Archive for the ‘Personal Health Information’ category

Deloitte Firm Data Breach

September 26th, 2017

Deloitte firm suffered data breach when it was hit last year by a cyber attack. The incident affected confidential emails and plans of at least six of its clients. Firm mentioned that attack was privileged, unrestricted ‘access to all areas.

Affected information also included usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

As per the statement “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators,” the company added.

As per the source, the exact duration was not known to the company.

“I think it’s unfortunate how we have handled this and swept it under the rug,” the source told Krebs. “It wasn’t a few emails like reported. They accessed the entire email database and all admin accounts. But we never notified our advisory clients or our cyber Intel clients.”

Raytheon chief strategy officer for cyber services Josh Douglas mentioned that data was not protected properly. “Two-factor authentication … is a basic part of cyber hygiene, and while it might not have prevented the intrusion altogether, it would have at least slowed the attackers and forced them to use more sophisticated methods,” he said.

He added that 2FA alone isn’t enough. “Organizations need to hunt threats to their network proactively and adopt an incident response plan that prevents or limits the exfiltration of sensitive data,” he said. “Comprehensive cybersecurity is especially important in the era of cloud computing, where companies are storing sensitive data remotely. As we tell our clients, cloud computing puts your information on someone else’s computer — so it’s vital to protect the cloud exactly as you would your own servers.”

“Some key elements to such a strategy are an optimally deployed and tuned SIEM platform leveraging machine learning, a combination of internal and external expertise actively engaged in analysis, and the use of deception technology to identify active attackers and suspicious behavior,” Netsurion CISO John Christly said.

VASCO Data Security CMO John Gunn mentioned growing trends among hacker to attack other confidential. ”This was first evidenced by the successful attack on newswire services that yielded hackers more than $100 million of insider trading profits, and more recently with the successful breach of the SEC for confidential information on publicly traded companies,” he said.

“Firms such as Deloitte that have troves of sensitive, non-public information that could be used for illegal trading activity will find themselves increasingly in the cross-hairs of sophisticated hacking organizations,” Gunn added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Superfish Privacy Claims Settled by Lenovo

September 24th, 2017

PC vendor Lenovo admitted that adware is known as ‘Superfish’ was pre-installed on their system. These PCs were sold in the U.S. Now, Lenovo and the U.S. Federal Trade Commission (FTC) and a coalition of 32 state attorneys have settled the case. The FTC claimed that Superfish Adware was violating consumer privacy and filed the legal complaint in 2014.

“Lenovo compromised consumers’ privacy when it pre-loaded software that could access consumers’ sensitive information without adequate notice or consent to its use,” Acting FTC Chairman Maureen K. Ohlhausen said in a statement. “This conduct is even more serious because the software compromised online security protections that consumers rely on.”

Earlier Lenovo denied the claim and added that there is no evidence to say that systems have security concerns. In early 2015, company changing it stance admitted that the adware has security risks.

The main issue with Superfish is that it installed a security certificate which allowed – ‘it work as a man-in-the-middle (MiTM) and intercept traffic between the user and the intended location’.

“To date, we are not aware of any actual instances of a third-party exploiting the vulnerabilities to gain access to a user’s communications,” Lenovo stated. “Subsequent to this incident, Lenovo introduced both a policy to limit the amount of pre-installed software it loads on its PCs and comprehensive security and privacy review processes, actions which are largely consistent with the actions we agreed to take in the settlements announced today. “

As per the settlement between two parties, Lenovo mentioned that it will stop misrepresenting preloaded software. It also agreed to implement a comprehensive security program for next 20 years. The program is subject to third-party audit.

Lenovo has agreed to security risks but remains firm that there is no violation of privacy of customers.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection. 

Equifax Web Application Vulnerability

September 9th, 2017

Equifax mentioned that there was Web application vulnerability in May to July which exposed data of 143 million U.S. consumers.

Affected data includes names, Social Security numbers, birthdates and addresses, as well as some driver’s license numbers. Credit card numbers for approximately 209,000 consumers and dispute documents with personally identifiable information for approximately 182,000 consumers were accessed.

As per the global security strategist at Absolute, Richard Henderson – “Many people are going to lose their jobs, including Equifax executives, people will be brought before Congress to explain what happened, and consumer trust in all of the credit reporting agencies will be eroded.”

“It may be time for us to reconsider exactly how we allow companies to store all of this data,” Henderson added. “It’s clear that these mega-databases are prime targets for attack, and we may need to take a hard look at legislative changes that will force data brokers and collectors to take security up a few levels.”

“I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax chairman and CEO Richard F. Smith said in a statement. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

As per Illumio head of cybersecurity strategy Nathaniel Gleicher it is difficult to keep large data secure.

“Even large organizations struggle because it’s far too easy for intruders to slip across the perimeter and then bide their time inside compromised networks until they can get to the most valuable data,” Gleicher said. “If we want to stop breaches like this, we have to get much better at stopping lateral movement within compromised networks.”

As per chairman and founder of CyberScout, Adam Levin highlights the importance of implementing multi-factor authentication.

“While we don’t yet know the full dimensions of the Equifax breach, where the most sensitive information of over a third of the American population could have been exposed to cybercriminals, tens of millions of us are now forced to look over our shoulders for the rest of our lives because tons of Social Security numbers, the skeleton key to our lives, are out there for cybercriminals to steal and exploit,” Levin said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

Data Breach at Anthem Vendor

August 21st, 2017

An Anthem vendor recently suffered a data breach that could affect 18,580 Medicare members. The company known as LaunchPoint Ventures, LLC (LaunchPoint) is a Medicare insurance coordination services vendor. It came to know that one of its employees “was likely involved in identity theft related activities.”

LaunchPoint also found out that “some other non-Anthem data may have been misused by the employee”. The person emailed file containing PHI. The investigation about the emails is going on.

Affected information included Medicare ID numbers (which includes a Social Security number), health plan ID numbers, Medicare contract numbers, dates of enrollment, and limited numbers of last names and dates of birth. 

“LaunchPoint terminated the employee, hired a forensic expert to investigate, and is working with law enforcement,” read Anthem’s online statement. “The employee is in prison and is under investigation by law enforcement for matters unrelated to the e-mailed Anthem file.”

Two years of credit monitoring and identity theft restoration services will be provided to the affected individuals.

The data breach is second largest for Anthem in the last two years. Previous breach involves hackers infiltrating an Anthem data base which affected names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

Anthem CEO Joseph Swedish mentioned that it was sophisticated attack.

A California Department of Insurance report found out the attack originated from outside country.

“This was one of the largest cyber hacks of an insurance company’s customer data,” Insurance Commissioner Dave Jones said in a statement. “Insurers have an obligation to make sure consumers’ health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach.”

Anthem took efforts to secure the data.

“Opening the email permitted the download of malicious files to the user’s computer and allowed hackers to gain remote access to that computer and at least 90 other systems within the Anthem enterprise, including Anthem’s data warehouse,” the Department stated.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Staff Shortage for Cyber Security

August 15th, 2017

The findings of recent Tripwire survey of 108 people at Black Hat USA 2017 has below findings-

Eighty-five percent of cyber security pros mentioned that they need more people

Eighty four percent mentioned that they need new technology

Twenty-eight percent mentioned that they need vendor services

Seventy percent mentioned that hiring experienced professionals is on priority

Thirty percent mentioned that they are willing for on job training

“Tools alone can’t solve the challenges in cyber security,” Tripwire vice president Tim Erlin said in a statement. “Organizations need talented staff to drive process improvements, administer tools and push for continuous improvement.”

“If you think the answer to the problems that keep you up at night is a new cyber security tool, it’s time to reassess,” Erlin added. “Security is built on strong foundations, and the best practices need to adapt to the changing threat landscape, but the core of what’s necessary for defense remains consistent.”

As per the research firm Gartner,  information security spending will climb to $86.4 billion in 2017

“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” Gartner principal research analyst Sid Deshpande mentioned in a statement.

Sid also mentioned that investing on new tech is not the complete solution “As seen in the recent spate of global security incidents, doing the basics right has never been more important,” he said.

“Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening.”

“Cyber attacks and data breaches are on the rise and being broadcast in the media, and with it a need for more security professionals, services and tools to protect organizations,” AsTech chief security strategist Nathan Wenzler said.

“Further, if we watch how the trend of attacks has gone over the past several years, we see more and more criminals moving away from targeting servers and workstations, and towards applications and people,” Wenzler added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data Breach at Swedish Citizens’ Data Points

July 27th, 2017

Unscreened third-party IT workers were provided full access to the information of vehicles including police and military by the Swedish Transport Agency. Management of the operations were outsourced to IBM administrators without security checks in 2015.

According to the reports, as the data is handled in time pressure for this activity, there was no option to transfer bypassing standard security protocols.

Affected information included vehicle registration data for every Swedish citizen, data on all government and military vehicles, weight capacity of all roads and bridges — and the names, photos, and home addresses of air force pilots, police suspects, elite military operatives, and people under witness protection.

As per the Swedish Pirate Party founder Rick Falkvinge the breach is the “worst known governmental leak ever,” noting, “Sweden’s Transport Agency moved all of its data to ‘the cloud,’ apparently unaware that there is no cloud, only somebody else’s computer.”

“Many governments have had partial leaks in terms of method (Snowden) or relations (Manning) lately, but this is the first time I’m aware that the full treasure chest of every single top-secret governmental individual with photo, name, and home address has leaked,” Falkvinge wrote.

The entire register was sent to marketers which also included people in the witness protection program.

When that happened, Falkvinge wrote, “the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these:e records themselves. This took place in open clear text email.”

RiskVision CEO Joe Fantuzzi mentioned the risk of third party vendors.

While understanding your own risk environment is an important step in improving your risk posture, Fantuzzi said, it’s far from the only step.

“Organizations that fail to assess third party vulnerabilities will be left with gaping blind spots that will leave them susceptible to breaches and cyber attacks down the road,” Fantuzzi said.

“Ultimately, organizations need to truly consider third party environments as an extension of their own, and treat them as such from a security and risk perspective.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Breach at Hotel Chains

July 16th, 2017

The Trump, Four Seasons, Loews and Hard Rock hotel chains notified customer due to massive breach of Sabre’s SynXis reservations system. Earlier, Google also notified its employees that their personal information may have been breached due to same reservations system.

Trump Hotel

“This incident occurred on the systems of Sabre Hospitality Solutions, a service provider used by Trump Hotels,” the company noted. “It did not affect Trump Hotels’ systems.”

As per the Sabre’s investigation, the hacking was done on Trump Hotels reservation data. Affected information included cardholder names, payment card numbers, card expiration dates and some security codes, as well as some guest names, email addresses, phone numbers and mailing addresses.

Affected Trump properties includes: Trump Central Park, Trump Chicago, Trump Doonbeg, Trump Doral, Trump Las Vegas, Trump Panama, Trump Soho, Trump Toronto, Trump Turnberry, Trump Vancouver, Trump Waikiki, Trump DC, Trump Rio De Janeiro, and Albermarle Estate.

Four Seasons

Sabre’s investigation also determined that Four Seasons payment card and other reservation information was accessed.

”It is important to note that reservations made on Fourseasons.com, with Four Seasons Worldwide Reservations Office, or made directly with any of Four Seasons 10 hotels or resorts were not compromised by this incident,” the company mentioned.

Hard Rock Hotels

Affected Hard Rock properties includes: the Hard Rock Hotel & Casino Biloxi, Hard Rock Hotel Cancun, Hard Rock Hotel Chicago, Hard Rock Hotel Goa, Hard Rock Hotel & Casino Las Vegas, Hard Rock Hotel Palm Springs, Hard Rock Hotel Panama Megapolis, Hard Rock Hotel & Casino Punta Cana, Hard Rock Hotel Rivera Maya, Hard Rock Hotel San Diego and Hard Rock Hotel Vallarta.

Loews Hotels

“Following an investigation, Sabre notified us on June 6, 2017 that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some Loews Hotels’ hotel reservations processed through Sabre’s CRS,” the Loews Hotels said.

“Every organization entrusted with PII — both the direct-to-consumer providers such as the hospitality chains and the third parties such as Sabre — should constantly be testing and hardening their defenses, and embracing more proactive and effective levels of security such as consumer behavior analytics solutions to help prevent identity thefts,” Lisa Baergen, director of marketing at NuData Security.

“As cybercriminals continue to evolve their methods and capabilities, the challenge facing cyber security professionals will only grow,” Guidance Software president and CEO Patrick Dennis said in a statement. “We see this reflected in the data on the frequency of attacks, costs of a breach and more. Enterprises are beginning to realize that compromise is inevitable, so they need to ensure that they have a complete strategy that includes costs for prevention and deep detection and response tools.”RiskVision CEO Joe Fantuzzi said.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Google Employee Data at Risk

July 13th, 2017

Google sent notification letters to a number of employees about the data breach. It mentioned that their names, contact information and payment card data may have been affected.

“This did not affect Google’s systems. However, this incident impacted one of the travel providers used by Googlers, Carlson Wagonlit Travel (CWT).” Statement reads.

CWT and Google were not breached. The report suggests that it was fourth party data breach. Google was working with third-party vendor CWT who was using Sabre’s SynXis CRS.

“CWT subsequently notified Google about the issue on June 16, 2017, and we have been working with CWT and Sabre to confirm which Google travellers were affected,” the company mentioned.

According to the reports, the attacker gained access to some of CWT’s hotel reservations made through Sabre’s SynXis CRS.

“However, because the SynXis CRS deletes reservation details 60 days after the hotel stay, we are not able to confirm the specific inforamtion associated with every affected reservation,” Google noted.

CyberGRX CEO Fred Kneip emailed eSecurity Planet that it is difficult to determine which vendors can cause a data breach.

“A company the size of Google, whose reputation depends in large part on its ability to keep data secure, has thousands of third parties in its digital ecosystem,” Kneip said. “Attackers are clearly focused on the weakest links within those ecosystems — third parties like HVAC vendors and travel agencies — in order to do real damage.”

A recent Bomgar survey of 608 IT professionals shows that an average of 181 vendors are provided access to a company network.

“Security professionals must balance the business needs of those accessing their systems — whether insiders or third parties — with security,” Bomgar CEO Matt Dircks said in a statement.

“As the vendor ecosystem grows, the function of managing privileged access for vendors will need to be better managed through technology and processes that provide visibility into who is accessing company networks, and when, without slowing down business processes,” Dircks added.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

AI Security Company Series D Round

July 10th, 2017

Darktrace U.K.-based startup which has offices in San Francisco has recently raised $75 million in a Series D round of funding.

Nicole Eagan, CEO at Darktrace, mentioned that Insight Venture Partners’ participation in the investment “is another strong validation of the fundamental and differentiated technology that the Enterprise Immune System represents,” in a statement. “It marks another critical milestone for the company as we experience unprecedented growth in the U.S. market and are rapidly expanding across Latin America and Asia Pacific in particular, as organizations are increasingly turning to our AI approach to enhance their resilience to cyber-attackers.”

Company uses artificial intelligence to tackle security threats. The Enterprise Immune System uses the algorithm in real time to stop the attack. It tracks normal behaviour and security threats. It also detects insider threats and zero-day attacks.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Company mentioned that its contract value has now reached $200 million. Bookings are also increased in the US. The headcount in last year is doubled to 500. It has 450 partners. Most important the software has detected over 48,000 serious threats.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Another AI based security company Attivo Networks has also raised $15 million.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers

Healthcare Industry Most Affected by Data Breach

July 8th, 2017

As per reports, healthcare industry was frequently attacked by cyber hackers. Vectra Networks survey suggests that 164 threats were detected per 1,000 host devices. The education industry has 145 threat detections per 1,000 host devices.

 “The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defenses,” the report mentions.

There is a rise of 265 percent in the average number of reconnaissance, lateral movement and exfiltration detections. Also, 333 percent rise was recorded for reconnaissance detections. Finance and technology received below-average threat detection rates mainly due to stronger policies and good response. Media companies have highest rates of exfiltration.

Healthcare industry now has a significant number of IoT.

 “These unsecured devices are easy targets for cybercriminals,” the report mentions.

As per Synopsys survey, sixty percent of manufacturers and 49 percent of HDOs said that usage of mobile devices in hospitals and other healthcare organizations increase data risk. But only 17 percent are employing steps to prevent attacks.

 “The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement. “According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”

Medical devices are difficult to secure as per the eighty percent of respondents.

 “These findings underscore the cyber security gaps that the healthcare industry desperately needs to address to safeguard the wellbeing of patients in an increasingly connected and software-driven world,” Synopsys global director of critical systems security Mike Ahmadi said in a statement.

“The industry needs to undergo a fundamental shift, building security into the software development lifecycle and across the software supply chain to ensure medical devices are not only safe, but also secure,” Ahmadi added.

___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.