Archive for the ‘phishing’ category

Hacking of Amazon third-party sellers’ accounts

April 16th, 2017

Hackers use passwords for high-profile breaches to compromise Amazon third-party sellers’ accounts. The attackers stole tens of thousands of dollars from sellers’ accounts. They also posted nonexistent items for sale in order to get more funds.

The incident has affected two million seller accounts on Amazon.com account which counts for more than half of its sales. As per the reports, over 100,000 sellers earn more than $100,000 a year.

Amazon seller Margina Dennis told NBC News about the fraud. She got 100 emails from customers. They were complaining of not getting a Nintendo Switch. The product was uploaded on site through her account by hacker. They also changed the accounts password.

An Amazon spokesman said “There have always been bad actors in the world; however, as fraudsters get smarter so do we. Amazon is constantly innovating on behalf of customers and sellers to ensure their information is secure and that they can buy and sell with confidence on Amazon.com.”

Third-Party Risk

CyberGRX CEO Fred Kneip mentioned that hackers are targeting Amazon’s third-party ecosystem for financial gain.

“Amazon is a high-profile example of how increasingly connected businesses have become, but organizations across the world in every industry are undergoing a similar transformation as outsourcing, globalization and the digitization of business expand their digital ecosystems exponentially,” he said.

“Whether it’s one of the world’s largest retailers or a small business, companies need to approach third-party cyber risk as a real threat to their business that needs to be continuously managed,” Kneip added.

AlienVault security advocate Javvad Malik mentioned that third party vendors should look for their own security.

“It is therefore, important that all companies of all sizes have at least a basic level of threat detection controls in place that can alert when unexpected changes occur, or when systems start behaving in an unusual manner,” he said.

“Compromised credentials are the leading attack vectors in cyber breaches, as hackers target networks through trusted third-party suppliers and contractors who likely have less rigorous security than the ultimate target,” Centrify senior director of products and marketing Corey Williams said.

“This certainly won’t be the last time we see third parties being hacked — organizations need to up the security stakes with multi-factor authentication, which requires more than one method of authentication to verify the user’s identity for a login or other transaction, in order to stop the use of stolen credentials,” Williams added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

High value targets for hackers

April 13th, 2017

IT administrators and other high-value targets are valuable to hackers. Enterprise password management solution, Secret Server, Thycotic has created a solution which uses machine learning technology to help companies spot probably compromised accounts along with insider threats.

Privileged Behavior Analytics (PBA), a cloud-based tool in Secret Server 10.2 can detect anomalous behavior in privileged accounts.  R.J. Gazarek, product marketing manager at Thycotic said that the privileged accounts need to be secured as they handle crucial information.

“If privileged access is not monitored, analyzed, and alerted on it can lead to devastating data breaches and abuse from the inside out,” Gazarek told eSecurity Planet. “In some cases, the breach may not even be intentional, just someone accessing a system they shouldn’t have had access to.  Having a tool in place that can detect anomalous and unusual privileged behavior, as it happens, is critical in detecting, stopping, and remediating potential breaches and mistakes.”

Artificial intelligence and threat scoring technologies are used by the Thycotic solution.

“The privileged account behaviors and analytics that PBA extension for Secret Server can detect are, for example, privileged accounts being used outside of normal hours than previously used before, privileged accounts being accessed by employees who have never accessed them previously or privileged accounts which are being used excessively that is deemed abnormal behavior,” explained Joseph Carson, chief security scientist at Thycotic. The tool can also be used to help organizations rein in their use of privileged accounts.

“Being able to see privileged account behavior or deviations from normal usage is a huge advantage from a company who wants to add better security controls or to reduce the amount of unused privileged accounts – in turn reducing the privileged account landscape that could be exploited by cyber criminals,” Carson added.

With the help of Thycotic’s Privileged Behavior Analytics, one can manually set the system’s sensitivity. Email alerting option is also provided.

____________________________________________________________________________________________

Use Alertsec’s cloud-based information security service to encrypt your systems.

Email data breach

December 26th, 2016

A phishing email attack on the County of Los Angeles has led to data breach. The incident has affected thousands of individuals. County officials has implemented strict security measures. According to the reports, approximately 100 County employees received credible looking email from the hacker. They provided their usernames and passwords to them.

Some of the employee accounts contained confidential client/patient information. Arrest warrant is issued by the District Attorney Office’s Cyber Investigation Response for Austin Kelvin Onaghinor of Nigeria. The person is charged with nine counts which includes unauthorized computer access and identity theft.

Forensic examination was conducted by county. It also released a statement mentioning that “756,00 individuals were potentially impacted through their contact with the following departments: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services, and Public Works.”

County also believes that,“there is no evidence that confidential information from any members of the public has been released because of the breach.”

Facility is offering one-year identity monitoring for affected individuals which includes credit monitoring, identity consultation, and identity restoration. During the investigation, county didn’t send notice to affected individuals as instructed by law enforcement.

As per the statement, “We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports and explanation of benefits forms for suspicious activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus.”

County also mentioned that the minors under the age of eighteen are enrolled in identity consultation and identity restoration services. It has set up call center to address concerns related to potentially affected minors.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach at Vascular Surgical

December 7th, 2016

Vascular Surgical Associates based in Georgia recently suffered data breach after one of its computer servers was hacked. As per the statement, the attack occurred during the time of a software update. After an initial investigation by the facility, it found out that a compromised vendor password was used in this incident.

As per the FAQ section of Vascular Surgical, it had “hired vendors with national reputations and significant client bases to support the computer system infrastructure we use to maintain our medical records.” Furthermore, the ONC had certified the software.

“A password that was created by one of these vendors and controlled by that vendor was used to access our system inappropriately,” the FAQ read. “The perpetrators installed software on our system to prevent us from seeing the activity, but once that activity was identified by our internal IT staff, the system access was changed to prevent additional access using that password.”

As per the OCR data breach reporting tool, incident affected 36,496 individuals. As per the preliminary reports, it is likely that the hackers reside in other countries. Affected information included medical records and demographic information such as dates of birth and addresses. Social Security numbers and financial data were not present on the compromised server. Facility also mentioned that portal was not involved or affected. Patient care is carried as usual.

“Upon learning of the incident and verifying the unauthorized access through forensic evaluation, we immediately secured the server so that this type of attack could not occur again,” the statement explained. “We are confident that none of our staff had any involvement in this incident, as the compromised password that was used to access the information was only available to our vendors and their staffs.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

OCR sent out warning emails

November 28th, 2016

OCR sent out an email stating that employees of HIPAA covered entities and their business associates should know of an alleged phishing scam which uses Department of Health and Human Services (HHS) letterhead. As per the reports, the email is using a mock HHS department letterhead and OCR Director Jocelyn Samuels’ signature. Efforts are made by the scammers to make phishing emails look like official OCR Audit communication.

“The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program,” OCR warned. “The link directs individuals to a non-governmental website marketing a firm’s cybersecurity services.”

OCR also mentioned that the entity sending the email is not associated with the agency or with HHS.

“We take the unauthorized use of this material by this firm very seriously,” the email read. “In the event that you or your organization has a question as to whether it has received an official communication from our agency regarding a HIPAA audit, please contact us.”

Phishing Scam

Phishing scams involves emails, messages, phone calls, websites to obtain sensitive information such as usernames, passwords, and credit card details. It is done mostly posing as trustworthy entity.

Recent Wombat survey on phishing as below assessment :

Thirteen percent of respondents from healthcare industry clicked on simulated phishing emails

In Manufacturing and energy sector,  nine percent clicked on simulated phishing emails

Clearly, phishing is a focus area across the industry, but the efforts can’t stop there,” Wombat President and CEO Joe Ferrara said in a statement. “To reduce cyber risk in organizations, security education programs must teach and assess end users across many topic areas, like oversharing on social media and proper data handling. Many of these risky behaviors exacerbate the phishing problem.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Phishing Scam at Baystate Health

October 26th, 2016

Baystate Health which is based in Massachusetts recently suffered data breach when several of its employees had fallen victim to a phishing scam. The incident potentially impacted the information of approximately 13,000 patients. scam

Baystate Health is a not-for-profit integrated health care system. It is serving over 800,000 people in western New England. More than 140 years, Baystate Health has been providing skilled and compassionate health care in the region. More than 12,000 team members works for Baystate Health. It is one of western Massachusetts’ strongest economic engines.

On August 22, 2016, facility learned that five of its employees replied to a phishing email. As per the reports, the email was designed by hackers to look like an internal Baystate memo. Certain patient information was accessed by the hackers.

Social Security numbers and other financial information were not included in the emails. Affected information includes patient names, dates of birth, diagnoses, treatments received, medical record numbers and, in some instances, health insurance identification numbers.

Baystate believes that there is no indication that patient information was misused. Facility took steps to secure the email accounts and began an investigation. The incident is also reported to law enforcement.

“Baystate is committed to protecting private information and is taking this matter very seriously,” the statement read. “To help prevent a similar event from happening again, we are increasing our employee training about phishing emails.”

Baystate did not mention number of affected individuals. But as per the OCR data breach reporting tool, accurately 13,112 individuals were affected.

As per the Baystate, “We mailed letters to people who may have been affected. If you believe you may be affected and have not received a letter by November 5, 2016, or if you have any questions about this incident, please call.”

____________________________________________________________________________________________

Alertsec is the easiest way to ensure that any data stored on a laptop is encrypted at all times and kept secure even if the device is lost or stolen.

Ransomware attack affects 33K

October 23rd, 2016

Rainbow Children’s Clinic recently suffered a ransomware attack. According to the reports, the attack left the data encrypted which was stored on the facility’s system. Rainbow mentioned that it shut down the computer system immediately to prevent the information from being lost.

But a forensic investigation team found that the patient records has been irretrievably deleted. Affected information includes patient names, addresses, dates of birth, Social Security numbers, and medical information.

Ransomware is computer malware that installs on a victim’s computer. Hackers use the technique mostly for the purpose of extorting money. It encrypts data with certain passcode. A ransom payment is asked to decrypt it or not to publish it publicly. Simple ransomware may lock the system but the data can be recovered by a knowledgeable person. More advanced malware encryption makes data inaccessible.

Other information which got impacted in Rainbow Clinic incident involves personal information related to patients’ payment guarantors, including guarantors’ names, addresses, Social Security numbers, and medical payment information. Facility mentioned that the affected individuals will be offered complimentary identity monitoring and identity theft resolution services.

“Rainbow Children’s Clinic takes the security of its patients’ information very seriously and has taken steps to prevent a similar event from occurring in the future, including strengthening its security measures and ensuring that its networks and systems are now secure,” Rainbow said.

As per the OCR data breach reporting tool, total 33,698 records got affected. As per the statement:

Notification letters mailed today include information about the incident and steps potentially impacted individuals can take to monitor and protect their personal information. Rainbow Children’s Clinic has established a toll-free call center to answer patient questions about the incident and related concerns. Additional information and recommendations for protecting personal information can be found on the Rainbow Children’s Clinic website.

The privacy and protection of patient information is a top priority, and Rainbow Children’s Clinic deeply regrets any inconvenience or concern this incident may cause.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Burrell Behavioral Health data breach

September 10th, 2016

Missouri-based Burrell Behavioral Health recently suffered data breach. Facility faced cybersecurity attack after unauthorized party accessed employee’s email account. It discovered the breach on on July 7, 2016. Internal investigation was launched immediately and the account was secured. According to the reports, unauthorized access occurred from July 6, 2016 to July 7, 2016.

“Burrell Behavioral Health has established a dedicated assistance line for anyone seeking additional information regarding this incident, as well as steps to better protect against identity theft. “

Affected information included clients’ names, addresses, dates of birth, Social Security numbers, doctor’s names, diagnoses, disability code, health insurance number, treatments, treatment locations and medical record numbers.

“We take any threat to the security of information entrusted to us very seriously,” Burrell Presdent and CEO Dr. Todd Schaible said in a statement. “Once the attack was discovered, we immediately took counter measures and also hired nationally-renowned computer forensic investigators to determine exactly what happened and what information was at risk. We apologize for any inconvenience or concern this incident may cause our community.”

As per the OCR data breach reporting tool, in total 7,748 individuals may have been affected. Burrell mentioned that the patient PHI in the email account was accessed, but that “information at risk varies for each individual.”

One year of complimentary credit monitoring and identity restoration is provided for the affected people. Facility asked people to remain vigil to avoid identity theft which includes-

Reviewing account statements, medical bills, and health insurance statements regularly for suspicious activity, to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers. If you do not receive regular Explanation of Benefits statements, you can contact your health plan and request them to send such statements following the provision of services.

 ___________________________________________________________________________________

Alertsec is used by organizations that have recognized the need to protect their information.Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe.

Computer servers breached

August 28th, 2016

Indiana-based Orleans Medical Clinic announced possible healthcare data breach when one of its computer servers was hacked. According to the reports, facility became aware of the suspicious activity on April 17. After investigation, it confirmed hacking attack. The incident left EHR data unsecured on the server.

Unauthorised users had access to the information from April 5, 2016 to April 17, 2016.  Also,  facility got confirmation on July 21, 2016 of the individuals and information potentially affected by the incident. Immediately, Orleans Medical secured the server to avoid such incident again.

“While our investigation was not able to definitively conclude whether the hackers actually accessed or obtained a particular individual’s information, it would have been possible for the hackers to access and obtain patient information about all of our current and former patients, including medical records and demographic information such as date of birth and social security number,” Orleans Medical stated.

Facility asked patients to contact their bank or credit card company to make them know of the situation. Banking and credit card information were not affected by the incident.

Facility did not mention the number of patients potentially affected. According to the OCR data breach reporting tool, information of 6,890 individuals was affected. Facility also mentioned that the patient portal was not breached. One year complimentary identity theft services is setup. Also, patient notification letters have been sent out thru mail.

According to the statement:

We have reported the incident to the FBI, the U.S. Department of Health and Human Services Office for Civil Rights, and the Indiana Attorney General, each of whom has opened an investigation.

 

We deeply regret that this incident occurred. We are committed to providing quality care and protecting PHI. We have established a call center to answer any questions that patients may have about this incident.

“At Orleans Medical Clinic, our mission is to provide personalized, high-quality care on an as-needed or preventative basis.  We have created a practice that we believe in and would choose for our own family members.”

____________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hacking causes EHR breach

August 2nd, 2016

As per the notice on website, Athens Orthopedic Clinic in Georgia mentioned that it has experienced a potential EHR breach after a healthcare cybersecurity incident. Facility said that an external entity had launched a cyberattack on its EHR system using a third-party vendor’s credentials.

Affected information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and, in some cases, diagnoses and partial medical histories. Facility did not mention the number of individuals affected.

Many have earlier mentioned the need to strengthen healthcare systems.

“You rarely hear healthcare as the focus of the cyber-security industry,” Ralph Echemendia, CEO of cyber-security consulting firm Red-e Digital says. “With the Sony hack, an entire corporation was taken completely down. Nobody could go to work. If you do that to a hospital, people die.”

Cybersecurity experts were hired to investigate the attack and assess facility systems. Cybersecurity firm’s recommendations are implemented to improve healthcare data security.

“We are in the process of notifying the affected patients, and deeply regret any stress this may cause our patients,” Kayo Elliott, CEO of Athens Orthopedic Clinic told OnlineAthens.com.

“Rest assured that we are taking all necessary measures to ensure that any resulting damage is limited to the extent possible and working to retain your trust in our practice. We advise that our patients contact credit reporting agencies to create a fraud alert as soon as possible; we have posted a statement on our website that includes credit reporting agency contact information.”

According to the website:

Athens Orthopedic Clinic has been providing comprehensive orthopedic care to Athens and surrounding communities since 1966. AOC is a healthcare facility with a long-standing tradition of excellence and service. As a total orthopedic care center, our physicians specialize in orthopedic surgery and handle the diagnosis and treatment of diseases and injuries of the bones, muscles, tendons, nerves and ligaments in both adults and children.

____________________________________________________________________________________________

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.