Archive for December, 2016

Ransomware attack

December 30th, 2016

Summit Reinsurance Services recently suffered a potential cyber security threat. The incident may have affected thousands of current and former Black Hawk College employees. Summit works as reinsurance carrier for the Health Alliance, a third-party health insurance administrator for the college.

As per the website, “Summit Reinsurance provides a full-service managing general underwriter and reinsurance intermediary broker who focuses exclusively on managed care.”

Summit Re site also mentioned that it closely works with clients to completely understand risk profile. It also considers clients’ strategic vision and unique reinsurance needs. It believes that the traditional solutions don’t always provide the best experience. Customized solutions are needed considering clients’ requirements. It also provides medical management services to offer cost savings options.

After the attack, Summit informed Black Hawk. According to the reports, ransomware had infected a server containing information which includes names, Social Security numbers, health insurance information, and claim-focused medical records of current and former employees and their dependents.

As per the third-party forensic investigator, the incident occurred on March 12. Summit believes that there is no evidence for any personal information misuse. The investigation is currently ongoing. Also, potentially affected individuals are notified. They are informed about the steps which needs to be taken to improve security. Free access to one year of credit monitoring is provided.

Facility has set up call center to answer all the queries. Summit Reinsurance also suffered data breach earlier this month. That incident affected a server holding information including Social Security numbers and health insurance information.

“We are pleased that Summit Reinsurance Services is moving aggressively and taking the appropriate steps to notify the affected individuals and to minimize the impact this incident may have on them,” said Dr. Bettie Truitt, president of Black Hawk College.

 ___________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Data breach investigation and deadlines

December 29th, 2016

Balabit survey recently conducted a survey of more than 100 IT companies and security professionals. It has following observations:

Seventy-five percent fix time limit for investigation of potential data security incidents

Forty-four percent said that they missed internal or external deadlines of data breach investigation or reporting

Seven percent of respondents mentioned that they faced serious consequences due to missed deadline

“The Balabit survey identified that the primary reason for not being able to investigate data breaches in time is that organizations still do not understand their own data,” Balabit product manager Peter Gyongyosi said in a statement. “It is difficult for them to extract the necessary information from unstructured data with their existing tools and they lack the contextual information that would help transform this data into valuable, actionable information.”

Survey also found out that thirty percent need not report to external authorities about the progress

Seventy percent are required to report to external authorities but only twenty-five percent has set time limit

“Data and information are two different things entirely,” Prevalent director of product management Jeff Hill said. “The former is easy to collect; extracting the latter from it is much easier said than done.”

“The results of the Balabit survey are likely to surprise few in the cyber security community,” Hill added. “Investigating breaches is tedious, requires specific expertise, is increasingly difficult as attack vectors become more sophisticated, and is usually undertaken in a highly stressful and pressure-filled environment. Current techniques often require the painstaking parsing of millions of logs and identifying subtle changes in behavior.”

“CEOs are underestimating their companies’ cyber vulnerabilities,” RedSeal chairman and CEO Ray Rothrock said in a statement. “Their confidence does not square with what we observe. Cyber attacks are up and financial losses associated with these attacks are increasing dramatically.”

 ___________________________________________________________________________________

Alertsecs cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Stolen PHI leads to data breach

December 27th, 2016

Oak Cliff Orthopaedic Associates recently announced a data breach due to theft involving PHI records. Apparently, the records from the years 2006 to 2007 were affected. The Lewisville Police Department has now located the records and returned it to the facility.

Affected information included patients’ names, addresses, and office medical records. Facility mentioned that in some cases, Social Security number, credit card number, or banking information was involved.

According to the statement, the records went missing from an off-site storage. The police department later recovered the records and other stolen materials from a hotel room. Facility has removed all items out of this storage unit after the incident. It has also notified banks of potential fraudulent activity.

Oak Cliff begun an investigation. It hired legal team to determine the extent of the unauthorized access. Legal team mentioned that there is no evidence of data misuse.

Oak Cliff has sent letters to the affected individuals mentioning the details of the incident. It is offering one year of free identity protection and restoration services. Individuals are also advised to take steps to safeguard their information in the future. As per the OCR data breach reporting tool, incident affected 1,057 individuals.

According to the statement, “Oak Cliff Orthopaedic Associates understands the importance of safeguarding their patients’ personal information and takes that responsibility very seriously. The office regrets that this incident has occurred, and is committed to prevent future such occurrences “

Oak Cliff had asked individuals to call a dedicated assistance line for any additional information. Also, steps to better protect against identity theft is provided through a helpline.

For Identity Protection, Oak Cliff Orthopaedic Associates asks potentially impacted individuals to enroll in the complimentary identity protection and restoration services. Also, it asked impacted patients review their account statements for any suspicious activity.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Email data breach

December 26th, 2016

A phishing email attack on the County of Los Angeles has led to data breach. The incident has affected thousands of individuals. County officials has implemented strict security measures. According to the reports, approximately 100 County employees received credible looking email from the hacker. They provided their usernames and passwords to them.

Some of the employee accounts contained confidential client/patient information. Arrest warrant is issued by the District Attorney Office’s Cyber Investigation Response for Austin Kelvin Onaghinor of Nigeria. The person is charged with nine counts which includes unauthorized computer access and identity theft.

Forensic examination was conducted by county. It also released a statement mentioning that “756,00 individuals were potentially impacted through their contact with the following departments: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services, and Public Works.”

County also believes that,“there is no evidence that confidential information from any members of the public has been released because of the breach.”

Facility is offering one-year identity monitoring for affected individuals which includes credit monitoring, identity consultation, and identity restoration. During the investigation, county didn’t send notice to affected individuals as instructed by law enforcement.

As per the statement, “We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports and explanation of benefits forms for suspicious activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus.”

County also mentioned that the minors under the age of eighteen are enrolled in identity consultation and identity restoration services. It has set up call center to address concerns related to potentially affected minors.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware attack

December 24th, 2016

Louisiana Health Cooperative, Inc. in Rehabilitation (LAHC) recently suffered data breach. The incident has affected certain policyholders, members and subscribers. Summit Reinsurance Services, Inc. (Summit Re) which works with LAHC notified about the ransomware infection on August 8, 2016. attack

LAHC conducted an investigation and determined that breached information includes member names, provider names, Social Security numbers, and health insurance information. Also, other information which got affected includes certain claim-focused medical records containing information such as diagnosis/clinical information that Summit uses as part of its stop-loss and reinsurance underwriting and consulting services.

LAHC believes that there is currently no evidence that the information was misused or attempted to be misused.

“Nevertheless, we are providing you with this notice as information you (or an agent on your behalf) provided Summit was contained on the server under investigation,” stated the letter, which was signed by Summit President Mark Troutman. “Upon request, we will securely transfer a file identifying the potentially affected personal information affiliated with your plan.”

As per the OCR data breach reporting tool, incident potentially affected 8,000 individuals.

Facility also asked individuals to follow instructions provided by Summit Re. They are also advised to call Summit Re-dedicated assistance line Monday through Friday for any query or information and provide Reference Number when calling.

Protect your system from ransomware attacks:

Use firewall and trusted antivirus

Take backup of your files regularly

Enable popup blocker

Don’t click on links from the suspicious emails

Alert authorities

Summit Re has also advised affected individuals to take additional steps to prevent identity and fraud like below-

Activate family secure now by enrolling on the website www.familysecure.com/enroll. Submit activation code obtained from Summit Re.

Get your free credit report and look for any discrepancies. Place a security freeze and fraud alert on credit reports.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

One billion Yahoo accounts exposed

December 21st, 2016

Yahoo recently announced that the data breach exposed data associated with more than one million user accounts. It later said that the breach involves around 500 million user accounts. Affected information includes names, email addresses, phone numbers, birthdates, hashed passwords and security questions and answers.

Data Breach Incident

As per the Yahoo statement, ”The company has not been able to identify the intrusion associated with this theft.”

Yahoo has advised users to change their passwords. Also, security questions and answers need to be changed.

“Separately, Yahoo previously disclosed that its outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password,” the company stated. “Based on the ongoing investigation, the company believes an unauthorized third party accessed the company’s proprietary code to learn how to forge cookies.”

Yahoo mentioned that there is involvement of certain state-sponsored actor.

“Considering the insufficient security measures that were previously reported to be implemented by the last investigation of 500 million stolen accounts, it’s clear that the defense strategy Yahoo used was not keeping up with the times,” Nathan Wenzler, principal security architect at AsTech Consulting said. He also added that large organization is not always secure.

“Users should always be vigilant and change their credentials on a regular basis, even when used on the websites of very well established and reputable companies,” he said.

“Organizations of all sizes should be taking note of these breaches and use this as a good opportunity to review their own security posture to ensure that outdated and weak security measures aren’t being used,” Wenzler added. “Something like the MD5 hashing that Yahoo was using to protect account information hasn’t been considered a viable security protocol in several years, and is easily cracked.”

“At this time anyone who touched Yahoo needs to do some serious housekeeping on all their systems, all of their passwords and all of their accounts to make sure there is no cross contamination.” Acalvio chief security architect Chris Roberts mentioned in the email.

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that also delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ransomware attack

December 18th, 2016

Dr. Melissa D. Selke based in New Jersey recently announced a data breach. Facility website posted a data breach notification letter. The incident may have affected several thousand patients.

Selke found out that her system had been infected with a virus that prohibited access to patient files. The system was restored immediately. After investigation, the possibility of ransomware attack was analyzed. An unauthorized third party introduced the virus onto her system.

Melissa D. Selke, MD, has practiced privately in the area of Hillsborough and Somerset, New Jersey.  Her total experience of the practice is 15 years. She is board certified in Family Medicine.

Dr. Selke has following education qualification –

BA in behavioral biology with honors at the Johns Hopkins University in Baltimore, Maryland

MD at Baylor College of Medicine in Houston, Texas. After graduating

Residency in Family Medicine at Spartanburg Regional Medical Center in Spartanburg, South Carolina.

Affected information in this incident includes patients’ names, addresses, phone numbers, Social Security numbers, treatment and diagnosis information, driver’s license information, health insurance information, treating physician information, medical record number, and treatment date(s).

Dr. Melissa mentioned in her letter that the third-party “viewed or took patient information stored on the server.”

“We take this incident, and patient privacy, very seriously,” Selke said in a statement. “We are taking steps to help prevent another incident of this kind from happening, and continue to review our processes, policies, and procedures that address data privacy.”

As per the OCR data breach reporting tool, incident has affected approximately 4,200 individuals.

While no protection services were offered, Selke encouraged affected individuals “to remain vigilant against incidents of identity theft and fraud.” Individuals should regularly review their financial account statements, credit reports, and explanations of benefits for suspicious activity, the notification letter said.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data breach at Quest Diagnostics

December 15th, 2016

Quest Diagnostics recently suffered data breach which may have involved the information of 34,000 patients. According to the reports,  an unauthorized third party got access of the MyQuest Care360® internet application.

Quest Diagnostics is a global company with headquarters in the U.S. It has operations in India, Ireland, and Mexico. Customers from more than 130 countries use its products and services. Facility also has collaboration with many international diagnostic laboratories, clinics and hospitals.

In United States, facility provides clinical testing services through a national network of laboratories. It is located in major metropolitan areas. In India, it provides a range of products and services to physicians, hospitals, life insurance companies and pharmaceutical/biotech companies through the state-of-the-art laboratory facility in Gurgaon.

In the data breach, Social Security numbers, credit card information, and insurance or other financial information are safe. Affected information included name, date of birth, lab results, and telephone numbers for few.

“When the intrusion was discovered, we immediately took steps to stop any further unauthorized activity,” read the letter, which was signed by Quest Executive Director of Compliance Operations & Privacy Office Carl A. Landorno. “We are taking steps to prevent similar incidents from happening in the future, and are working with a leading cybersecurity firm to assist with our investigation and to further evaluate our systems. We have also reported the incident to federal law enforcement authorities.”

Quest believes that there is no indication that the PHI has been misused in any way. It also mentioned that there is no need for potentially affected individuals to take additional steps to protect themselves from the breach.

“We sincerely apologize for this breach of your information. We have established a dedicated toll free number for you to call if you have any questions regarding this incident.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ambucor data breach

December 13th, 2016

As per the report, a former Ambucor employee reportedly downloaded certain information without proper authorization.

“Ambucor has been working with federal law enforcement concerning this incident and has been cooperating fully in the ongoing investigation. As a result of those ongoing efforts, federal law enforcement authorities recently provided Ambucor with two thumb drives that this former employee turned over to them after his departure from Ambucor.”

Potentially affected information included patients’ first and last name, phone number, diagnosis, medications, date of birth, race, home address, testing data (i.e., type of test, test results, date of test and whether testing was monthly or not), patient identification number, medical device information (i.e., manufacturer, identification number, and model/serial numbers), Ambucor enrollment number, Ambucor enrollment date, Ambucor technician name, physician name(s), and the name and address of the practice where the patient was seen.

Ambucor believes that there is no indication that the information has been misused.  One year of complimentary identity protection services is offered by the facility. As per the OCR reporting tool, incident  affected 1,878 individuals.

Earlier Ambucor breach has affected at least two other healthcare providers which includes Wentworth-Douglass Hospital (WDH) and Greenville Health System (GHS).

As per the statement on the website, affected individuals are advised to take below steps:

Billing statement reviewing

Suspicious activity should be reported to the concerned authorities

Obtain copies of medical files and see for any inaccuracy. Contact each doctor, clinic, hospital, pharmacy, laboratory, and location where unauthorized individual may have used your information.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Data breach due to stolen flash drive

December 10th, 2016

OptumHealth based in New Mexico recently announced data breach. The incident was outcome of missing unencrypted flash drive. Approximately 2,000 individuals were affected.

The device contained information for some individuals who were enrolled in an OptumHealth plan. Affected information includes individuals’ name and a full or partial date of birth, telephone number, health identification number, address, provider name, diagnosis, or other health information. Financial information was not affected. Some individuals’ full or partial Social Security numbers were present on the flash drive.

“Upon discovery, we took prompt action to investigate the matter,” OptumHealth said in its statement. “The U.S. Postal Service was immediately notified to assist in locating the flash drive, and we are working closely with them as they further investigate the matter. We have implemented new measures to help prevent this from occurring in the future, including updating our processes related to vendors in efforts to prevent the occurrence of similar incidents.”

OptumHealth sent the notification letter to potentially affected individuals. Facility mentioned that there are few individuals who cannot be notified via mail.

While OptumHealth mentioned that “the information potentially accessed was limited,” it still encouraged individuals to enroll in the free services. As per the OCR data breach reporting tool, incident affected 2,006 individuals. It has also offered one year of complimentary identity theft protection services.

As per the statement,

We also encourage individuals to be vigilant against incidents of identity theft. As a precaution to protect against misuse of your information, we recommend that individuals regularly monitor documentation concerning health care, bank and credit card statements, and tax returns to check for any unfamiliar activity. If you notice any suspicious activity on health statements, bank or credit card statement, or tax returns, please immediately contact the financial institution, credit card company, health plan, or other relevant institution.

 ___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.