Neurosurgical Center data breach

August 20th, 2016 by admin Leave a reply »

The Center for Neurosurgical and Spinal Disorders (CNSD) mentioned that approximately 1,100 patients may have been affected by recent data breach.  Security incident occurred this summer which exposed data. According to the reports, hacker gained unauthorised access of CNSD office manager’s computer by installing a program. The purpose of the program is to record keystrokes and periodically took screenshots of what was being displayed on the computer.

“We detected an unauthorized intruder in one of our computers. Access to this computer was immediately shut down; subsequently, CNSD’s servers and network were taken offline.”

“A subsequent investigation revealed that screen shots of 823 CNSD’s patients (along with 311 patients of another practice for whom CNSD bills) were taken between the dates of 7/7/16-7/18/16,” CNSD reported. “It is unclear whether any of this information was downloaded.”

As per the investigation by CNSD IT professional, hacker had gained remote access. Affected information included names, addresses, phone numbers, Social Security numbers, medical chart information, and billing information which got revealed in the screen shots. Affected patients will be receiving notification letters.

“After the FBI took the hacked hard drive, CNSD’s IT professional put in a new hard drive with a new operating system into the computer at issue, and CNSD hired a separate IT security company to perform a complete examination of all software, servers, computers, routers, firewalls, and office security,” the statement read. “No additional suspicious programs, viruses, spyware, or malware were detected. The security firm has been retained to provide ongoing network security analysis and advanced threat protection.”

As per the statement:

CNSD reported the security breach to the FBI. Two FBI agents came to CNSD’s office and interviewed the owner, office manager, and IT professional.  The FBI has taken custody of the hard drive which was hacked and opened an investigation.

____________________________________________________________________________________________

Alertsec is used by organizations that have recognized the need to protect their information.Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Check Point Full Disk Encryption.

Leave a Reply