data from 1993-1994 and from 2008 to 2013. The data was used by R-C Healthcare Management for cost reporting...

Read More
98 Million Records from 2012 Rambler.ru Data Breach Dumped
Sep06

98 Million Records from 2012 Rambler.ru Data Breach Dumped

The Rambler.ru data breach that occurred on February 17, 2012 involved the theft of usernames, plain text passwords, ICQ numbers, and other internal data. In total, the credentials of 98,167,935 users were stolen in the cyberattack. Email addresses were also compromised, since the username is used to create email addresses. The same individual responsible for providing the last.fm data to LeakedSource has handed over the datasets from the 2012 Rambler.ru data breach. The contents of the database were independently verified as genuine by a Russian journalist – Maria Nefedova. She sent the first portion of passwords to three different users. Those users responded and provided the remaining 4-6 digits of the passwords, confirming the data set was real. The 2012 Rambler.ru data breach...

Read More
2012 Last.fm Data Breach Affects 43 Million Users
Sep01

2012 Last.fm Data Breach Affects 43 Million Users

A number of mega breaches have come to light in 2016. The list continues to grow, with news that the data from a 2012 Last.fm data breach have just surfaced. The last.fm data breach in question occurred on March 22, 2012. It is now known that 43,570,999 login credentials were stolen in the cyberattack. In contrast to some of the large-scale data breaches from 2012, the music tracking website encrypted passwords; however, the method used to encrypt passwords was not particularly secure. The passwords were encrypted with an M5 unsalted hash. The methods used to encrypt passwords are now far superior to those used in 2012. Passwords are usually protected with encryption, but the algorithms used are more complex and passwords are also salted. By salting the hashes – adding random characters...

Read More
1.1 Billion Records Exposed in 2016 Data Breaches
Sep01

1.1 Billion Records Exposed in 2016 Data Breaches

According to a new data breach report published by Risk Based Security, more than 1.1 billion records have been exposed or stolen in the first 6 months of 2016. Those figures make 2016 the worst ever year for data breaches by some distance and the year is far from over yet. The good news, if you can call it that, is compared to the first 6 months of 2015, data breaches are down by 17%. Unfortunately, cyberattacks on organizations are exposing more records. Attacks on healthcare providers and insurers have not been of the scale of those discovered in 2015, although major breaches have occurred. A hacker/hacking group operating under the name The Dark Overlord stole the healthcare records of more than 10 million Americans and listed those data for sale on the darknet marketplace,...

Read More
Scan Health Data Breach Involved Unauthorized Use of Legitimate Login Credentials
Aug31

Scan Health Data Breach Involved Unauthorized Use of Legitimate Login Credentials

On June 27, 2016, SCAN Health discovered that an unauthorized individual had gained access to the data of its members. Sales contact sheets had been accessed, which contained the names of members, their dates of birth, phone numbers, and addresses. In some cases, health notes were also obtained, which included the names of members’ physicians, brief descriptions of health conditions, along with details of medications that had been prescribed. An investigation into the SCAN Health data breach revealed the data of 87,000 current and former members had been accessed. In fewer than 500 cases, Social Security numbers were also compromised. The breach affected members of SCAN Health, SCAN Health Plan Arizona, and the Village Health Plan. An external security firm was contracted to conduct an...

Read More
New York State Psychiatric Institute Data Breach Reported
Aug31

New York State Psychiatric Institute Data Breach Reported

A New York State Psychiatric Institute data breach that occurred between April 28 and May 4, 2016 has recently been announced. On June 16, 2016, New York State Psychiatric Institute, which is owned and operated by the New York State Office of Mental Health, became aware that unauthorized individuals had gained access to parts of the Institute’s computer systems. The protected health information of research participants was potentially accessed and copied by those individuals. The data stored on the compromised part of the network include the names of research participants along with dates of birth, addresses, email addresses, contact telephone numbers, school, county, coded health information, Social Security numbers, and Driver’s License numbers. The exposed health information was...

Read More
Appalachian Regional Healthcare Security Breach Announced
Aug31

Appalachian Regional Healthcare Security Breach Announced

Hospitals in Kentucky and West Virginia have been forced to work without key computer systems as a result of an Appalachian Regional Healthcare security breach. A virus was discovered on Saturday that has caused a number of technical complications which Appalachian Regional Healthcare is attempting to resolve. Upon discovery of the virus, computer systems were shut down to prevent the spread of the virus and the Emergency Operations Plan was initiated, although limited details of the Appalachian Regional Healthcare security breach have been released at this point in time. The investigation into the virus infection is ongoing and federal authorities are now involved. A statement was issued by ARH spokesperson, Melissa Cornett, on Saturday explaining that electronic web-based services are...

Read More
Mega Dropbox Data Breach Uncovered: 68 Million Passwords Stolen
Aug30

Mega Dropbox Data Breach Uncovered: 68 Million Passwords Stolen

A Dropbox data breach from 2012 has just been uncovered. A dataset including usernames (email addresses) and encrypted passwords has recently been provided to a number of breach notification sites, including LeakedSource, HaveIBeenPwned, and Hacked-DB. The data have also been listed for sale on the hacking marketplace, TheRealDeal. According to the listing, there are 68,679,804 login credentials in the dataset. Dropbox is now emailing all users affected by the breach urging them to login to their account to change their password. In some cases, but not all, Dropbox has performed a password reset and users will be forced to change their password at their next login. The data breach occurred around the middle of 2012. The accounts of individuals that have reset their password or created a...

Read More
Bon Secours Health System Announces 655,000 PHI Incident
Aug12

Bon Secours Health System Announces 655,000 PHI Incident

This week, Maryland-based Bon Secours Health System has announced that the protected health information of some of its patients has been accessible over the Internet for a period of almost two months. The security incident ranks as one of the biggest potential data breaches of 2016, involving the records of more than 655,000 patients. The incident was caused by the actions of one of its business associates: R-C Healthcare. R-C Healthcare, a reimbursement optimization firm, inadvertently changed network security settings on its servers when performing maintenance between April 18 and April 21. The change meant the data stored on the server could be accessed via the internet by unauthorized individuals. The exposed data includes patient names, health insurer names and patient ID numbers,...

Read More
Professional Dermatology Care Ransomware Attack Reported
Aug10

Professional Dermatology Care Ransomware Attack Reported

A Professional Dermatology Care ransomware attack has been reported to the Department of Health and Human Services’ Office for Civil Rights, in accordance with Health Insurance Portability and Accountability Act (HIPAA) Rules. Cybercriminals from outside the United States gained access to a network server used by Professional Dermatology Care and installed ransomware. The ransomware encrypted a range of data including the protected health information of patients. However, the criminals also potentially viewed and copied patient data during the time that access to the network server was possible. Data potentially compromised in the attack include patient names, dates of birth, mailing addresses, Social Security Numbers, Medicare numbers, billing information and medical records. Access to...

Read More
Attempted Fraud Reports Suggest Optometry Association Data Breach
Aug09

Attempted Fraud Reports Suggest Optometry Association Data Breach

An optometry association data breach is suspected to have occurred in which the sensitive data of optometrists and optometry students were stolen. Those data appear to have been used to fraudulently apply for credit. Earlier this month, a number of optometrists and optometry students contacted the American Optometry Association (AOA) after receiving unsolicited Chase Amazon.com credit cards in the mail. Credit reference agencies also alerted a number of individuals about credit applications that were made. The data needed by criminals to apply for credit could have come from any number of organizations, but since optometrists and optometry students have been specifically targeted it is probable that an optometry association data breach has occurred. At present it is unclear which...

Read More
Newkirk Products Data Breach Impacts 3.3 Million Individuals
Aug08

Newkirk Products Data Breach Impacts 3.3 Million Individuals

The recently announced Newkirk Products data breach impacts at least 13 health insurers and healthcare providers, and reportedly affects as many as 3.3 million health plan subscribers and healthcare patients. The Newkirk Products data breach was announced just five days after ownership of the company was transferred to Broadridge Financial Solutions for $410 million. The purchasing of Newkirk was completed on July 1, with the breach being discovered on July 6, 2016. Numerous Blue Cross Blue Shield Organizations and Healthcare Providers Affected Upon discovery of the Newkirk Products data breach, the affected server was isolated and shut down and an external computer forensics firm was brought in to investigate the intrusion. The firm determined that an unauthorized individual had first...

Read More
Banner Health Network Cyberattack Affects 3.7 Million Individuals
Aug06

Banner Health Network Cyberattack Affects 3.7 Million Individuals

3.7 million individuals have been affected by a Banner Health Network cyberattack discovered last month. The Banner Health Network cyberattack is the largest healthcare data breach to have been announced by a healthcare organization so far in 2016. Banner Health Network Cyberattack Targeted Hospital Food and Beverage Outlets The Banner Health Network cyberattack was discovered on July 7, 2016. Attackers were discovered to have gained access to the computer system used to process card payments at some of the food and beverage outlets in Banner Health hospitals in Alaska, Arizona, Colorado, and Wyoming. Payment card details – Card numbers, cardholders’ names, expiry dates, and ccc codes – were compromised in the attack. Insurance claim information may also have been compromised. The...

Read More
DHC Issues Message on Federal Government Cyber Incident Reporting
Aug01

DHC Issues Message on Federal Government Cyber Incident Reporting

The U.S. Department of Homeland Security has issued a message on Federal Government cyber incident reporting. The document explains the importance of contacting the correct government agencies and the benefit to organizations and consumers of reporting cyber incidents promptly. The DHS explains that two types of assistance are offered to private sector organizations: Asset Response and Threat Response. Asset response is provided by the Department of Homeland Security’s National Cybersecurity and Communications Center (NCCIC). The NCCIC is able to provide assistance with securing assets, mitigating vulnerabilities, and sharing threat intelligence with private and public sector organizations that may be at risk. Assistance can also be provided in removing an adversary and the NCCIC will...

Read More
Premier Physicians Group Data Breach Reported
Jul26

Premier Physicians Group Data Breach Reported

1,326 healthcare patients in Texas have been notified that some of their PHI was left unattended and unprotected, and was potentially viewed by unauthorized individuals. Patients affected by the Premier Physicians Group data breach had received treatment from Dr. Mario Gross who was previously employed by the clinic. Dr. Gross has also worked for a number of healthcare providers in the Midland, TX region. Many of those organizations have also recently issued breach notices to their patients. The Premier Physicians Group data breach was discovered on April 8, 2016. Documents containing the PHI of patients were found in a former residence of Dr. Gross. Dr. Gross had vacated the premises and ownership of the properly had been transferred to a local bank. However, a number of records that...

Read More
Patients Informed of Athens Orthopedic Clinic Cyberattack
Jul26

Patients Informed of Athens Orthopedic Clinic Cyberattack

Patients of Athens Orthopedic Clinic are in the process of being notified that their protected health information has been obtained by a hacker. The Athens Orthopedic Clinic cyberattack was discovered late last month after a hacker going by the name The Dark Overlord put the healthcare records of a Georgia healthcare provider up for sale on the Darknet marketplace TheRealDeal. However, initially it was unclear to whom the records belonged as the name of the healthcare provider was not disclosed. TDO reportedly sent a demand for payment to each of the healthcare organizations that were attacked. The companies were told that they could pay to prevent the sale of their data and receive assistance correcting the security flaw that allowed their patients’ data to be accessed. No payment was...

Read More
Malicious Actors Are Conducting Targeted Healthcare Industry Attacks
Jul14

Malicious Actors Are Conducting Targeted Healthcare Industry Attacks

Random ransomware attacks on healthcare organizations are a cause for concern, although the recent spate of targeted healthcare industry attacks are even more worrying. Malicious actors have stolen the protected health information of close to 10 million individuals and those records have now found their way onto underground marketplaces. The attacks did not involve ransomware, although a ransom demand was allegedly issued to each of the healthcare organizations that were attacked. A malicious actor operating under the name TheDarkOverload managed to hack into healthcare databases and stole large volumes of PHI. Each organization was then contacted and told that they could prevent the sale of their patients’ data – and have the exploited security vulnerability fixed – if a “ransom” was...

Read More
13,000 Patients Impacted by Ambulatory Surgery Center Ransomware Attack
Jul12

13,000 Patients Impacted by Ambulatory Surgery Center Ransomware Attack

The recent Ambulatory Surgery Center ransomware attack has resulted in the protected health information of 13,000 patients being exposed, according to a recent article in the Bucks County Courier Times. Ambulatory Surgery Center, a provider of outpatient surgical and diagnostic procedures in Langhorne, PA., discovered the attack on June 1, 2016. Staff at the center were prevented from accessing files, which tipped of the organization to the attack. A ransom note was discovered which requested payment in exchange for keys to unlock the encryption. As is required under HIPAA Rules, Ambulatory Surgery Center had performed regular backups of patient data and was able to recover from the attack without having to pay the attackers. The files were restored on the same day as the attack,...

Read More
10 Million Healthcare Records Listed for Sale on Darknet
Jun29

10 Million Healthcare Records Listed for Sale on Darknet

The names, addresses, dates of birth and Social Security numbers of more than 10 million patients have been listed for sale on a darknet marketplace in the past few days. These records do not appear to have come from some of the large healthcare data breaches reported by HIPAA covered entities over the last few years. There is a high probability that the records are from new, previously unreported PHI breaches. The healthcare records were listed for sale on darknet marketplace TheRealDeal over the weekend. The records appear to have been stolen by a hacker operating under the name TheDarkOverlord. Five separate listings have now been added to the site, each corresponding to a separate batch of healthcare data. The databases of healthcare providers and health insurers. Initially, four...

Read More
Time Inc. Confirms Massive MySpace Data Breach
Jun29

Time Inc. Confirms Massive MySpace Data Breach

According to a recent report from LeakedSource, the MySpace data breach that was recently announced by Time Inc., resulted in the theft of 427 million passwords and affected approximately 360 million accounts. Usernames, email addresses passwords, and in some cases, a secondary password, were stolen. Many mega data breaches have been announced in 2016 that occurred in 2012/2013, but none have been on this scale. In terms of the number of users affected, the MySpace data breach is the largest ever reported. After June 11, the site used enhanced security. Only accounts that were created prior to this date have been affected. The security updates in June 2013 included using double salted hashes. In the event of a breach, the passwords would be particularly difficult to crack. Prior to June...

Read More
655,000 Healthcare Records Listed for Sale on Underground Marketplace
Jun27

655,000 Healthcare Records Listed for Sale on Underground Marketplace

A hacker operating under the name TheDarkOverlord has placed three separate listings on the underground marketplace TheRealDeal. Three separate healthcare databases are being offered for sale. Those databases contain a total of 655,000 healthcare records. Samples of the data have been provided which have been independently verified as being real. Some of the data appear to be old, although the breaches are understood to have occurred relatively recently. The data do not appear to have come from large-scale breaches from the past few years, as was the case with the recent listings on TheRealDeal placed by the hacker “Peace.” The hacker claims to have obtained the data in recent attacks by exploiting gaping holes in the healthcare organizations’ systems. One of the stolen databases was...

Read More
Mega Data Breaches Prompt Facebook and Netflix to Reset Passwords
Jun08

Mega Data Breaches Prompt Facebook and Netflix to Reset Passwords

The mega data breaches at LinkedIn, Adobe, Tumblr, and MySpace allowed hackers to obtain vast numbers of email addresses and passwords. Now that the data have been listed for sale online, users of these websites are at risk of having their accounts hacked. In total, more than half a billion email addresses and hashed passwords have been leaved over the past few weeks. All of these websites are now alerting users to the breaches and are invalidating passwords for affected individuals. Other websites have also followed suit, even though they have not experienced a data breach. Netflix has recently started sending emails to its users telling them that their passwords have been reset. Facebook has also taken the decision to force some of its users to update their passwords to prevent...

Read More