18,500 Patients PHI Exposed After Multiple Email Accounts Were Compromised
Dec14

18,500 Patients PHI Exposed After Multiple Email Accounts Were Compromised

The Detroit-based Henry Ford Health System has issued notifications to almost 18,500 patients that some of their PHI has potentially been seen by an unauthorized person. The PHI breach was discovered on October 3, 2017 when unauthorized access to the email accounts of several members of staff was detected. While protected health information was possible accessed or stolen, the health system’s EHR system was not accessed at any point. All data was restricted to the compromised email accounts. At present it is unclear exactly how access to the email accounts was obtained. Normally, breaches such as this include phishing attacks, where multiple emails are sent to healthcare workers that trick them into disclosing their login details. An internal review into the breach is underway to...

Read More
Accessing Medical Records Without Authorization Leads to Hospital Employee Being Sacked
Dec13

Accessing Medical Records Without Authorization Leads to Hospital Employee Being Sacked

The medical histories of 769 patients at Lowell General Hospital have been accessed by an member of staff without any valid work reason. By accessing the medical records, the member of staff breached the Massachusetts- based hospital policies and violated the privacy of hospital patients. Once the breach was discovered, and completion of the following investigation, the employee was fired. Lowell General Hospital was content that only one person was involved in the theft, and that this was not a widespread issue at the hospital. Patients affected by the security incident have been alerted and a breach notice has been published on the hospital website. Patients have been advised that the types of information accessed by the former member of staff included names, dates of birth, medical...

Read More
Healthcare Worker Stole PHI of 28,000 Health Care Services Patients
Dec12

Healthcare Worker Stole PHI of 28,000 Health Care Services Patients

Private documents holding the PHI of patients have been stolen by a former employee of the Center for Health Care Services (CHCS) in San Antonio, a provider of mental health treatment and support services for patients with intellectual and developmental disabilities. Notifications of the breach have been sent to 28,434 patients who received care at CHCS before the summer of 2016. The breach of PHI was only found on November 7, 2017, but the data theft happened over 17 months ago. The former member of staff was relieved of their position on May 31, 2016, with the data saved to a personal laptop after that, according to a recent CHCS press statement. The breach was found during discovery in a litigation case between the former health care worker and CHCS. No details have been made public...

Read More
Pennsylvania Obs/Gyn Clinic PHI Breached Due to Improper Disposal
Dec11

Pennsylvania Obs/Gyn Clinic PHI Breached Due to Improper Disposal

Paper files from Women’s Health Consultants, an obstetrics and gynecology practice that had centers in South Whitehall Township and Hanover Township, PA  have been dumped at a recycling center in Allentown, Pennsylvania. The files – containing names, Social Security numbers, and medical histories, including details of cancer diagnoses and sexually transmitted diseases – seem to have come from the firm which is no longer operating. If it not clear these files came to be dumped at the recycling center as the container where the records were found was not covered by surveillance cameras. The recycling center does have a securely locked recycling container where sensitive documents that have confidential information can be left securely, but that container was not used. The...

Read More

PHI Breach at UAB Medicine Leaves 652 Potentially Exposed

In Birmingham, Alabama, the UAB Medicine Viral Hepatitis Clinic has discovered a breach of patients’ protected health information (PHI) that could have affected up to 652 patients. The group, UAB Medicine, uses flash drives to transfer information from its Fibroscan machine to a computer. Two flash drives were identified discovered as missing on October 25, 2017. The portable storage devices were used to hold a limited amount of PHI in relation to the 652 patients concerned. Information stored on these particular devices included first and last names, gender, birth dates, images and numbers corresponding to test results, medical diagnosis, names of referring doctors, and the dates and times of appointments. In a release,  UAB Medicine has confirmed that no Social Security credentials,...

Read More
Personal Information of New York Pharmacy Customers Exposed in Improper Disposal Incident
Dec06

Personal Information of New York Pharmacy Customers Exposed in Improper Disposal Incident

A security breach, involving the improper disposal of a device used to capture customers’ signatures, has been encountered by ShopRite Supermarkets, Inc. The device in question was used at the ShopRite, Kingston, NY location between 2005 and 2015 and stored personal and medical data. Customers who attended the pharmacy and had prescriptions supplied between 2005 and 2015 have potentially been impacted by the exposure. For those customers, the device stored data such as names, phone numbers, prescription details, dates and times of pickup or delivery, zip codes, medication names, and customers’ signatures. The device in question was also used for customers who bought an over-the-counter product that contained pseudoephedrine. Those customers have had their driver’s license number, zip...

Read More
Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals
Dec05

Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals

Sports Medicine & Rehabilitation Therapy (SMART), based in Massachusetts, has contacting 7,000 clients regarding a breach of their protected private health information that occurred in September 2017. Potentially, the breach impacted all clients whose data was saved during a visit to a SMART outlet prior to December 31, 2016. Hackers, in an extortion attempt, accessed SMART systems, allegedly stole private information, and asked for a ransom payment to prevent the information from being made available online. It was not confirmed, in the breach notification letters, if the ransom was paid, although SMART has told its clients that there is “no reason to believe that the data has been or will be used for further nefarious purposes.” The matter has been reviewed by the FBI and Homeland...

Read More
Multiple Breaches Leads to $2m Fine for Cottage Health
Dec04

Multiple Breaches Leads to $2m Fine for Cottage Health

Cottage Health, the Santa Barbara-based healthcare provider, will pay $2 million to resolve multiple violations of state and federal laws as per a directive from the California attorney general’s office. The group was examined by the California attorney general’s office in relation to a breach of private patient data back in 2013. The breach of data was found by the organization on December 2, 2013, when someone made the healthcare network aware of it that fact, using the voicemail warning system, that sensitive patient information was listed by the search engines and was available for everyone via Google. Over 50,000 patients had their sensitive information available online, without authentication requirements such as a password and the server on which the information was stored was not...

Read More
Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen
Nov30

Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen

An unencrypted laptop has been stolen from one of its employees of Rocky Mountain Health Care Services of Colorado Springs. This is the second such incident to be identified in just three months. The most recent incident was identified on September 28. The laptop computer was seen to store the protected health information of a small number of patients. The types of data stored on the device included first and last names, addresses, dates of birth, health insurance details, Medicare numbers, and limited treatment details. The breach incident has been reported to law enforcement and patients affected by the incident have been alerted by mail. Rocky Mountain Health Care Services, which also conducts business as Rocky Mountain PACE, BrainCare, HealthRide, and Rocky Mountain Options for Long...

Read More
Medical College of Wisconsin Phishing Attack Affects 9,500 Patients
Nov29

Medical College of Wisconsin Phishing Attack Affects 9,500 Patients

The exposure of approximately 9,500 patients’ protected health information at the Medical College of Wisconsin has been caused by a phishing attack. The attackers were able to gain access to several staff members’ email accounts, which included a variety of sensitive information of patients and some faculty employees. The types of data in the accessed email accounts included names, addresses, medical record numbers, dates of birth, health insurance details, medical diagnoses, treatment details, surgical information, and dates of service. A very small number of people also had their Social Security numbers and bank account information accessed. The incident happened over the space of a week in the summer between July 21 and July 28 when spear phishing emails were transmitted to specific...

Read More
Clinic Worker Who Stole PHI Jailed for Five Years
Nov27

Clinic Worker Who Stole PHI Jailed for Five Years

A staff member at a clinic who stole the protected health information of mentally ill patients and sold the data to identity thieves for profit has fail in an appeal to get a five-year jail term lessened. Jean Baptiste Alvarez, aged 43, of Aldan, PA, obtained daily census sheets from the Kirkbride Center, a 267-bed behavioral health care facility located in Philadelphia. The census sheets included all the information required to steal the identities of patients and submit fraudulent tax returns in their names – Names, Social Security numbers, dates of birth along with other personally identifiable information. Alvarez had the chance to obtain the data without being detected, as the area where the sheets were kept did not have security cameras in operation. Alvarez was paid $1,000 per...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna says it found the breach on September 21, when a worker reported suspicious activity on their computer. An inquiry was begun which revealed unauthorized people had gained access to that person’s computer. They have not yet discovered whether the attacker viewed, stole or misused any patient data, but the possibility of data access and misuse could not be ruled...

Read More
Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People
Nov22

Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People

Blue Cross and Blue Shield of Florida, dba Florida Blue, has announced to the public that the personally identifiable information of a small number of insurance applicants has been improperly accessed online. Florida Blue discovered to the exposure of patient data in late August 2017 and immediately initiated a review. Florida Blue reports that the showed that 475 insurance applications had been saved to the cloud by an unaffiliated insurance agent, Real Time Health Quotes (RTHQ). The data backup incorporated agency files and some copies of health, dental, and life insurance applications from the time period 2009-2014. Those files were left accessible as an unsecured cloud server was utilized to store the backup files. As a direct result of this, those files could have been obtained by...

Read More
Protenus November Breach Baromoter Highlight Internal Breaches
Nov21

Protenus November Breach Baromoter Highlight Internal Breaches

Following an unusually bad September, healthcare data breach incidents fell to more typical levels, with 37 breaches tracked in October according to the November 2017 Healthcare Breach Barometer Report from Protenus. The Protenus monthly summary of healthcare data breaches collates incidents reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), and incidents made public using media outlets and tracked by databreaches.net. Those incidents include several HIPAA breaches that have still not been reported to OCR, including a significant breach that has impacted a minimum of 150,000 individuals – the actual number of individuals impacted will not be revealed until the investigation has come to an end. The numbers of individuals impacted by another eight HIPAA...

Read More
New Jersey Medical Practice has Boxes of Medical Records Stolen
Nov21

New Jersey Medical Practice has Boxes of Medical Records Stolen

Otolaryngology Associates of Central Jersey is making contact with patients to advise them of breach of their protected health information, following a theft at an off-site storage service in East Brunswick, NJ. The thieves removed thirteen boxes of paper medical records from the service, which included data like names, addresses, health insurance account numbers, birth dates, dates of military duty served, and the names of treating physicians. A small number of driver’s license numbers and Social Security numbers were among the stolen records. The theft was quickly spotted and law enforcement was alerted. An internal inquiry was begun, and steps were taken to reduce the potential for similar breaches to occur in the future. The medical records were being stored at the service in...

Read More
Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan
Nov17

Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan

The financial sector banking Trojan Ursnif, one of the most commonly experienced banking Trojans, has before been used to attack banking institutions. However, it seems the individuals behind the malware have expanded their horizons, with cyberattacks now being carried out on a wide variety of groups across many different sectors, including healthcare. The new strain of the Ursnif Trojan was found by researchers at security firm Barkly. The malware was sent in a phishing email that seemed to have been sent in response to a message sent to another group. The spear phishing email included the message thread from previous conversations, suggesting the email information of the recipient had been accessed. The email contained a Word document as an attachment with the message “Morning, Please...

Read More
CyberAttack Infection Found by Catholic Charities of the Diocese of Albany
Nov10

CyberAttack Infection Found by Catholic Charities of the Diocese of Albany

The Catholic Charities of the Diocese of Albany (CCDA) was performing an upgrade of its computer security software during August when it found malware on its systems. The software was discovered to have been placed on one of the computer servers located at its Glens Falls office, which provided treatment to based patients in Saratoga, Warren and Washington Counties in New York. They acted quickly was taken to block access to the server and CCDA called in a computer security company to complete a review into the breach. The investigation, which ran over several weeks, uncovered that access to the server potentially went back as far as 2015. While access to the server was possible and malware software had been installed, the review did not find details to suggest the protected health...

Read More
Ransomware Attack Affects: 8,750 Patients According to Aging Agency
Nov09

Ransomware Attack Affects: 8,750 Patients According to Aging Agency

East Central Kansas Area Agency on Aging (ECKAAA), an Ottawa-based body, has reported that a ransomware attack, resulting in the encryption of files on one of the agency’s servers, has exposed files containing the protected health information (PHI) of approximately 8,750 patients. The cyberattack happened on September 5, 2017 and was immediately located by ECKAAA, which took swift moves to limit the spread of the infection. Dues to this, only parts of the server had files encrypted. Those files were found to contain names, telephone numbers, addresses, birthdates, Medicaid numbers, and Social Security details. ECKAAA contracted a cybersecurity firm to help with the investigation and determine the true extent and nature of the attack. The investigation showed the ransomware variant used...

Read More
NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)
Nov08

NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)

Aiming to protect New Yorkers from unwelcome breaches of their personal information, The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) has been introduced into the legislature in New York by Attorney General Eric T. Schneiderman. It is hoped that this Act with ensure that those affected will be notified when such breaches are incurred. Sponsored by Senator David Carlucci (D-Clarkstown) and Assembly member Brian Kavanagh (D-Manhattan), the program bill is intended to strenthen protections for New York residents without placing an unnecessary burden on companies. The introduction of the SHIELD Act comes in the aftermath the Equifax data breach which affected more than 8 million New Yorkers. In 2016, more than 1,300 PHI breaches were filed to the New York attorney...

Read More
Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account
Nov07

Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account

A breach of HIPPA has occurred at the Texas Children’s Health Plan after it has been found that the protected health information (PHI) of 932 clients has been emailed to the personal private email account of a former member of staff. The violation of privacy was incident was first seen on September 21, 2017, although it was discovered that the former member of staff emailed the private data in November and December 2016. The emails included in the breach were discovered during a routine review of the organization’s IT infrastructure. Texas Children’s Health Plan moved quickly once the breach was found and took steps toto mitigate risk. The health insurance plan has also adapted additional security measures to prevent similar breaches incidents from being experienced in the future...

Read More
New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack
Nov03

New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack

A new variant of the WannaCry ransomware has been detected in a cyber attack on FirstHealth of the Carolinas, a Pinehurst, SC-based not for profit health provider. WannaCry ransomware came to global attention in cybers attacks in May 2017. In excess of 230,000 computers were infected within one day of the worldwide attacks starting. The ransomware variant had wormlike features and was capable of spreading quickly and affecting all vulnerable networked comptuing technology. The hacking campaign was blocked when a kill switch was found and switched on, preventing file encryption.  However, FirstHealth has identified the malware used in its cyber attack and is of the opinion that it is a new WarnnaCry ransomware variant. The FirstHealth ransomware attack began on October 17, 2017. The...

Read More
PHI of 8,000 Possibly Exposed in Following Office Break In
Nov02

PHI of 8,000 Possibly Exposed in Following Office Break In

An office break in and subsequent computer theft has lead to the possible exposing of the protected health information (PHI) of up to 8,000 clients of Brevard Physician Associates. has been exposed after a desktop computer was stolen in a burglary. The break in happened on Labor Day September 4, 2017 when Brevard Physician Associates business premises was closed. Thieves gained access to the offices early that morning and illegally removed three desktop computers. The office’s alarm system notified the police who attended the scene immediately but were unable to apprehend the individuals responsible for the break in. The police completed a forensic analysis of the location however, so far, this has not lead to any arrests being made in the investigation and the computers in...

Read More
Consolidated Inc. Data Breach Impacts 21,856 People
Oct29

Consolidated Inc. Data Breach Impacts 21,856 People

Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and found an unfamiliar account on the server. Closer inspection of that account showed it was being used to download sensitive data from the server, including the protected health information of patients that used its medical supplies. 21,856 people who received durable medical supplies from the group through their Medicare coverage have potentially been affected. The types of data taken by the hacker included names, addresses, dates of birth, insurance details, and Social Security numbers. While personal information was breached, the hacker was not able to obtain details of any medical conditions suffered by patients, nor details...

Read More
3,725 Veterans Have Their PHI Exposed Due to Missing Laptop
Oct27

3,725 Veterans Have Their PHI Exposed Due to Missing Laptop

A laptop computer, no longer in use, owned by the Mann-Grandstaff VA Medical Center (MGVAMC) in Spokane, WA, has gone missing, potentially leading to the exposure of sensitive patient data. The laptop was linked to a hematology analyzer and held data related to hematology tests. The laptop was in operation between April 2013 and May 2016, but was put out of use when the device became unusable. The laptop, which had been purchased from a vendor, was replaced; however, an equipment inventory showed the device to be missing. The device should have been returned to the vendor it was purchased from, although the vendor has no record of the laptop ever being recalled from MGVAMC. An inventory of equipment at the MGVAMC lab found the device was missing. A complete search of the medical center...

Read More
Data Breaches Drop For Second Consecutive Month
Oct26

Data Breaches Drop For Second Consecutive Month

The latest report of the Breach Barometer from Protenus/Databreaches.net Healthcare shows that data violations have dropped for the second consecutive month, according to . In August, there were 33 reported healthcare data violations, down from 36 incidents in July and 56 in June. While the drop int he number of data breaches is encouraging, that is still more than one healthcare data breach per day. While it was the second best month of the year so for in terms of the number of reported incidents, it was the third worst in terms of the number of individuals impacted. 575,142 people were impacted by healthcare data breaches in July, with the figure rising to 673,934 individuals in August. That figure will rise even more as two incidents were not included in that total since it is not yet...

Read More
Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified
Oct24

Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified

The HHS’ Office of Inspector General (OIG) has completed an audit of Alabama’s Medicaid data and information systems to adetermine whether the state was in compliance with federal regulations. The review included the Medicaid Management Information System (MMIS) and associated policies and processes. OIG also carried out a vulnerability scan on networked devices, databases, websites, and servers to identify vulnerabilities that could potentially be exploited to gain access to systems and sensitive information. The audit showed Alabama’s MMIS had multiple weaknesses that could possibly be exploited by hackers to gain access to its systems and Medicaid data. Alabama had implemented a security program for its MMIS, although several weaknesses had been allowed to continue. OIG stated in its...

Read More
PHI of 10,500 Patients Found in Illinois Basement
Oct18

PHI of 10,500 Patients Found in Illinois Basement

The medical history of more than 10,000 patients have been discovered in a basement in Aurora, Illinois. The documentation was located at the house, rented from Naperville-based psychiatrist Dr. Riaz Baber, M.D., by the woman who rented it. The files had been stored in the basement for at least 4 years. The female tenant, Barbara Jarvis-Neavins, claims that she was given access to the basement by the psychiatrist’s wife when workmen had carry out some work at the house. She says she was advised that she must be in the presence of the workers when they were in the basement. Ms. Jarvis-Neavins said she felt that she should report the fact that the files were stored in the basement ,which she could access, to the relevant authorities. However she feared that by doing so would lead to her...

Read More
51,000 Plan Subscribers Hit by Network Health Phishing Attack
Oct16

51,000 Plan Subscribers Hit by Network Health Phishing Attack

Network Health has advised 51,232 of its plan subscribers that some of their protected health information (PHI) has possibly been accessed by unauthorized people. In August 2017, some Network Health Wisconsin-based employees received sophisticated phishing emails. Two of those staff members responded to the scam email and divulged their login credentials to the attackers, who used the details to gain access to their private email accounts. The compromised email accounts stored a range of sensitive information including names, phone numbers, addresses, dates of birth, ID numbers, and provider data. No financial data or Social Security numbers were included in the compromised accounts, although certain peoples’ health insurance claim numbers and claim details were potentially accessed. The...

Read More
Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization
Oct09

Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization

After a seemingly prolonged period of inactivity, the hacking group TheDarkOverlord has revealed another attack on a U.S. healthcare supplier, Mass-based SMART Physical Therapy (SMART PT). The hack reportedly happened on September 13, 2017, with the announcement of the data theft released by TDO on Twitter on Friday 22, 2017.  No details were given as to how access to the data was gained, although it was revealed to databreaches.net that the attack took advantage of the use of fragile passwords. The entire database of patients was reportedly obtained. Databreaches.net was provided with the patient database and has was able to  confirm that the attack was genuine. The database held a wide range of data on 16,428 patients, including contact information, dates of birth and Social Security...

Read More
Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection
Oct09

Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection

Catholic Charities of the Diocese of Albany (CCDA) has discovered, during a software upgrade in August 2017, that malware  was installed on one of the computer servers used by its Glens Falls premise, which provides services in Saratoga, Warren and Washington Counties in New York. A quick response was taken to block access to the server and CCDA called in a computer security firm to carry out an investigation into the unauthorized access. The review, which took several weeks to finish, revealed that access to the server potentially as far back as 2015. While access to the server was possible and malware had been put in place, the investigation did not uncover proof to suggest the protected health information of patients had been accessed or stolen. A review of the server showed the...

Read More
128,000 Arkansas Patients Attacked by Ransomware
Oct05

128,000 Arkansas Patients Attacked by Ransomware

128,000 patients at the Arkansas Oral Facial Surgery Center in Fayetteville have had their private information potentially impacted following a a ransomware. Ransomware was believed to have been placed on its network between July 25 and 26, 2017. The attack was identified quickly, although not before files, x-ray images, and documents had been encrypted. The incident did not break through the encryption of its patient database, except for a ‘relatively limited’ set of patients who data related to their recent visits encrypted. Those patients had visited the center for medical services in the three weeks before to the ransomware attack. The ransomware attack is still under review, although to date, no proof of data theft has been located. Arkansas Oral Facial Surgery Center believes the...

Read More
Medical Records Illegally Acccessed at PeaceHealth Over Six-Year Period
Oct04

Medical Records Illegally Acccessed at PeaceHealth Over Six-Year Period

It has been discovered that the medical records of almost 2,000 patients was illegally accessed by a former employee at PeaceHealth, a not-for-profit Catholic health system based in Vancouver, WA.   The unauthorized access was identified by PeaceHealth on August 9, 2017, leading tyo an investigation. PeaceHealth found the inappropriate access started in November 2011 and went on until July 2017. The inquiry revealed that Social Security numbers and financial information were not obtained by the employee, although patient names, medical record numbers, admission and discharge dates, medical diagnoses, and progress notes were all seen. Due to the nature of information that was accessed, and the results of the internal inquiry, PeaceHealth does feel any patients impacted by the breach...

Read More
Ransomware and Phishing Rated Top Threats by IT Professionals
Oct03

Ransomware and Phishing Rated Top Threats by IT Professionals

A recent survey by Cyren, conducted by Osterman Research, has revealed the biggest concerns of IT professionals are ransomware and phishing. When asked about their biggest security concerns, 62% said ransomware, 61% said phishing, and 54% said data breaches. The survey also showed that investment in cyber defenses has increased, yet for many firms, even further investment in security solutions has failed to prevent data breaches. It is unsurprising that confidence in the ability to prevent data breaches and cyberattacks is so low, as 68% of SMBs surveyed had experienced at least one serious security breach in the past 12 months. 29% said they had experienced a successful phishing attack, while 18% had ransomware installed that encrypted files. 63% of SMBs said they have increased their...

Read More
1,140 Patients Have Private Data Violated at Our Lady of the Angels Hospital
Oct03

1,140 Patients Have Private Data Violated at Our Lady of the Angels Hospital

An investigation has show that a former member of staff obtained the medical records of 1,140 patients without authorization at Our Lady of the Angels Hospital. The former staff member had been granted access to the protected health information in order to conduct work duties; however, hospital staff found that the employee was accessing medical records without any acceptable work reason for doing so. The unauthorized access was found on July 25, 2017, and the employee’s access to the medical record system was immediately deactivated.  The employee was also fired. Rene Ragas, President and CEO, Our Lady of the Angels Hospital, commented, “Patient privacy is a top priority and we have a zero-tolerance policy for employees who improperly access patient data.” A compete investigation was...

Read More
Mercy Health Love County Hospital Breach Might have Exposed Records of 13,000 Patients
Oct02

Mercy Health Love County Hospital Breach Might have Exposed Records of 13,000 Patients

The personal data of more than 13,000 patients at Mercy Health Love County Hospital in Oklahoma may have been breached. On June 23, 2017, the hospital found that an employee had stolen a laptop computer and paper records from a storage unit which was owned by the hospital. The breach notice broadcast by Mercy Health revealed that the records of 10 patients were taken from the device along with the laptop. The theft of PHI was first investigated by the Love County Sheriff’s Office. That  showed the former member of staff had used the stolen data to fraudulently obtain credit cards in the patients’ names. A second person is also understood to have been involved. Mercy Health had up to 60 days to make patients aware of the breach under HIPAA Rules. However, all ten patients were notified...

Read More

Hurricane Maria Disaster Zone: Partial HIPAA Privacy Rule Waiver Issued by HHS

A third HIPAA waiver has been issued by the U.S. Department of Health and Human Services, following applying two earlier partial waivers of HIPAA sanctions and penalties in areas affected by hurricanes previously in 2017. On this occasion the waiver is in relation to the Hurricane Maria disaster zone in Puerto Rico and the U.S. Virgin Islands. As with the waivers issued in relation to Hurricane Harvey and Hurricane Irma, the waiver only applies to covered bodies in areas where a public health emergency has been declared, only for 72 hours following the implementation of the hospital’s disaster procedures, and only for specific provisions of the HIPAA Privacy Rule: The requirements to receive a patient’s agreement to speak with family members or friends involved in the patient’s...

Read More
Equifax Announces Second Data Breach Occurred Five Months Ago
Sep19

Equifax Announces Second Data Breach Occurred Five Months Ago

The Equifax data breach that exposed the records of 143 million consumers was not the only data breach the firm experienced this year. Equifax has said a second, earlier breach was discovered in March. A statement released by the credit monitoring agency says the two attacks were unrelated; however, Bloomberg suggests one person close to the investigation suggested both attacks were performed by the same individuals. It may be that the attacks were performed by different groups with different goals, including using Equifax to gain access to the systems of partner organizations such as banks and other financial institutions. When the first breach was discovered, cybersecurity firm Mandiant was called in to assist with the investigation. It would appear that Equifax felt the first breach...

Read More
Piriform Alerts Users That CCleaner Contained Malware
Sep19

Piriform Alerts Users That CCleaner Contained Malware

Piriform’s CCleaner, a free PC cleaning app with 130 million users around the world, has been discovered to contain malware. Researchers at Cisco Talos recently announced that CCleaner contains a backdoor that was inserted by hackers. The backdoor was present in two versions of the application – the 32-bit version of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. The backdoor was inserted into those versions at least a month before it was discovered, giving the hackers behind the malware plenty of time to gather information on compromised computers, of which there are many. An estimated 2.27 million users have downloaded the infected version of the application, according to Avast, which purchased Piriform this summer. Initially it was thought that as many as 3% of users may have been...

Read More
Beware of Equifax Data Breach Phishing Scams
Sep14

Beware of Equifax Data Breach Phishing Scams

Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the breach, which potentially exposed their names, dates of birth, email addresses, phone numbers, home addresses, Social Security numbers and driver’s license numbers. 209,000 Americans also had their credit card numbers stolen. As is common following any data breach, victims have to be alert to the risk of identity theft and fraud. Criminals are quick to use credit...

Read More
Equifax Data Breach Affects 143 Million Consumers
Sep10

Equifax Data Breach Affects 143 Million Consumers

A massive Equifax data breach has resulted in the exposure, and possible theft, of 143 million American’s records, including highly sensitive data such as Social Security numbers.  To put that figure into perspective, that’s virtually half the population of the United States. Hackers gained access to a website database via an unpatched vulnerability in a web application. Security experts are suggesting the vulnerability was in Apache Struts and that a patch had been issued in March, two months before the attack occurred. In addition to Social Security numbers, the data exposed/stolen included names, addresses, telephone numbers, email addresses, birthdates, and in some cases, driver’s license numbers. Approximately 209,000 individuals also had their credit card numbers stolen, while...

Read More
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Sep01

Kaleida Health Suffers Second Phishing Attack in Space of 2 Months

Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers, diagnoses, treatment information, and other clinical data. Some patients Social Security numbers were also exposed. Patients affected by the phishing attack were notified of the privacy breach on August 25. Even though their information may not have been accessed or obtained, credit monitoring services have been offered out of an abundance of caution. Kaleida...

Read More
City of Hope Phishing Attack Impacts 3,400 Patients
Aug14

City of Hope Phishing Attack Impacts 3,400 Patients

A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not believe the attack was conducted in order to steal data, rather to use the email accounts for further phishing and spam campaigns. That determination was based on an analysis of the actions of the attackers once access to the accounts was gained. However, while data theft was not believed to be the primary goal, it remains a possibility. The investigation...

Read More
2,789 Patients’ PHI Compromised in Phishing Attack
Aug02

2,789 Patients’ PHI Compromised in Phishing Attack

Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one email account. That account contained patients’ names, medical record numbers, diagnoses, dates of birth, treatment information, and other clinical data. The investigation did not confirm that ePHI had been accessed, although the possibility of a PHI compromise could not be ruled out. Patients have now been notified of the incident by mail in accordance with...

Read More
Anthem Inc Announces 18,580 Record Data Breach
Jul31

Anthem Inc Announces 18,580 Record Data Breach

Anthem Inc., has recently settled a class-action lawsuit filed by the victims of its 2015 data breach that saw 78.8 million health insurance records stolen by hackers. The insurer settled the case for $118 million. A month after the settlement was announced, the company has confirmed its plan members have been affected by another data breach. This time the insurance records of 18,580 individuals have been exposed. The breach occurred at one of Anthem’s business associates – LaunchPoint Ventures. LaunchPoint Ventures is contracted to provide coordination services to Anthem, which involves being provided with a limited amount of personal information of plan holders. Some of that information was accessed by a former employee of the firm and was emailed to a personal email account....

Read More
ITRC Report Shows Hacking Continues to be the Main Cause of Data Breaches
Jul21

ITRC Report Shows Hacking Continues to be the Main Cause of Data Breaches

The main cause of data breaches in the United States is still hacking according to a new report released by the Identity Theft Resource Center (ITRC). The report also shows that in the year to June 30, 2017, U.S data breaches have hit a record high, with 791 confirmed data breaches reported. The data breach count has increased by 29% since the report was issued last year, with ITRC expecting the data breaches to reach 1,500 by the end of the year. That would represent a 37% increase from 2016, which was also a record-breaking year with 1,093 data breaches reported. While the reporting of data breaches is improving, a record number of organizations have withheld details of the extent of the breaches. ITRC reports that 67% of breach reports and public notices did not detail the number of...

Read More
Ransomware Investigation Uncovered 15-Month Data Breach
Jul20

Ransomware Investigation Uncovered 15-Month Data Breach

When Peachtree Neurological Clinic was attacked with ransomware all was not lost as data were recoverable from backups; however, the ransomware investigation revealed something far worse. Its systems had been breached 15 months previously. The ransomware incident resulted in the encryption of the provider’s electronic medical records. A ransom demand was issued. Payment was required in exchange for the keys to unlock the encryption. Since Peachtree Neurological Clinic had a backup up its data, it was not necessary to pay the ransom. The encrypted files could be restored. A forensic investigation was conducted to determine whether all traces of the ransomware had been removed. Peachtree Neurological Clinic conducted various scans of its system to determine whether the ransomware had been...

Read More
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
Jun15

Southern Oregon University Phishing Attack Results in Theft of $1.9 Million

A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise or BEC. It involves a criminal impersonating a legitimate organization and fooling an employee into making a bank transfer to the criminals’ account. BEC attacks often result in transfers of hundreds of thousands of dollars being made. Those funds can rarely be recovered. By the time the scam is uncovered, the money has been withdrawn from the criminals’...

Read More
Patient Portal Security Flaw Exposed Data of Molina Healthcare Patients
May31

Patient Portal Security Flaw Exposed Data of Molina Healthcare Patients

A patient portal security flaw has resulted in the exposure of patient claims information. Claims information had been uploaded to the patient portal of the Long Beach, California-based managed care company Molina Healthcare; however, the information was accessible without any authentication checks. Patients who had been sent a link to their claims could click those links without any checks being performed to ensure they were the intended recipients of the links. Any individual with access to the link could access patients’ claims information. Further, the system used to number claims meant that if a digit in the URL was changed, it was possible to view the claims information of other patients. For example, if the claim number was 1234567, changing the claim number to 1234560 would bring...

Read More
Children’s Mercy Hospital Alerts 5,500 Patients to a Potential PHI Breach
May31

Children’s Mercy Hospital Alerts 5,500 Patients to a Potential PHI Breach

Children’s Mercy Hospital in Kansas City has started notifying more than 5,500 patients that some of their electronic protected health information has been exposed online. Personally identifiable information and protected health information were discovered to have been uploaded to a website set up by one of the hospital’s physicians. The website was intended to serve as an educational resource. The physician had protected the site with a password before uploading patient health information. The physician believed that the site had been appropriately secured and patient health information could not be accessed by unauthorized individuals. However, the website, which was not owned nor maintained by Children’s Mercy Hospital, violated hospital policies and did not meet the...

Read More
Healthcare Data Breach Reporting Improves; IT Security Incidents Rise
May23

Healthcare Data Breach Reporting Improves; IT Security Incidents Rise

The monthly Breach Barometer Report from Protenus shows healthcare data breach reporting is improving, data breaches are down, and there was a significant reduction in healthcare data breach victims in April, 2017. The Health Insurance Portability and Accountability Act (HIPAA) places a time limit on reporting healthcare data breaches to the HHS’ Office for Civil Rights (OCR) and sending breach notifications to patients. That time limit is 60 days from the discovery of the breach. Healthcare organizations face fines for late breach notifications, with this year seeing the first settlement with a covered entity based solely on delayed breach notifications. OCR sent a message to healthcare organizations with that settlement. Delaying breach notifications is a serious HIPAA violation and...

Read More
True Health Diagnostics Website Flaw Exposes Patient Records
May09

True Health Diagnostics Website Flaw Exposes Patient Records

The health reports of patients of the True Health Group have been exposed online and were viewable by other patients for months – most likely years – due to a True Health Diagnostics website flaw. True Health Diagnostics is a Frisco, TX-based company that offers a wide range of testing procedures for genetic and other diseases. The company operates a web portal which patients can access to view their test results. Logging into the web portal allows patients to access PDF files containing their personal information and testing data. However, logging into the site did not only allow patients to view their own records, but also those of other patients. The PDF file names had sequential numbers. Changing the PDF file name in the URL would easily allow patients to view other test...

Read More
Suspected Ransomware Attack Impacts Erie County Medical Center Patients
Apr12

Suspected Ransomware Attack Impacts Erie County Medical Center Patients

It has been a bad month for healthcare industry ransomware attacks and malware infections. A ransomware attack on Ashland Women’s Health was confirmed this week which impacted 19,272 patients and last week an ABCD pediatrics ransomware attack impacted 55,447 patients. On Sunday, another healthcare organization discovered a ‘virus’ had arrived via email and made its way onto the network. Erie County Medical Center in Buffalo, New York was forced to shut down its computer systems to prevent the spread of the virus. So far, the incident has resulted in computer systems being offline for three days. The hospital is still without access to email and the hospital website is still out of action, although other computer systems have now been brought back online. The virus caused some disruption,...

Read More
Ashland Women’s Health Ransomware Attack Confirmed
Apr12

Ashland Women’s Health Ransomware Attack Confirmed

The ransomware attacks on healthcare providers are continuing, with one of the latest victims a small one-practitioner gynecology practice in Ashland, Kentucky. Ashland Women’s Health recently informed the Department of Health and Human Services’ that the attack had potentially resulted in patients’ protected health information being accessed by the attackers. Ransomware attacks are reportable to OCR unless a healthcare provider can demonstrate there was a low probability that ePHI was compromised. In this case, that could not be ruled out with a high degree of certainty. Potentially the ePHI of up to 19,727 patients was compromised. While Locky, CryptXXX, Cerber, and Samsa have been extensively used in targeted attacks on healthcare providers, in this case the attack involved a lesser...

Read More
Ransomware Attack on ABCD Pediatrics Impacts 55,000 Patients
Apr05

Ransomware Attack on ABCD Pediatrics Impacts 55,000 Patients

The protected health information of more than 55,000 patients has potentially been compromised in a recent ransomware attack on ABCD Pediatrics. Attackers gained access to ABCD Pediatrics’ servers and Dharma ransomware was installed, resulting in the encryption of some PHI. Dharma ransomware is a variant of CrySiS ransomware. CrySiS ransomware was one of the most popular ransomware variants in 2016, although late last year ESET released a decryptor that allowed victims to recover their files free of charge. Last month, a free decrytptor was developed for Dharma ransomware following the release of decryption keys online.  However, the ransomware attack on ABCD Pediatrics occurred on February 6, almost a month before the decryptor was released. ABCD pediatrics was able to recover from the...

Read More
Med Center Health Data Breach Impacts 160,000 Patients
Mar24

Med Center Health Data Breach Impacts 160,000 Patients

The Federal Bureau of Investigation is investigating a major Med Center Health data breach that impacts many affiliates and around 160,000 patients. The Med Center Health data breach was not the result of hackers, instead data is believed to have been stolen by a former employee. The employee is understood to have taken a wide range of sensitive data including patients’ names, addresses, insurance details, procedure codes, billing information and Social Security numbers. Medical records do not appear to have been taken. Individuals affected by the incident had previously received medical services at the organization’s medical centers in Bowling Green, Franklin and Scottsville or the Commonwealth Regional Specialty Hospital, Cal Turner Rehab or Specialty Care and Medical Center EMS. The...

Read More
Insider Healthcare Data Breaches Soar in February
Mar20

Insider Healthcare Data Breaches Soar in February

February saw a major increase in insider healthcare data breaches, according to the latest healthcare data breach report from Protenus. The February Breach Barometer report indicates there were 31 reported healthcare data breaches in February. While the figure is on a par with January, which also saw 31 healthcare data breaches reported, there was a significant rise in insider healthcare data breaches last month. Insider incidents accounted for 58% of the total number of reported breaches, twice that of the previous month. Those incidents were fairly evenly split between malicious acts and errors. Eight incidents were the result of insider wrong doing while nine incidents were logged as errors made by healthcare employees. The rise in insider healthcare data breaches is a concern....

Read More
Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted
Feb23

Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted

The largest healthcare W-2 phishing scam of the year to date has recently been reported by American Senior Communities of Indiana. While many organizations have already reported being fooled by phishing emails this tax season, this was the largest healthcare W-2 phishing scam by some distance, impacting more than 17,000 of the organization’s employees. This year has already seen 74 organizations scammed, and that number is certain to rise over the coming weeks. Schools have been extensively targeted this year, although there have been at least 9 healthcare organizations that have fallen for the phishing scam this year. Campbell County Health, Pointe Coupe Hospital, Adventist Health (Tehachapi Valley), SouthEast Alaska Regional Health Consortium, eHealthinsurance, Citizens Memorial...

Read More
Google Removes Ransomware App from Its Play Store
Jan26

Google Removes Ransomware App from Its Play Store

An app in the Google Play store has been discovered to have been loaded with ransomware. Google has recently removed the ransomware app from its Play Store, although it is not known how many individuals have already been infected. The app in question is called EnergyRescue. The purpose of the app was to help users manage the use of their phone batteries. However, that was not the real purpose of the app. According to researchers at CheckPoint, the app was malicious and contained a form of malware dubbed Charger. The malware was an information stealer and was used to steal SMS messages from infected devices. The Charger malware was also capable of stealing other sensitive data from infected Android phones and had a ransomware component that would lock users’ phones after information had...

Read More
SEC Investigation of Yahoo Breach Launched
Jan25

SEC Investigation of Yahoo Breach Launched

The U.S. Securities and Exchange Commission will be investigating Yahoo over the two massive data breaches announced late last year. The SEC investigation of Yahoo will not be concerned with the controls put in place by the company to prevent data breaches, but whether Yahoo should have informed its investors of the breaches more quickly. In September, Yahoo announced that it had experienced a massive data breaches that had impacted hundreds of millions of its users. Since that announcement, the company has been heavily criticized for its handling of the breach. Questions have also been asked about when the company first became aware that its systems had been breached and why it took so long for notifications to be issued. In December, a second announcement was made, this time about a...

Read More
Sentara Healthcare Data Breach Investigated
Jan16

Sentara Healthcare Data Breach Investigated

Sentara Healthcare is investigating a data breach suffered by one of its third-party vendors that resulted in patients’ protected health information being accessed by an unauthorized individual. Sentara Health was notified of a potential ePHI breach by law enforcement on November 17, 2016. An internal investigation was then immediately launched to determine the source of the breach, which led to one of its vendors. The vendor of the 12-hospital healthcare system is not responsible for providing healthcare services to patients. The company was contracted to provide data and benchmarking services. However, no further information about the vendor or the source of the breach have been released. It is therefore unclear whether a hacker gained access to the vendor’s systems or if data were...

Read More
Ransomware Infection Impacting 19,000 Individuals Investigated by Highmark BCBS of Delaware
Jan15

Ransomware Infection Impacting 19,000 Individuals Investigated by Highmark BCBS of Delaware

A subcontractor of Highmark Blue Cross Blue Shield of Delaware has experienced a ransomware infection and cyberattack that has potentially compromised the personal information of approximately 19,000 beneficiaries of employer-paid health plans. The ransomware attack occurred at Highmark BCBS subcontractor Summit Reinsurance Services on August 5, 2016, although affected individuals have only just been notified of the incident. An investigation into the ransomware attack has now been launched by Highmark BlueCross BlueShield of Delaware which has revealed that 16 current and former self-insured customers have been affected. While it was the ransomware infection that tipped off SummitRe that its systems had been compromised, an investigation into the cyberattack revealed that access to its...

Read More
ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles
Jan09

ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles

E-Sports Entertainment Association (ESEA) has announced it has been the victim of an extortion attempt after a hacker infiltrated one of its game servers. The ESEA hacking incident resulted in the theft of 1.5 million player profiles and other user data. The hack occurred on December 27, 2016. Access was gained to an ESEA game server, data were exfiltrated, and a $100,000 ransom demand was issued by the attacker. The hacker said that if the ransom was paid, no mention of this incident would be made and the data would not be sold on or published. Failure to pay the ransom would result in the data being published online. Contact was made with ESEA through its bug bounty program. ESEA obtained the attacker’s email address and requested proof of data theft. ESEA was able to rapidly confirm...

Read More
Los Angeles Valley College Ransomware Attack: 28K Paid for Key
Jan09

Los Angeles Valley College Ransomware Attack: 28K Paid for Key

A Los Angeles Valley College ransomware attack on January 6, 2017 resulted in student data being locked and 1,800 college administrators and teachers being prevented from gaining access to their computer system and essential files. Ransomware is malicious software that encrypts a wide range of file types, including databases. The data is not moved or copied, just renamed and encrypted. In order to unlock the encryption, a unique key is required. The only key to unlock the encryption is held by the attacker. Payment of the ransom should see the key supplied to allow data to be unlocked, although there are no guarantees. There have been numerous instances where ransom payments have been made, yet the attackers have failed to supply a viable key to unlock the data. Unfortunately, many...

Read More
Switcher Trojan Infects Wi-Fi Routers via Android Mobiles
Jan03

Switcher Trojan Infects Wi-Fi Routers via Android Mobiles

An incredibly dangerous new Trojan has been detected by Kaspersky Lab which is being used to attack Wi-Fi routers via Android devices. The new malware – named the Switcher Trojan – is currently only being used to attack routers in China, although Kaspersky Lab researchers warn that this new malware signals a dangerous new trend – One that could well become a global problem. The typical way that hackers gain control of Wi-Fi routers is by performing direct attacks; however, this method of attack is far more efficient. The attackers are infecting Android users and they are used as pawns in Wi-Fi router attacks. Once a user’s device is compromised, any Wi-Fi router that they attempt to connect to will be subjected to a brute force attack. If the attack succeeds the attackers will gain...

Read More
Yahoo Breach the Work of Cybercriminals with Nation-State Connections
Dec20

Yahoo Breach the Work of Cybercriminals with Nation-State Connections

Data from the Yahoo breach of 1 billion user accounts has already been sold on the black market on multiple occasions, according to InfoArmor. While Yahoo maintains that the attack was performed by a nation-state sponsored hacking group, InfoArmor’s research suggests otherwise and many security experts agree. Instead of a nation-state sponsored hacking group, it has been suggested that it was a criminal organization behind the attack, with those actors believed to reside in Russia and/or Ukraine. InfoArmor’s chief intelligence officer Andrew Komarov claims the attack was performed by a hacking group operating under the name “Group E.” The group comprises of four hackers of Eastern European and Russian origin. The group is involved in hacking organizations to obtain data which are then...

Read More
1Bn Accounts Compromised in 2013 Yahoo Cyberattack
Dec15

1Bn Accounts Compromised in 2013 Yahoo Cyberattack

In September 2016, Yahoo announced it had been hacked and half a billion accounts were compromised; however, yesterday it was revealed that a 2013 Yahoo cyberattack that was twice the size. The credentials of more than 1 billion users were reportedly stolen in the 2013 Yahoo cyberattack. The Yahoo cyberattack announced in September was the largest data breach ever reported. This was particularly bad news as the company had just agreed to sell its core business to Verizon Communications. While the deal is not believed to have been derailed, Verizon is now seeking a substantial reduction in the purchase price as a result of the Yahoo brand being devalued. It since emerged that some individuals at Yahoo were even aware of the breach long before the deal with Verizon was agreed. It has been...

Read More
Madison County Pays $220,000 to Improve Defenses After Ransomware Attack
Dec14

Madison County Pays $220,000 to Improve Defenses After Ransomware Attack

The Madison County ransomware attack that took out many of the county’s computer systems last month could only be resolved by paying a $21,000 ransom as no viable backup existed. On the advice of the County’s insurance company, the ransom was paid. Madison County will not be required to cover the cost of the ransom, only the deductible. However, a ransomware attack costs considerably more to resolve than the cost of the ransom to obtain keys to unlock the encryption. The costs have continued to rack up since the November 4, ransomware attack. Madison County first had to pay a company to restore the files that had been encrypted. U.S. Signal was contracted to complete the task and was paid $17,500. Now, the County has committed a further $198,180 to pay for a new ransomware defense system...

Read More
Arkansas Sherriff’s Office Pays 3 Bitcoin Ransom to Unlock Files
Dec14

Arkansas Sherriff’s Office Pays 3 Bitcoin Ransom to Unlock Files

The cybercriminals behind a ransomware attack on an Arkansas Sherriff’s office have been paid 3 Bitcoin ($2,400) to supply the keys to decrypt files locked by the ransomware. The ransomware attack on the Carrol County Sheriff’s office occurred on December 5, 2016 and resulted in its computer systems being taken out of action for just under a week. The attackers used a fairly new ransomware variant called Dharma, which is from the same ransomware family as CrySIS. Dharma ransomware is understood to be primarily delivered to end users using exploit kits that probe for security weaknesses in web browsers, although DLL file attacks, malicious JavaScript and drive-by downloads are also used to spread infections. Multiple files were encrypted including the Police department’s management...

Read More
Dailymotion Cyberattack Impacts 85 Million Users
Dec06

Dailymotion Cyberattack Impacts 85 Million Users

According to LeakedSource, a recent Dailymotion cyberattack has resulted in email addresses, usernames, and passwords being obtained by hackers. Dailymotion is one of the leading web video platforms and is rated by Alexa as the 113th most popular website. In April 2015, the site attracted 148 million visitors. The Dailymotion cyberattack is understood to have occurred on or around October 20, 2016, which means account credentials may have already been used for phishing attacks or sold on to multiple individuals. The Dailymotion cyberattack is believed to have impacted approximately 85.2 million of the site’s users. Individuals affected by the breach have had their unique username and email address compromised, although the individual behind the attack is only believed to have obtained...

Read More
San Francisco Transport System Ransomware Attack Reported
Nov28

San Francisco Transport System Ransomware Attack Reported

A San Francisco Transport System ransomware attack occurred this weekend that resulted computers used by the city’s light rail system being encrypted. The attackers demanded a 100 Bitcoin ($70,000) ransom to supply the key to unlock the encryption. A statement released by the San Francisco Municipal Transportation Agency (SFMTA) confirmed that while the attack resulted in computer systems being taken out of action, transport was unaffected. “There’s no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact.” The attack did force SFMTA to allow passengers to travel free of charge during the attack, but all data have now been restored and it appears the ransom was not paid. The computer system has now been brought back online. The...

Read More
Facebook’s Darknet Password Buying Practice Revealed
Nov17

Facebook’s Darknet Password Buying Practice Revealed

The data obtained from cyberattacks is often listed for sale on Darknet marketplaces for cybercriminals to purchase, yet who actually buys these data? Passwords are bought by cybercriminals to gain access to users’ online accounts for a wide variety of nefarious activities, but it is not only criminals that are interested in these data. It has recently emerged that Facebook also buys stolen passwords. Facebook CSO Alex Stamos revealed last week that the social media giant buys stolen passwords on the black market and uses them to better protect users’ accounts. Facebook can use the stolen passwords and their associated email addresses to scan its users’ accounts to check for a match. If password recycling is discovered, Facebook can then force users to reset the passwords on their...

Read More
Light Cast on Cause of the Tesco Bank Hack
Nov16

Light Cast on Cause of the Tesco Bank Hack

The cause of the Tesco bank hack is not yet known, although security firm Digital Shadows has been narrowing down the possible causes that led to the criminals siphoning off $3.1 million from customers’ bank accounts. Tesco believed up to 20,000 customers may have been affected by the cyberattack on November 5 and 6, although the investigation into the attack has revealed that around 9,000 customers had funds taken out of their accounts. The attackers first attempted to take a small amount of money from customers’ accounts – around $25. If that transaction was successful, a second, larger transaction occurred of between $620 and $990. Tesco Bank is investigating the cyberattack, as is the National Crime Agency, although few details have so far been released on how the perpetrators...

Read More
Patients Informed of Seguin Dermatology Ransomware Attack
Nov15

Patients Informed of Seguin Dermatology Ransomware Attack

Patients have been warned of a Seguin Dermatology ransomware attack that may have resulted in their electronic protected health information being accessed by the attackers. The Texas dermatology clinic was attacked on or around September 12, 2016, although it took until October 26 for a full forensic analysis of the affected computer to be completed. The investigation of the attack did not confirm that patient data had been stolen, although the possibility could not be ruled out entirely. According to a press release from the legal firm Brin and Brin of San Antonio, the forensic analysis revealed there was “a high likelihood” that ePHI was accessed by the attackers. Consequently, the ransomware attack has been reported to the Department of Health and Human Services’ Office for Civil...

Read More
Massive FriendFinder Data Breach Announced: 412 Million Records Exposed
Nov15

Massive FriendFinder Data Breach Announced: 412 Million Records Exposed

A massive FriendFinder data breach has been discovered that impacts more than 412 million users of six adult-oriented friendship, dating, and porn websites. Six databases used by Friend Finder Network Inc., were hacked in October this year, with the hackers managing to steal credentials from hundreds of millions of accounts. The worst hit was the adult dating website Adultfriendfinder.com, which is touted as the world’s largest sex and swinger community. 339,774,493 current and former users of the site have had their account details exposed. Since the site did not delete the credentials of lapsed users of the site when membership expired, their details have also been obtained by hackers. Account details from the past 20 years have been exposed. 62,668,630 users of Cams.com have also had...

Read More
Hackers May Have Used Cookies for Persistent Access to Yahoo Accounts
Nov10

Hackers May Have Used Cookies for Persistent Access to Yahoo Accounts

Yahoo has revealed more about the massive data breach experienced in 2014 and says that in addition to the initial hack that provided hackers with users’ credentials, those actors may also have used cookies to bypass Yahoo security measures. This would have allowed the hackers to access users’ accounts for a considerable period of time after the initial attack. In a US Securities and Exchange Commission filing, Yahoo explained that “Forensic experts are currently investigating certain evidence and activity that indicates an intruder, believed to be the same state-sponsored actor responsible for the security Incident, created cookies that could have enabled such intruder to bypass the need for a password to access certain users’ accounts or account information.” Yahoo is currently trying...

Read More
2016: A Particularly Bad Year for Data Breaches
Nov10

2016: A Particularly Bad Year for Data Breaches

Take a look at any of the websites that track data breaches and one thing is clear: Data breaches are now occurring much more frequently than in previous years, even though organizations have increased cybersecurity budgets and are committing more resources to breach prevention. Since records of data breaches fist started being kept by the Identity Theft Resource Center (ITRC) in 2005, there have been 6,619 data breaches and more than 881 million records have been exposed or stolen. 2014 was a particularly bad year for data breaches, with 783 data exposure or data loss incidents tracked by the ITRC. In 2015, 781 incidents were reported, although the scale of some of those incidents were notable. 2015 saw the colossal data breach at Anthem Inc., which resulted in the theft of a huge...

Read More
Madison County Ransomware Attack: Ransom Paid to Unlock Files
Nov09

Madison County Ransomware Attack: Ransom Paid to Unlock Files

A Madison County ransomware attack over the weekend has resulted in most of the Indiana county’s computer systems being taken out of action, causing major disruption to county services. The ransomware is believed to have been installed on Saturday November 4, and was noticed by Central Dispatch after access to files could not be gained. The voting system was unaffected and emergency services continued to run as normal, although the attack did take out systems used by the courts and on Monday, many of the county’s offices remained closed while efforts continued to resolve the infection. Madison County holds a cyber insurance policy with Travelers, which was contacted once it was clear that file access was prevented as a result of a ransomware attack. According to John Richwine,...

Read More
BEC Attack on El Paso Resulted in Theft of $3.2 Million
Nov04

BEC Attack on El Paso Resulted in Theft of $3.2 Million

The threat from business email compromise attacks has been clearly highlighted by the recently discovered BEC attack on El Paso, TX. According to the Mayor of El Paso, Oscar Leeser, city officials notified law enforcement in October that employees had fallen for phishing scams. Those scams resulted in the attackers stealing $3.2 million in funds from the city. The BEC attack on El Paso was similar to numerous attacks that have taken place in the United States in recent years. The attacker posed as a vendor and informed the city that payment had not been received. A payment of $300,000 was sent, followed by a further payment of $2.9 million from the Camino Real Regional Mobility Authority. The first payment was identified by the CFO after it was noticed that the money had been misdirected...

Read More
UK Government to Commit £1.9bn to Cybersecurity Defenses
Oct31

UK Government to Commit £1.9bn to Cybersecurity Defenses

The increasing threat to the UK’s critical infrastructure has prompted the government to commit more funds to cybersecurity defenses. In a recent speech, the UK chancellor Phillip Hammond promised to spend a further £1.9 billion on defenses to prevent foreign attackers from conducting successful attacks. Hammond believes further investment is required in order for the UK to continue to be able to mount a defense against increasingly sophisticated methods of attack used by cybercriminals. According to Hammond, “If we do not have the ability to respond in cyberspace to an attack which takes down our power network – leaving us in darkness or hits our air traffic control system grounding our planes – we would be left with the impossible choice of turning the other cheek,...

Read More
4.3 Million IoT Devices Recalled in Effort to Curb DDoS Attacks
Oct26

4.3 Million IoT Devices Recalled in Effort to Curb DDoS Attacks

Hangzhou Xiongmai Technology – a major Chinese electronics company – has announced it is recalling thousands of IoT devices after they were hijacked by hackers and used in a spate of massive distributed denial of service (DDoS) attacks. Many of its devices have been added to the Mirai botnet – a network hundreds of thousands of IoT devices used to flood Internet services with traffic rendering them unavailable. The Mirai botnet has been used for massive DDoS attacks on Krebs on Security and the French Hosting company OVH in early October, the latter exceeding 1 Tbps. The Mirai botnet was also used in a massive DDoS attack that took down large sections of the Internet on Friday. The latest attack resulted in some of the biggest websites on the Internet being made inaccessible for...

Read More
Phishing Scam Fools Baystate Health Employees and Exposes PHI
Oct24

Phishing Scam Fools Baystate Health Employees and Exposes PHI

Phishing is a technique commonly used by cybercriminals as an easy way of gaining access to healthcare data. The aim of the scam is to convince individuals into revealing login credentials or infecting their computers with malware. Even when robust cybersecurity defenses are employed to prevent networks and databases from attack, those protections can easily be undone by employees. If employees can be convinced to click malicious links, open infected email attachments, or disclose their login credentials, the attackers can gain a foothold in the network. Phishing scams can be speculative, although increasingly cybercriminals are using highly targeted campaigns. Well-crafted and highly convincing emails are sent that appear to be genuine requests from colleagues to divulge information....

Read More
Weebly Data Breach Impacts 43 Million Customers
Oct21

Weebly Data Breach Impacts 43 Million Customers

A massive Weebly data breach has been uncovered that impacts 43,430,316 customers who have previously created websites using the drag and drop website creation platform. The data breach is understood to have occurred around 8 months ago, although Weebly has only just been informed that it was attacked. Rapid action was taken to shore up security and protect customers. The security breach came to light after an anonymous individual sent the stolen credentials to LeakedSource. The LeakedSource database has now been updated and Weebly was informed of the breach. Notification emails started to be sent to customers on Thursday October 20, 2016. At present, the cause of the breach is unknown. An investigation into the breach is ongoing although steps have already been taken to enhance security...

Read More
2012 LinkedIn Data Breach: Suspect Arrested in Prague
Oct20

2012 LinkedIn Data Breach: Suspect Arrested in Prague

The 2012 LinkedIn data breach was one of the largest ever reported. More than 117 million user credentials were stolen in the attack. This year those records were listed for sale online, although the individuals behind the cyberattack has remained a mystery. The data were listed for sale on Darknet marketplace theRealDeal recently by a hacker going by the name Peace_of_Mind (Peace). However, it is unclear whether Peace was responsible for the attack or was just selling the data. However, Police in the Czech Republic believe they have apprehended one of the hackers behind the 2012 LinkedIn data breach in Prague. The arrest was made on October 5, although the announcement of the arrest was only made yesterday. The identity of the suspect is unknown, although NBC News has identified him as...

Read More
Rainbow Children’s Clinic Ransomware Attack Announced
Oct18

Rainbow Children’s Clinic Ransomware Attack Announced

A recent Rainbow Children’s Clinic ransomware attack has resulted in the protected health information of patients being encrypted and made inaccessible to pediatricians and other clinic staff members. Rainbow Children’s Clinic provides medical services to children in the Arlington and Grand Prairie areas of Texas. On August 3, 2016, the clinic was prevented from accessing certain data that were stored on its servers. An investigation was immediately launched which revealed a hacker had installed ransomware which was used to encrypt data. A third-party computer forensic expert was hired to investigate the attack. It was discovered that in addition to encrypting data, some protected health information had been deleted and was permanently lost. No mention was made of any ransom being paid...

Read More
CalOptima Data Breach Announced: 56K Members Impacted
Oct18

CalOptima Data Breach Announced: 56K Members Impacted

A second CalOptima data breach has been announced just a few weeks after 1,000 members were informed that some of their protected health information had been exposed due to a printing error. CalOptima spokeswoman Bridget Kelly confirmed to the Orange County Register that the latest CalOptima data breach has impacted approximately 7% of CalOptima members – around 56,000 individuals. CalOptima, a public agency created to manage the Medi-Cal program in Orange County, CA,, notified affected members of a breach of sensitive data on October 14. Two months ago, a departing employee was discovered to have downloaded a range of sensitive data to a thumb drive prior to leaving employment at CalOptima. The data were copied onto a thumb drive, which has since been recovered. The CalOptima data...

Read More
Saint Francis Health System Alerts Patients to Warren Clinic Data Breach
Oct15

Saint Francis Health System Alerts Patients to Warren Clinic Data Breach

Tulsa, Oklahoma-based Saint Francis Health System has experienced a cyberattack that has resulted in the theft of patient data. The incident does not impact all Saint Francis patients, only certain patients that have previously received medical services at the Warren Clinic – a network of 70 clinics in Tulsa and eastern Oklahoma. The cyberattack was not detected at the time. Instead, Saint Francis Health System was informed that an attack had occurred by the individuals responsible for the breach. On September 7, 2016, Saint Francis Health System received an email advising of a cyberattack on an external server. The healthcare organization was told that patient data had been exfiltrated and was being held by the attackers. The attackers demanded a payment be made using an anonymous...

Read More
Integrity Transitional Hospital Hack Impacts Multiple Healthcare Providers
Oct15

Integrity Transitional Hospital Hack Impacts Multiple Healthcare Providers

Denton, Texas-based Integrity Transitional Hospital has notified patients, many of whom are children, that some of their protected health information has potentially been viewed and copied by an unauthorized individual who managed to gain access to one of its computer systems. A network intrusion was discovered on August 15, 2016 after suspicious network activity was identified. Rapid action was taken to shut down access and prevent the exfiltration of data. A third party computer forensics company was contracted to conduct a thorough investigation of the hospital’s systems to determine the extent to which its network had been compromised and which, if any patient data has been viewed or copied by the attackers. The investigation revealed a system used to store laboratory data had been...

Read More
Massive Amazon Data Breach? Just a Precautionary Password Reset Apparently
Oct13

Massive Amazon Data Breach? Just a Precautionary Password Reset Apparently

Rumors have been circulating that a massive Amazon data breach had occurred following the decision by the online retail giant to reset the passwords of users’ accounts. Amazon started resetting the passwords on certain accounts on Saturday and the process is ongoing. Emails have now been sent to users to advise them that their passwords were resent as a security precaution. The decision was taken to protect customers whose credentials had been posted online; however, those credentials were not stolen as a result of an Amazon data breach. Instead they are believed to have been obtained in a breach of another platform. The password reset was performed as a proactive defense to prevent Amazon users’ accounts from being compromised. The password reset is understood to only have been...

Read More
Apria Healthcare Data Breach Discovered
Oct13

Apria Healthcare Data Breach Discovered

A recently discovered Apria Healthcare data breach has been discovered which has impacted 1,987 patients. the security breach has resulted in the exposure of a wide range of patient data. The cyberattack was discovered on August 5, 2016 and rapid action was taken to shut down access to Apria Healthcare’s systems. An external computer forensics firm was called upon to investigate the Apria Healthcare data breach. The investigation revealed a single email account had been compromised. The electronic health record system was not compromised in the attack. Apria Healthcare did not disclose how access to the email account was gained. The investigation involved checking every email in the employee’s account to check for the presence of any confidential and sensitive patient data. The...

Read More
Peachtree Orthopedics Discovers Patient Database has been Hacked
Oct13

Peachtree Orthopedics Discovers Patient Database has been Hacked

Peachtree Orthopedics has announced a hacker gained access to a patient database containing names, addresses, dates of birth, email addresses, treatment codes, prescription records, and Social Security numbers. The breach notification letters sent to patients on October 7, 2016 explain that the hacker potentially stole the contents of the database. The data breach was discovered on September 22. Rapid action was taken to secure patient health information and block data access. Outside IT security experts were also brought in to conduct a forensic examination and ensure that its systems were secured to prevent future breaches of ePHI. The FBI was also informed and is investigating the breach. Data theft was not confirmed but it could not be ruled out. Patients have therefore been offered...

Read More
Yahoo Acquisition Price May Be Reduced After Massive Data Breach
Oct07

Yahoo Acquisition Price May Be Reduced After Massive Data Breach

According to a recent article in the New York Post, the Yahoo acquisition price may be reduced following the massive data breach that was reported to have affected 500 million users. Prior to the announcement of the data breach, Verizon was due to buy Yahoo for $4.8 billion. The deal was arranged before news of the data breach broke, but not before the data breach actually occurred. The deal was arranged over the summer, but two weeks ago news broke that the credentials of hundreds of millions of Yahoo users had been stolen by hackers. As if that was not enough bad news, last week two former Yahoo employees revealed that Yahoo had been secretly scanning users email accounts at the request of either the NSA or FBI. Last year, it is alleged that Yahoo built the software to enable a...

Read More
Marin Healthcare Ransomware Attack Reported
Oct06

Marin Healthcare Ransomware Attack Reported

A Marin Healthcare ransomware attack has been reported that resulted in sensitive patient data being encrypted. The attack affected one of Marin Healthcare’s vendors, Marin Medical Practices, which provides medical billing and EHR services. In accordance with HIPAA Rules, the vendor performed backups of protected health information. Under normal circumstances this would have allowed the organization to recover the locked files without having to pay the attackers for a decryption key. However, the process of restoring files from a backup failed. To prevent data loss, it was necessary to pay the ransom demand to obtain the decryption key. After obtaining the key, Marin Medical Practices was able to recover from the infection and regain access to the encrypted files, which included clinical...

Read More
Another Public Health Service Data Breach is Discovered
Oct03

Another Public Health Service Data Breach is Discovered

Another public health service data breach has recently been discovered. This time around it is current and former members of the Commissioned Corps that have been affected. This week the Surgeon General emailed current, former, and retired Commissioned Corps officers to alert them to a potential breach of their data after it was discovered that an unauthorized individual gained access the agency’s personnel system. The system is used for payroll and other HR functions, including logging annual leave, hours worked, and attendance. Names, dates of birth and Social Security numbers may have been viewed and/or copied. The security breach was discovered on September 20, 2016 although it is unclear from the breach notification email when access to the system was gained. The attack occurred via...

Read More
Yahoo Cyberattack Potentially More than Twice Reported Size
Oct03

Yahoo Cyberattack Potentially More than Twice Reported Size

The massive Yahoo cyberattack was recently reported to have impacted 500 million users. Yahoo also claimed that the attack appeared to have been conducted by a nation-state backed hacker. However, security experts have questioned that claim, as the facts about the Yahoo cyberattack that have been released so far do not tally with a state-sponsored attack. Now, a former Yahoo executive has spoken out about the attack and says the Yahoo breach could have affected substantially more users. In fact, more than twice as many users could have been affected. The breach is already the largest ever discovered, yet more than 1 billion users may have been affected. In an interview with Business Insider, a former executive at Yahoo said that the architecture of Yahoo’s systems is such that a breach...

Read More
New Jersey Spine Center Ransomware Attack: No Alternative but to Pay Ransom
Sep30

New Jersey Spine Center Ransomware Attack: No Alternative but to Pay Ransom

A recent New Jersey Spine Center ransomware attack resulted in electronic patient health records being locked with powerful encryption. The attack involved the ransomware variant Cryptowall, which has been used in numerous attacks over the past few months. Unfortunately, while decryptors have been published for a number of ransomware variants, the latest version of Cryptowall has resisted security companies’ efforts to crack it. Infection with this ransomware variant leaves organizations with three choices. Accept data loss, recover the files from a backup, or pay the ransom demand to obtain the key to decrypt the data. Since patient health data were locked, accepting data loss wasn’t an option. Unfortunately, recovering data from a backup was not possible as the most recent backup had...

Read More
State-Sponsored Hackers Not Responsible for Yahoo Breach, Says InfoArmor
Sep29

State-Sponsored Hackers Not Responsible for Yahoo Breach, Says InfoArmor

It was the biggest cyberattack ever reported, affecting more than 500 million individuals, but there is currently considerable debate as to who was responsible. Yahoo has announced that a state-sponsored attacker was behind the attack, yet many doubt this to be the case. Now independent security firm infoArmor claims that its research shows that state-sponsored hackers were not involved. Instead, it has been claimed the attack was conducted by criminal hackers. InfoArmor has been investigating a team of professional hackers for over 3 years. The hackers are believed to come from Eastern Europe. The group of five individuals mostly sell hacked data to spammers and are not understood to be sponsored by any nation state. InfoArmor believes it is these hackers behind the attack. During the...

Read More
1Tbps DDoS Attack Recorded by Web Hosting Company
Sep29

1Tbps DDoS Attack Recorded by Web Hosting Company

A series of DDoS attacks have hit a French web hosting company over the past few days, culminating in a 1Tbps DDoS attack – The largest DDoS attack ever reported. Denial-of-Service attacks have increased significantly in recent months; however, the scale of the recent DDoS attacks is particularly alarming. Attacks of 300+Gbps can cause significant damage, but even attacks on this scale were rare. However, in the space of a week two record breaking DDoS attacks have been reported. First Brian Krebs reported an attack that resulted in the Krebs on Security site being taken down. At 620Gbps at its peak, it was the largest ever DDoS attack to date. However, that was just the start. The DDoS attack on OVH exceeded 1Tbps. According to OVH CEO Octave Klaba, the attack involved 145,000 devices,...

Read More
Hacking Group Holds WestPark Capital to Ransom
Sep28

Hacking Group Holds WestPark Capital to Ransom

After stealing data from a number of healthcare organizations and demanding a ransom not to release the information, the hacking group TheDarkOverlord has now targeted the investment bank WestPark Capital. A host of sensitive data including non-disclosure agreements, reports, and contracts were stolen from the firm and a ransom demand has been issued. If WestPark refuses to pay, the hacking group says it will publish the stolen data. TheDarkOverlord has already published links to around 20 documents including NDAs, reports, presentations and contracts. WestPark has not disclosed how much money the attackers demanded, although a report in the Los Angeles Times suggest the ransom was in excess of $1 million. TheDarkOverlord group conducted similar attacks on healthcare organizations over...

Read More
Yahoo Data Breach Confirmed: 500 Million Users Affected
Sep22

Yahoo Data Breach Confirmed: 500 Million Users Affected

Two months ago, a massive Yahoo data breach appeared to have been uncovered. The records of more than 200 million Yahoo email account holders seemed to have been listed for sale on a Darknet marketplace. The hacker who placed the listing on the site – Peace – had previously listed other large databases for sale, including the data from the MySpace and LinkedIn data breaches. Peace is the co-founder of the Darknet marketplace TheRealDeal, where the data were listed for sale. The Yahoo Data Breach is the Biggest Ever Reported Yahoo conducted an investigation into the apparent breach and now, more than two months later, the Yahoo data breach has been confirmed. However, the Yahoo data breach is far worse than the data listing suggested. The account details of more than 500 million...

Read More
ClixSense Data Breach Reported: 6.6 Million Users Affected
Sep15

ClixSense Data Breach Reported: 6.6 Million Users Affected

A massive ClixSense data breach has occurred that has resulted in a treasure trove of user data being obtained by hackers. In total, the ClixSense data breach impacts more than 6.6 million users, 2.2 million of which have had their sensitive data dumped online. The data of the remaining 4.4 million users is being offered for sale online. ClixSense is an online service that pays its members to take part in online surveys. Due to the nature of the service, any individual signing up to take part must provide highly sensitive information such as bank account details. The hackers were also able to steal up-to-date user data. Some of the compromised accounts were only created a month ago. That makes this breach far more serious that the cyberattacks at LinkedIn and MySpace. Data obtained by...

Read More