Archive for the ‘Hackers’ category

CIA hacking docs on WikiLeaks

March 15th, 2017

WikiLeaks published the 1st part of documents which it claims are retrieved from U.S. Central Intelligence Agency. The initial upload consists of  8,761 documents and files.

“Recently, the CIA lost control of the majority of its hacking arsenal, including malware, viruses, Trojans, weaponized “zero-day” exploits, malware remote control systems and associated documentation,” the organization stated in a press release. “This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.”

The source of the document is not clear. WikiLeaks mentioned that the documents were already in circulation among the group of hackers.

“The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons,” WikiLeaks stated.

The ways of surveillance includes:

  • Accessing Samsung smart TVs even when the units are turned off
  • Installing software in vehicle control systems in cars and trucks
  • Use of smartphones to access the camera, microphone, user location, audio and texts
  • Efforts are done to bypass encryption of WhatsApp

CIA spokesman Jonathan said “We do not comment on the authenticity or content of purported intelligence documents.”

Skyport Systems EVP Rick Hanson told “Donald Trump previously praised WikiLeaks during his campaign,” he said. “When an organization like WikiLeaks is lauded in any forum there is reason to be concerned.”

“We are losing the cybersecurity war to other nation states and [are] at a deficit in our ability to protect ourselves,” Carbon Black nation security strategist Eric O’Neill said by email. “Now with the release of one of our offensive playbooks, our ability to attack is compromised. All of these tools will now proliferate among those for whom breaching security is a business or profession, leading to additional attacks.”

Contrast Security CTO Jeff Williams mentioned that answer isn’t to focus on “cyber arms control,” which he said will never work. “We need a massive increased focus on writing secure code and defending against attacks,” he said.

“As a nation, we are simply incapable of reliably writing code that isn’t susceptible to these attacks,” Williams continued. “But it’s not impossible. It’s not even that difficult. But we have to change the incentives in the software market, which currently don’t encourage writing secure code.”

Access Now senior legislative manager Nathan White said “Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them,” he said. “The United States is supposed to have a process that helps secure our digital devices and services — the ‘Vulnerabilities Equities Process.'”

“Many of these vulnerabilities could have been responsibly disclosed and patched,” White added. “This leak proves the inherent digital risk of stockpiling vulnerabilities rather than patching them.”

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.    

Emails forwarded to personal email account

February 24th, 2017

An employee of A Multnomah County Health Department automatically forwarded all emails from county email account to a personal Google email account. The recipient email account is not maintained by the Oregon county. PHI was present on some of the emails. The incident has  created a PHI breach.

On November 22, 2016 facility came to know about the incident during an audit. Facility mentioned that it found no evidence  of the emails getting misused. It also concluded that personal account had been deleted after the investigation. It is no longer available to the employees.

PHI was present in the email attachments because it was attributed to a member of the Health Department. Potentially affected information included individuals’ names, medical record numbers, prescription numbers, diagnoses, and dates of service. As per the OCR data breach reporting tool, incident affected 1,700 individuals.

Facility also mentioned that there is no presence of any patient’s Social Security number, home address, or phone number.

Multnomah County and the County Health Department are also monitoring any activity involving patient information.  It is also taking measures to increase protections of personal information in response to this incident.

“We have policies and procedures for handling personal information which were reviewed with the staff member involved in this incident,” the department explained. “We are also reviewing controls, business practices and policies to increase protections of personal information in response to this incident.”

About Multnomah County:

Around 766,135 residents in the country

Total area of 465 square miles

It includes cities like Fairview, Gresham, Maywood Park, Portland, Troutdale, Wood Village

County Employees number count is 5,600 people

Facility provides Services for seniors and disabled people, animal services, assessment and taxation, bridges, community justice, courts, elections, health, jails, libraries, marriage licenses and passports, school and community partnerships.

_____________________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach due to email hack

February 20th, 2017

Foot and ankle surgeon Jay Berenter’s office announced data breach due to an email hack. Hackers sent some patients an email that the office employees claimed not to have sent. As per the reports, the email sent to Dr. Berenter’s contacts  contained a DocuSign document waiting for their review.

As per the statement, “Dr. Berenter takes the protection of information seriously and understands how important trust is in a physician-patient relationship.”

Dr. Berenter’s office immediately sent another email informing patients not to access the DocuSign email. After the incident came to notice, Dr. Berenter’s office took steps to secure the email account. It also hired forensic IT specialists.

Investigation was carried out to determine the extent of breach. it also checked whether any of the office’s systems were affected. Facility mentioned that the incident was determined to be limited to the email account only. Potentially affected information includes patient registration forms, prescriptions, and patient names.  As per the data breach reporting tool, the incident affected 569 individuals.

Facility has also hired forensic IT specialists to investigate the incident further. It is trying to make sure that no electronic medical records were accessed. Facility is implementing new email system. Additional internal administrative steps are taken to prevent a similar hack.

Federal agencies of California Attorney General and the Federal Department of Health and Human Services are notified about the incident. Facility believes that there is no evidence to say that information is misused.

Dr. Berenter’s office has provided contact information to answer queries. One year of complimentary identity theft protection is provided to potentially affected clients. It has also encouraged to place a free 90 day fraud alert on affected accounts.

“Protecting your information is incredibly important to Dr. Berenter, as is addressing this incident with the information and assistance you may need.”

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Hackers demand ransom to open disabled door locks

February 12th, 2017

Austria’s four-star, 111-year-old Romantik Seehotel Jagerwirt mentioned that its internal systems were recently breached. Hackers disabled both the hotel’s electronic door locks and the reservation system. The attack against the facility means that the new keys couldn’t be created and also reservations couldn’t be checked or confirmed.

Hotel has to pay 2 Bitcoins (almost $2,000) to get control of the systems back to the hotel.

“The house was totally booked with 180 guests, we had no other choice,” hotel managing director Christoph Brandstaetter told The Local. “Neither police nor insurance help you in this case.”

This was the third cyber attack for the hotel, Brandstaetter said.  It also faced fourth attack as new computers were placed along with new security standards.

“The restoration of our system after the first attack in summer has cost us several thousand Euros,” Brandstaetter said. “We did not get any money from the insurance so far because none of those to blame could be found.”

“We are planning at the next room refurbishment for old-fashioned door locks with real keys,” he said. “Just like 111 years ago at the time of our great-grandfathers.”

As per the recent research survey of nearly 1,000 enterprise IT buyers, half believe that the security is crucial.  Still many are moving towards IOT. Around 90 percent of enterprises plan to increase IoT spending. The research showed that the IoT-related spending will increase by 33 percent.

Other finding include:

Fifty four percent said a lack of trained IoT staff is not an issue for their organizations.

Forty six percent said they’re having difficulty filling IoT-related positions.

“When it comes to IoT adoption, pragmatism rules,” 451 Research director Laura DiDio said in a statement. “The survey data indicates enterprises currently use IoT for practical technology purposes that have an immediate and tangible impact on daily operational business efficiencies, economies of scale and increasing the revenue stream.”

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Funding for bug bounty vendor

February 9th, 2017

As per the recent news, one can make money in the rewarding business of security researchers for finding security vulnerabilities. HackerOne published that they have raised a $40M Series C round of funding. Total funding received till date for the San Francisco based company is $74 Million.

Dragoneer Investment Group led new round of funding. It will be used to help HackerOne grow its business.

“HackerOne is at the forefront of the burgeoning bug bounty movement,” Marc Stad, Founder and Managing Partner of Dragoneer Investment Group, said in a statement. “It is borderline silly for a company not to utilize a bug bounty platform given the immediate reduction in security vulnerabilities and the relatively low price point compared to other security options.”

Rice, co-founder and CTO of HackerOne in the video interview mentioned the statistics of business growth. Also, discussed the bugs found by HackerOne’s community of researchers.

Hacking the pentagon program was one of the major successes of HackerOne. The results were positive. It has 1,400 security researchers participating in the program. It also discovered 138 serious vulnerabilities which were fixed quickly. Also, the U.S. Department of Defense also got involved in the program.

HackerOne faces competition from bug bounty vendor Bugcrowd. The rival has raised $24 million in funding to date which includes $15 million Series B round.

“When I started the company in 2013, I spent most of my time explaining what a bug bounty was to people,”Bugcrowd founder and CEO Casey Ellis said. “I don’t have to do that anymore.”

“How we do things today is we prove a concept manually first, apply human intelligence to the problem set and then take the repeatable learnings and codify that,” Ellis said.

The market of buy bounty is competitive but there is demand. Rice also mentioned that more bugs have been found by third party bug bounty companies as compared to vendors.

_____________________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Health Facility suffers email hack

February 7th, 2017

Multicare Health System recently announced data breach due to an email hack. The incident potentially affected 1,200 patients. The Washington health system mentioned that it has no information at this time to believe that any patient personal health information was accessed or misused in any way.

Facility will send the notification to affected patients. Also, patients have been advised to review their Explanation of Benefits statements and to remain vigilant to signs of irregularities related to their health insurance.

MultiCare stated that an unauthorized individual gained access to an employee email account. The information in the emails likely contained personal patient information ranging from addresses to account balances. Facility added that financial information and Social Security numbers were not present on the affected email account.

After the incident the affected email account has been secured. Password has been changed. Facility initiated an investigation into the incident and has provided contact information for patients concerned about the status of their information.

About Multicare:

“MultiCare is a not-for-profit health care organization with more than 10,000 employees and a comprehensive network of services throughout Pierce, South King, Thurston and Kitsap counties.

Facilities heritage dates back to the founding of Tacoma’s first hospital in 1882. Since then, it has grown to meet the ever-changing needs of our region-always focusing on excellence, innovation and patient care.”

When  email account gets hacked one should follow below steps to minimize the damage:

Initial step is to assess the damage done by hackers.

Visit the website of your email provider and try to regain the access.

Change the password by authorised method. Check inbox and trash for any password reset emails, which were not initiated by you.

Scan your computer with anti virus software. Many emails are hacked today to install virus on your computer.

Review your personal settings.

Validate the source  of any program, game and app before downloading it.

_____________________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Integrity Transitional Hospital data breach

November 2nd, 2016

Integrity Transitional Hospital based in Texas recently suffered a hacking attack. As per the Office for Civil Rights data breach reporting tool, this incident may have affected 29,514 patients.

The statement on the website began with following, ‘Integrity Transitional Hospital (“Integrity”) is deeply committed to protecting the security and confidentiality of the information in its care. Regrettably, this notice concerns an incident involving some of that information.’

Facility mentioned that it stores certain patient information on laboratory specimens from companies that work with various healthcare providers. Then specimens are submitted to laboratories for testing. The data is kept for billing purposes.

Affected information included some of the lab results, lab testing information, health insurance information, and scanned driver’s licenses associated with laboratory services. Social Security numbers and other financial information were not included in the breach.

“Integrity is committed to the security of the sensitive information it maintains and is taking this matter very seriously,” the hospital said. “To help prevent a similar incident from reoccurring, we are enhancing existing security on our systems related to the laboratory information we maintain.”

Facility belives that there is no such evidence which concludes that breached information is misused. It has began mailing letters to affected individuals. Dedicated call centre is established by the Integrity to answer queries regarding the incident.

Integrity Hospital adheres to the following values(as mentioned on its website):

Compassion: Provide the best care, treating patients and family members with sensitivity and empathy.

Integrity: Adhere to the highest standards of professionalism, ethics and personal responsibility, worthy of the trust our patients place in us.

Respect: Treat everyone in our diverse community, including patients, their families and colleagues, with dignity.

Excellence: Deliver the best outcomes and highest quality services through the dedicated effort of every team member.

 ___________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Ransomware attack affects 33K

October 23rd, 2016

Rainbow Children’s Clinic recently suffered a ransomware attack. According to the reports, the attack left the data encrypted which was stored on the facility’s system. Rainbow mentioned that it shut down the computer system immediately to prevent the information from being lost.

But a forensic investigation team found that the patient records has been irretrievably deleted. Affected information includes patient names, addresses, dates of birth, Social Security numbers, and medical information.

Ransomware is computer malware that installs on a victim’s computer. Hackers use the technique mostly for the purpose of extorting money. It encrypts data with certain passcode. A ransom payment is asked to decrypt it or not to publish it publicly. Simple ransomware may lock the system but the data can be recovered by a knowledgeable person. More advanced malware encryption makes data inaccessible.

Other information which got impacted in Rainbow Clinic incident involves personal information related to patients’ payment guarantors, including guarantors’ names, addresses, Social Security numbers, and medical payment information. Facility mentioned that the affected individuals will be offered complimentary identity monitoring and identity theft resolution services.

“Rainbow Children’s Clinic takes the security of its patients’ information very seriously and has taken steps to prevent a similar event from occurring in the future, including strengthening its security measures and ensuring that its networks and systems are now secure,” Rainbow said.

As per the OCR data breach reporting tool, total 33,698 records got affected. As per the statement:

Notification letters mailed today include information about the incident and steps potentially impacted individuals can take to monitor and protect their personal information. Rainbow Children’s Clinic has established a toll-free call center to answer patient questions about the incident and related concerns. Additional information and recommendations for protecting personal information can be found on the Rainbow Children’s Clinic website.

The privacy and protection of patient information is a top priority, and Rainbow Children’s Clinic deeply regrets any inconvenience or concern this incident may cause.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Burrell Behavioral Health data breach

September 10th, 2016

Missouri-based Burrell Behavioral Health recently suffered data breach. Facility faced cybersecurity attack after unauthorized party accessed employee’s email account. It discovered the breach on on July 7, 2016. Internal investigation was launched immediately and the account was secured. According to the reports, unauthorized access occurred from July 6, 2016 to July 7, 2016.

“Burrell Behavioral Health has established a dedicated assistance line for anyone seeking additional information regarding this incident, as well as steps to better protect against identity theft. “

Affected information included clients’ names, addresses, dates of birth, Social Security numbers, doctor’s names, diagnoses, disability code, health insurance number, treatments, treatment locations and medical record numbers.

“We take any threat to the security of information entrusted to us very seriously,” Burrell Presdent and CEO Dr. Todd Schaible said in a statement. “Once the attack was discovered, we immediately took counter measures and also hired nationally-renowned computer forensic investigators to determine exactly what happened and what information was at risk. We apologize for any inconvenience or concern this incident may cause our community.”

As per the OCR data breach reporting tool, in total 7,748 individuals may have been affected. Burrell mentioned that the patient PHI in the email account was accessed, but that “information at risk varies for each individual.”

One year of complimentary credit monitoring and identity restoration is provided for the affected people. Facility asked people to remain vigil to avoid identity theft which includes-

Reviewing account statements, medical bills, and health insurance statements regularly for suspicious activity, to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers. If you do not receive regular Explanation of Benefits statements, you can contact your health plan and request them to send such statements following the provision of services.

 ___________________________________________________________________________________

Alertsec is used by organizations that have recognized the need to protect their information.Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe.

Computer servers breached

August 28th, 2016

Indiana-based Orleans Medical Clinic announced possible healthcare data breach when one of its computer servers was hacked. According to the reports, facility became aware of the suspicious activity on April 17. After investigation, it confirmed hacking attack. The incident left EHR data unsecured on the server.

Unauthorised users had access to the information from April 5, 2016 to April 17, 2016.  Also,  facility got confirmation on July 21, 2016 of the individuals and information potentially affected by the incident. Immediately, Orleans Medical secured the server to avoid such incident again.

“While our investigation was not able to definitively conclude whether the hackers actually accessed or obtained a particular individual’s information, it would have been possible for the hackers to access and obtain patient information about all of our current and former patients, including medical records and demographic information such as date of birth and social security number,” Orleans Medical stated.

Facility asked patients to contact their bank or credit card company to make them know of the situation. Banking and credit card information were not affected by the incident.

Facility did not mention the number of patients potentially affected. According to the OCR data breach reporting tool, information of 6,890 individuals was affected. Facility also mentioned that the patient portal was not breached. One year complimentary identity theft services is setup. Also, patient notification letters have been sent out thru mail.

According to the statement:

We have reported the incident to the FBI, the U.S. Department of Health and Human Services Office for Civil Rights, and the Indiana Attorney General, each of whom has opened an investigation.

 

We deeply regret that this incident occurred. We are committed to providing quality care and protecting PHI. We have established a call center to answer any questions that patients may have about this incident.

“At Orleans Medical Clinic, our mission is to provide personalized, high-quality care on an as-needed or preventative basis.  We have created a practice that we believe in and would choose for our own family members.”

____________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.