Archive for the ‘data breach’ category

Data Breach at Tewksbury Hospital

August 23rd, 2017

Tewksbury Hospital which is based in Massachusetts recently found out that there was unauthorized EHR access. The incident may have potentially led to a data breach.

As per the statement by a former Tewksbury Hospital patient, the electronic medical record was accessed inappropriately by an unauthorized individual.  After the investigation, a hospital found out that an employee may have accessed the data without proper justification.

It also found out that 1,000 other current and former patients information was accessed. Affected information included patient names, addresses, phone numbers, dates of birth, gender, diagnoses, and other information regarding medical treatment.

The employee has been terminated by the facility. The person no longer has access to the hospital’s HER system. Tewksbury Hospital also mentioned that there is no evidence of information misuse.

Patients are notified of the current incident. The Massachusetts Attorney General’s Office, the Massachusetts Office for Consumer Affairs and Business Regulation, and OCR are also notified.

“To reduce the chance of future incidents like this occurring, we are reviewing our policies regarding access to the electronic medical records system,” read a statement on the Massachusetts Health and Human Services website. “We are also reassessing how we review our workforce members’ use of the electronic medical records system, and we will be reviewing the training we provide to all workforce members regarding the privacy and security of confidential information.”

Affected individuals are encouraged to call toll free number for any further information about the incident. They can also take following steps –

  • Request initial fraud alert
  • Order a Credit Report and review the account (look for inquiries listed on the credit report from businesses that accessed your credit without a request)
  • Request a security freeze

If you are affected by the data breach you have the right to file a police report and obtain a copy of it. Massachusetts law gives you right to obtain any police report filed in regards to the incident.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. 

Data Breach at Anthem Vendor

August 21st, 2017

An Anthem vendor recently suffered a data breach that could affect 18,580 Medicare members. The company known as LaunchPoint Ventures, LLC (LaunchPoint) is a Medicare insurance coordination services vendor. It came to know that one of its employees “was likely involved in identity theft related activities.”

LaunchPoint also found out that “some other non-Anthem data may have been misused by the employee”. The person emailed file containing PHI. The investigation about the emails is going on.

Affected information included Medicare ID numbers (which includes a Social Security number), health plan ID numbers, Medicare contract numbers, dates of enrollment, and limited numbers of last names and dates of birth. 

“LaunchPoint terminated the employee, hired a forensic expert to investigate, and is working with law enforcement,” read Anthem’s online statement. “The employee is in prison and is under investigation by law enforcement for matters unrelated to the e-mailed Anthem file.”

Two years of credit monitoring and identity theft restoration services will be provided to the affected individuals.

The data breach is second largest for Anthem in the last two years. Previous breach involves hackers infiltrating an Anthem data base which affected names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

Anthem CEO Joseph Swedish mentioned that it was sophisticated attack.

A California Department of Insurance report found out the attack originated from outside country.

“This was one of the largest cyber hacks of an insurance company’s customer data,” Insurance Commissioner Dave Jones said in a statement. “Insurers have an obligation to make sure consumers’ health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach.”

Anthem took efforts to secure the data.

“Opening the email permitted the download of malicious files to the user’s computer and allowed hackers to gain remote access to that computer and at least 90 other systems within the Anthem enterprise, including Anthem’s data warehouse,” the Department stated.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Breach at Italy’s Biggest Bank

July 29th, 2017

The leading bank in Italy, UniCredit mentioned that approximately 400,000 of its customers’ data were affected after third party provider was hacked. The name of the third party is withheld. It is one of the major attack on Italy’s financial institution as per the Reuters.

The bank mentioned that data was stolen in two different breaches.

“UniCredit has launched an audit and has informed all the relevant authorities,” the bank said in a statement. “In the morning, UniCredit will also file a claim with the Milan Prosecutor’s office. The bank has also taken immediate remedial action to close this breach.”

Paul Norris, senior systems engineer for EMEA at Tripwire mentioned that these two breaches occurred in a year.

“Basic security hygiene needs to be adopted by all enterprises, not just financial institutions, and this includes secure configurations and vulnerability management, as well as performing specific threat assessment and countermeasures, which will reduce the overall risk of future attacks,” Norris said.

Evident.io CEO Tim Prendergast mentioned that customers expect that their information should be secured. “Enterprises, therefore, must demand that their partners operate according to the same security rules and protocols they abide by when it comes to customer data,” he said.

“It should be a requirement that all partners use continuous security monitoring of their cloud environments, and adhere to rigorous security protocols if they want to work with a vendor,” Prendergast added.

Matt Walmsley, EMEA director at Vectra Networks, mentioned that the breach reminds companies to take extra care to handle sensitive data.

“In an effort to save costs, businesses often outsource functions to third-party providers and external contractors,” he said. “However, businesses have a duty of care to protect personal information regardless of whether they manage it in-house or out-of-house.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data Breach at Swedish Citizens’ Data Points

July 27th, 2017

Unscreened third-party IT workers were provided full access to the information of vehicles including police and military by the Swedish Transport Agency. Management of the operations were outsourced to IBM administrators without security checks in 2015.

According to the reports, as the data is handled in time pressure for this activity, there was no option to transfer bypassing standard security protocols.

Affected information included vehicle registration data for every Swedish citizen, data on all government and military vehicles, weight capacity of all roads and bridges — and the names, photos, and home addresses of air force pilots, police suspects, elite military operatives, and people under witness protection.

As per the Swedish Pirate Party founder Rick Falkvinge the breach is the “worst known governmental leak ever,” noting, “Sweden’s Transport Agency moved all of its data to ‘the cloud,’ apparently unaware that there is no cloud, only somebody else’s computer.”

“Many governments have had partial leaks in terms of method (Snowden) or relations (Manning) lately, but this is the first time I’m aware that the full treasure chest of every single top-secret governmental individual with photo, name, and home address has leaked,” Falkvinge wrote.

The entire register was sent to marketers which also included people in the witness protection program.

When that happened, Falkvinge wrote, “the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these:e records themselves. This took place in open clear text email.”

RiskVision CEO Joe Fantuzzi mentioned the risk of third party vendors.

While understanding your own risk environment is an important step in improving your risk posture, Fantuzzi said, it’s far from the only step.

“Organizations that fail to assess third party vulnerabilities will be left with gaping blind spots that will leave them susceptible to breaches and cyber attacks down the road,” Fantuzzi said.

“Ultimately, organizations need to truly consider third party environments as an extension of their own, and treat them as such from a security and risk perspective.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Breach at Hotel Chains

July 16th, 2017

The Trump, Four Seasons, Loews and Hard Rock hotel chains notified customer due to massive breach of Sabre’s SynXis reservations system. Earlier, Google also notified its employees that their personal information may have been breached due to same reservations system.

Trump Hotel

“This incident occurred on the systems of Sabre Hospitality Solutions, a service provider used by Trump Hotels,” the company noted. “It did not affect Trump Hotels’ systems.”

As per the Sabre’s investigation, the hacking was done on Trump Hotels reservation data. Affected information included cardholder names, payment card numbers, card expiration dates and some security codes, as well as some guest names, email addresses, phone numbers and mailing addresses.

Affected Trump properties includes: Trump Central Park, Trump Chicago, Trump Doonbeg, Trump Doral, Trump Las Vegas, Trump Panama, Trump Soho, Trump Toronto, Trump Turnberry, Trump Vancouver, Trump Waikiki, Trump DC, Trump Rio De Janeiro, and Albermarle Estate.

Four Seasons

Sabre’s investigation also determined that Four Seasons payment card and other reservation information was accessed.

”It is important to note that reservations made on Fourseasons.com, with Four Seasons Worldwide Reservations Office, or made directly with any of Four Seasons 10 hotels or resorts were not compromised by this incident,” the company mentioned.

Hard Rock Hotels

Affected Hard Rock properties includes: the Hard Rock Hotel & Casino Biloxi, Hard Rock Hotel Cancun, Hard Rock Hotel Chicago, Hard Rock Hotel Goa, Hard Rock Hotel & Casino Las Vegas, Hard Rock Hotel Palm Springs, Hard Rock Hotel Panama Megapolis, Hard Rock Hotel & Casino Punta Cana, Hard Rock Hotel Rivera Maya, Hard Rock Hotel San Diego and Hard Rock Hotel Vallarta.

Loews Hotels

“Following an investigation, Sabre notified us on June 6, 2017 that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some Loews Hotels’ hotel reservations processed through Sabre’s CRS,” the Loews Hotels said.

“Every organization entrusted with PII — both the direct-to-consumer providers such as the hospitality chains and the third parties such as Sabre — should constantly be testing and hardening their defenses, and embracing more proactive and effective levels of security such as consumer behavior analytics solutions to help prevent identity thefts,” Lisa Baergen, director of marketing at NuData Security.

“As cybercriminals continue to evolve their methods and capabilities, the challenge facing cyber security professionals will only grow,” Guidance Software president and CEO Patrick Dennis said in a statement. “We see this reflected in the data on the frequency of attacks, costs of a breach and more. Enterprises are beginning to realize that compromise is inevitable, so they need to ensure that they have a complete strategy that includes costs for prevention and deep detection and response tools.”RiskVision CEO Joe Fantuzzi said.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Google Employee Data at Risk

July 13th, 2017

Google sent notification letters to a number of employees about the data breach. It mentioned that their names, contact information and payment card data may have been affected.

“This did not affect Google’s systems. However, this incident impacted one of the travel providers used by Googlers, Carlson Wagonlit Travel (CWT).” Statement reads.

CWT and Google were not breached. The report suggests that it was fourth party data breach. Google was working with third-party vendor CWT who was using Sabre’s SynXis CRS.

“CWT subsequently notified Google about the issue on June 16, 2017, and we have been working with CWT and Sabre to confirm which Google travellers were affected,” the company mentioned.

According to the reports, the attacker gained access to some of CWT’s hotel reservations made through Sabre’s SynXis CRS.

“However, because the SynXis CRS deletes reservation details 60 days after the hotel stay, we are not able to confirm the specific inforamtion associated with every affected reservation,” Google noted.

CyberGRX CEO Fred Kneip emailed eSecurity Planet that it is difficult to determine which vendors can cause a data breach.

“A company the size of Google, whose reputation depends in large part on its ability to keep data secure, has thousands of third parties in its digital ecosystem,” Kneip said. “Attackers are clearly focused on the weakest links within those ecosystems — third parties like HVAC vendors and travel agencies — in order to do real damage.”

A recent Bomgar survey of 608 IT professionals shows that an average of 181 vendors are provided access to a company network.

“Security professionals must balance the business needs of those accessing their systems — whether insiders or third parties — with security,” Bomgar CEO Matt Dircks said in a statement.

“As the vendor ecosystem grows, the function of managing privileged access for vendors will need to be better managed through technology and processes that provide visibility into who is accessing company networks, and when, without slowing down business processes,” Dircks added.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Healthcare Industry Most Affected by Data Breach

July 8th, 2017

As per reports, healthcare industry was frequently attacked by cyber hackers. Vectra Networks survey suggests that 164 threats were detected per 1,000 host devices. The education industry has 145 threat detections per 1,000 host devices.

 “The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defenses,” the report mentions.

There is a rise of 265 percent in the average number of reconnaissance, lateral movement and exfiltration detections. Also, 333 percent rise was recorded for reconnaissance detections. Finance and technology received below-average threat detection rates mainly due to stronger policies and good response. Media companies have highest rates of exfiltration.

Healthcare industry now has a significant number of IoT.

 “These unsecured devices are easy targets for cybercriminals,” the report mentions.

As per Synopsys survey, sixty percent of manufacturers and 49 percent of HDOs said that usage of mobile devices in hospitals and other healthcare organizations increase data risk. But only 17 percent are employing steps to prevent attacks.

 “The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement. “According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”

Medical devices are difficult to secure as per the eighty percent of respondents.

 “These findings underscore the cyber security gaps that the healthcare industry desperately needs to address to safeguard the wellbeing of patients in an increasingly connected and software-driven world,” Synopsys global director of critical systems security Mike Ahmadi said in a statement.

“The industry needs to undergo a fundamental shift, building security into the software development lifecycle and across the software supply chain to ensure medical devices are not only safe, but also secure,” Ahmadi added.

___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

 

IoT Security

July 5th, 2017

The Internet of Things (IoT) is seeing the rapid rise but it seems to repeat the history of technology evolution. The pace of growth is not matched with security requirements. IoT helps automation as well as real-time synchronization of business processes. The implementation helps for precise response in real time.

 “IoT devices assist businesses in real-time responses to supply-and-demand market effects, they empower patients and healthcare professionals to continuously monitor conditions, and they enable electric grid operators to adjust the production, flow, and cost of electricity according to real-time market demands to ensure the most efficient, resilient, and cost-effective solution,” says James Scott, senior fellow at the Institute for Critical Infrastructure Technology, a Washington DC-based cybersecurity think tank.

Hundreds of companies now provide IoT solutions. But security aspect is lagging behind.

 “As was shown in the Dyn attack, we appear doomed to repeat the mistakes we made with PCs and mobile devices in IoT,” says Tom Byrnes, founder and CTO of ThreatSTOP. “Once again, cost reduction has made security an afterthought, if a consideration at all, with predictably disastrous consequences.”

 It is different than other systems as threat involved is higher due to many connection points. As per the Intel, 200 billion IoT devices will be online by 2020.

 “Most IoT devices and sensors lack any form of security or security-by-design,” says Scott.

 “Without layered security of the IoT microcosms, hacktivists can disrupt business operations, cyber-criminals can compromise and ransom pacemakers, and cyber-jihadists or nation-state sponsored threats can compromise and control the grid,” to name just a few of the potential IoT security attack scenarios.

“Every IoT device has inherent vulnerabilities and exploitable weaknesses resulting from a culture that sacrifices security in the design process in favor of meager savings and in the rush to market,” says Scott. “The overwhelming preponderance of insecure IoT devices in the future will render security an impossibility in the future.”

 Most of IoT devices do not have computational power or battery life to have security applications.

 “We need to develop cost-effective IoT devices that incorporate security-by-design rather than cheaper and less secure alternatives,” says Scott. “While that may save a few dollars in the short-term, it puts the public and critical infrastructure at risk of losing millions of dollars and valuable data in the long-term.”

 Also, there is lack of platform standards.

 “With old devices lasting longer than ever before, there are many devices currently in use that do not support new standards,” says Sam Rehman, Chief Technology Officer of Arxan. “Hackers will always see legacy devices as a prime choice of entry.”

 ___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Content to Prevent Data Breach

July 3rd, 2017

Egnyte a Calif. based content collaboration and governance specialist has launched a new cloud-based solution which looks after insider threat. The product focus on IT security professionals. Nowadays distributed workspace needs shared information system which uses on-premises collaboration platforms or cloud-based services which may cause data breach.

“As users and organizations are more global and interdependent they need to share more content with each other and then need to do it in a secure way using EFSS [enterprise file synchronization and sharing] solutions not email attachments for instance,” Isabelle Guis, chief strategy officer at Egnyte mentioned.

“But as you hire contractors and have many places where your content resides (on-premises, cloud, cloud apps, etc.) it is very difficult to enforce the security policies at the repository level or even train all your users and new hires to properly handle their content.”

Data leaks can occur due to various loopholes.

“For example, a merger and acquisition folder could be shared via a public link and one of the intended recipients forwards the link to someone who should not see that data,” Guis said. “Or, a very common example – a disgruntled employee downloads all of ‘their’ work, which is actually the company’s IP [intellectual property], right before leaving your company and going to a competitor,” a situation allegedly at the center of the high-stakes Google-Uber lawsuit.

Egnyte product looks for sensitive content in the database.

Then it “provides real–time analysis of all the content within an organization and presents actionable insights to help administrators prevent these types of aforementioned data breaches,” Guis said.

“Egnyte Protect continuously analyzes an organization’s entire content environment and classifies the most sensitive information, such as credit card numbers, social security numbers, sensitive IP, HIPAA information, and much more,” she added. “Then, in real–time, Egnyte Protect identifies vulnerabilities, alerts administrators, and offers actions that can immediately fix any issue that is found across all of the organization’s content repositories.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

WannaCry ransomware attacked Honda

June 28th, 2017

Honda recently stopped its production at its Sayama, Japan plant due WannaCry ransomware.

The production facility manufactures 1,000 vehicles per day. The plant was started next day.

Along with Honda, Nissan and Renault also halted production at plants in Japan, Britain, France, Romania and India.

“We recommend that you revisit your security patches immediately and ensure that all of your networked computers can connect to kill switches.”Webroot senior threat research analyst Tyler Moffitt said.

Tripwire senior systems engineer Paul Norris mentioned that companies need to take steps to protect themselves.”Effective measures in defeating these sorts of attacks include implementing an effective email filtering solution that is capable of scanning content on emails, hazardous attachments and general content for untrusted URLs,” he said. “Another option would be to better educate the workforce on how to recognize a suspicious email from unknown senders, knowing not to click an untrusted URL, as well as not opening an unexpected attachment.”

RiskVision CEO Joe Fantuzzi mentioned that the Honda plant shutdown shows growing risks in the manufacturing industry. “While manufacturing hasn’t experienced the same attention as other sectors in regards to emerging ransomware trends, it’s now clear that WannaCry and other advanced threats pose severe and crippling risks to this sector, which among other things can halt production, expose blueprints and intellectual property, aid competitors and decimate profit margins, while taking weeks or months to be fully remediated,” he said.

“What’s more, manufacturing isn’t beholden to the same security and compliance standards as healthcare, financial services and other market verticals, making enforcement of consistent security standards even more difficult,” Fantuzzi added. “Consequently, it’s imperative that manufacturers categorize assets in terms of business criticality to see where their most important vulnerabilities reside because taking the initiative to find and prioritize critical vulnerabilities is a small investment in comparison to the long-term damage that could result if these vulnerabilities are ever found by cyber criminals and exploited.”

“Warding off cyber threats, including cyber espionage, is a top corporate priority across industries, but manufacturers and distributors need to do much more to protect their patents, designs and formulas, as well as their private company and employee information,” Jim Wagner, partner-in-charge of Sikich’s manufacturing and distribution practice, said in a statement.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.