Archive for the ‘Ransomware’ category

Ransomware attack

December 30th, 2016

Summit Reinsurance Services recently suffered a potential cyber security threat. The incident may have affected thousands of current and former Black Hawk College employees. Summit works as reinsurance carrier for the Health Alliance, a third-party health insurance administrator for the college.

As per the website, “Summit Reinsurance provides a full-service managing general underwriter and reinsurance intermediary broker who focuses exclusively on managed care.”

Summit Re site also mentioned that it closely works with clients to completely understand risk profile. It also considers clients’ strategic vision and unique reinsurance needs. It believes that the traditional solutions don’t always provide the best experience. Customized solutions are needed considering clients’ requirements. It also provides medical management services to offer cost savings options.

After the attack, Summit informed Black Hawk. According to the reports, ransomware had infected a server containing information which includes names, Social Security numbers, health insurance information, and claim-focused medical records of current and former employees and their dependents.

As per the third-party forensic investigator, the incident occurred on March 12. Summit believes that there is no evidence for any personal information misuse. The investigation is currently ongoing. Also, potentially affected individuals are notified. They are informed about the steps which needs to be taken to improve security. Free access to one year of credit monitoring is provided.

Facility has set up call center to answer all the queries. Summit Reinsurance also suffered data breach earlier this month. That incident affected a server holding information including Social Security numbers and health insurance information.

“We are pleased that Summit Reinsurance Services is moving aggressively and taking the appropriate steps to notify the affected individuals and to minimize the impact this incident may have on them,” said Dr. Bettie Truitt, president of Black Hawk College.

 ___________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Ransomware attack

December 24th, 2016

Louisiana Health Cooperative, Inc. in Rehabilitation (LAHC) recently suffered data breach. The incident has affected certain policyholders, members and subscribers. Summit Reinsurance Services, Inc. (Summit Re) which works with LAHC notified about the ransomware infection on August 8, 2016. attack

LAHC conducted an investigation and determined that breached information includes member names, provider names, Social Security numbers, and health insurance information. Also, other information which got affected includes certain claim-focused medical records containing information such as diagnosis/clinical information that Summit uses as part of its stop-loss and reinsurance underwriting and consulting services.

LAHC believes that there is currently no evidence that the information was misused or attempted to be misused.

“Nevertheless, we are providing you with this notice as information you (or an agent on your behalf) provided Summit was contained on the server under investigation,” stated the letter, which was signed by Summit President Mark Troutman. “Upon request, we will securely transfer a file identifying the potentially affected personal information affiliated with your plan.”

As per the OCR data breach reporting tool, incident potentially affected 8,000 individuals.

Facility also asked individuals to follow instructions provided by Summit Re. They are also advised to call Summit Re-dedicated assistance line Monday through Friday for any query or information and provide Reference Number when calling.

Protect your system from ransomware attacks:

Use firewall and trusted antivirus

Take backup of your files regularly

Enable popup blocker

Don’t click on links from the suspicious emails

Alert authorities

Summit Re has also advised affected individuals to take additional steps to prevent identity and fraud like below-

Activate family secure now by enrolling on the website www.familysecure.com/enroll. Submit activation code obtained from Summit Re.

Get your free credit report and look for any discrepancies. Place a security freeze and fraud alert on credit reports.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Ransomware attack

December 18th, 2016

Dr. Melissa D. Selke based in New Jersey recently announced a data breach. Facility website posted a data breach notification letter. The incident may have affected several thousand patients.

Selke found out that her system had been infected with a virus that prohibited access to patient files. The system was restored immediately. After investigation, the possibility of ransomware attack was analyzed. An unauthorized third party introduced the virus onto her system.

Melissa D. Selke, MD, has practiced privately in the area of Hillsborough and Somerset, New Jersey.  Her total experience of the practice is 15 years. She is board certified in Family Medicine.

Dr. Selke has following education qualification –

BA in behavioral biology with honors at the Johns Hopkins University in Baltimore, Maryland

MD at Baylor College of Medicine in Houston, Texas. After graduating

Residency in Family Medicine at Spartanburg Regional Medical Center in Spartanburg, South Carolina.

Affected information in this incident includes patients’ names, addresses, phone numbers, Social Security numbers, treatment and diagnosis information, driver’s license information, health insurance information, treating physician information, medical record number, and treatment date(s).

Dr. Melissa mentioned in her letter that the third-party “viewed or took patient information stored on the server.”

“We take this incident, and patient privacy, very seriously,” Selke said in a statement. “We are taking steps to help prevent another incident of this kind from happening, and continue to review our processes, policies, and procedures that address data privacy.”

As per the OCR data breach reporting tool, incident has affected approximately 4,200 individuals.

While no protection services were offered, Selke encouraged affected individuals “to remain vigilant against incidents of identity theft and fraud.” Individuals should regularly review their financial account statements, credit reports, and explanations of benefits for suspicious activity, the notification letter said.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Ransomware attack at NJSC

October 28th, 2016

New Jersey Spine Centre announced data breach when its server suffered ransomware attack. Facility mentioned that all of the practice’s electronic medical record files were encrypted. 
eat

Affected information included Clinical information which includes procedures, office notes, reports, demographic information, personal information, and some financial information. Facility notified the FBI and local authorities regarding the incident.

“The malware was blocked by our virus protection software but unfortunately not before the damage had already been completed to our records,” New Jersey Spine Center explained. “The virus likely gained access by utilizing a list of stolen passwords by running an automated program, and demanded a ransom payment to obtain an encryption key to unlock the files.”

Facility did not mentioned whether ransom was paid but it did say that the practice obtained the key. As per the OCR data breach reporting tool states, total 28,000 individuals were affected by the incident.

Facility also mentioned that there is no information to suggest that any medical, personal of financial information was used or stolen by the individuals. Notifications are sent to the concerned individuals.

New Jersey Spine Center is the leading choice for spine care in eastern Pennsylvania and southern New York. It brings the cutting-edge and comprehensive spine care to the region. It also provide a comprehensive evaluation process permitting a thorough and complete evaluation of patients problem for appropriate decision making. A multi-disciplinary approach is provided which enables facility to provide the options available for care.

Two types ransomware in circulation 

First type is called Encrypting ransomware. It uses advanced encryption algorithms to block system files. Hackers demand payment to provide the victim with the key to unblock content.

Second type is called Locker ransomware. It locks the victim out of the operating system and the system. Attackers ask for money to unlock the system.

____________________________________________________________________________________________

Alertsec was established was that encryption should be simple, transparent and available for all.

Ransomware attack affects 33K

October 23rd, 2016

Rainbow Children’s Clinic recently suffered a ransomware attack. According to the reports, the attack left the data encrypted which was stored on the facility’s system. Rainbow mentioned that it shut down the computer system immediately to prevent the information from being lost.

But a forensic investigation team found that the patient records has been irretrievably deleted. Affected information includes patient names, addresses, dates of birth, Social Security numbers, and medical information.

Ransomware is computer malware that installs on a victim’s computer. Hackers use the technique mostly for the purpose of extorting money. It encrypts data with certain passcode. A ransom payment is asked to decrypt it or not to publish it publicly. Simple ransomware may lock the system but the data can be recovered by a knowledgeable person. More advanced malware encryption makes data inaccessible.

Other information which got impacted in Rainbow Clinic incident involves personal information related to patients’ payment guarantors, including guarantors’ names, addresses, Social Security numbers, and medical payment information. Facility mentioned that the affected individuals will be offered complimentary identity monitoring and identity theft resolution services.

“Rainbow Children’s Clinic takes the security of its patients’ information very seriously and has taken steps to prevent a similar event from occurring in the future, including strengthening its security measures and ensuring that its networks and systems are now secure,” Rainbow said.

As per the OCR data breach reporting tool, total 33,698 records got affected. As per the statement:

Notification letters mailed today include information about the incident and steps potentially impacted individuals can take to monitor and protect their personal information. Rainbow Children’s Clinic has established a toll-free call center to answer patient questions about the incident and related concerns. Additional information and recommendations for protecting personal information can be found on the Rainbow Children’s Clinic website.

The privacy and protection of patient information is a top priority, and Rainbow Children’s Clinic deeply regrets any inconvenience or concern this incident may cause.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Malicious email and data breach

May 11th, 2016

Mayfield Brain and Spine may have suffered data breach due to malicious emails. It has notified some patients about the healthcare ransomware incident. According to OCR reporting tool, the breach has affected 23,341 individuals.

According to the statement, Mayfield Brain and Spine medical center mentioned that an unauthorized entity accessed its account related to outside vendor. After accessing the database it has sent a fraudulent email. The modus operand was simple. When email recipients opened the attachment, malware gets downloaded.

“The vendor receives only email addresses from Mayfield,” said Mayfield Clinic Inc.’s Vice President of Communications Thomas Rosenberger. “No other health or financial information is shared. In this incident, no Mayfield systems were involved, and no patient health or financial information was compromised.

Facility works with vendor to email Mayfield information, such as newsletters, educational information, invitations, and announcements. The vendors also send the emails to patients, business associates, event attendees, website contacts, and other people associated with Mayfield Clinic Inc.

“Mayfield’s first priority is always the well-being of our patients. Once we learned of the incident, we immediately communicated with recipients by email, by social media, and on our website, including both notification and instructions on how to remove the virus.”

Mayfield Brain and Spine guided recipients to resolve the issue by downloading free software to eliminate the malware.  Also, it has collaborated with the vendor’s compliance office to analyze the situation. The facility is also working with computer virus protection service to nullify the virus.

“We are continuously monitoring the situation,” continued Rosenberger. “With all of the action taken to date, we do not believe that recipients of the fraudulent email need to take any additional steps at this time.”

According to the statement:

Mayfield Brain & Spine is the full-service patient care provider of the Mayfield Clinic, one of the nation’s leading physician organizations for neurosurgical treatment, education, and research. With more than 20 specialists in neurosurgery, interventional neuroradiology, physical medicine and rehabilitation, and pain management, Mayfield Brain & Spine treats 20,000 patients from 35 states and 13 countries in a typical year. Mayfield physicians specialize in the treatment of back and neck pain, sciatica, Parkinson’s disease, essential tremor, NPH, epilepsy, brain and spinal tumors, stroke, moyamoya, brain aneurysms, Chiari malformation, scoliosis, kyphosis, facial pain, facial twitch, trauma, concussion, spinal cord injury, and carpal tunnel. As leading innovators in their field, Mayfield physicians have pioneered surgical procedures and instrumentation that have revolutionized the medical art of neurosurgery for spinal diseases and disorders, brain tumors, and neurovascular diseases and disorders.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ransomware and Data Breach

April 21st, 2016

“Is ransomware considered a health data breach under HIPAA?”. The answer is explored in the recent issue of Forbes magazine by author Dan Munro. He researched healthcare and compliance domains.

According to the information presented, a ransomware attack should not be considered data breach as per PHI disclosure restrictions in HIPAA. It is more about the message of lax security that’s being broadcast to cyber-criminals around the world. But Dan believes otherwise.

Ransomware attacks should be considered as unauthorized exposures of private information. It is same as the outright theft of the laptop, desktop, or server breach.

Acccording to the records of Office of Civil Rights (OCR) in 2015, there were more than 300 disclosed healthcare breaches. One-third are due to the loss or theft of some piece of equipment like laptop, desktop, server, or other portable electronic device.

The report also states that more than 100 of the disclosed breaches were due to attack like ransomware. The breaches affected more than hundreds of thousands of records.  It is believed that the records under the hands of criminals can cause breach.

HIPAA rules states that the notification letters to be sent to affected individuals because the systems and the PHI are not under control of the healthcare provider.

Ransomware Attacks

Types of Ransomware –

Few attacks takes control of machine and lock it down. This action blocks the access to legitimate users. The system is unlocked only paying after ransom amount and clearly the system is under the control of criminals.

Few attacks involves remote access control by criminal. They awaits the Bitcoin payment to unlock and reconfigure the system.

Common form of ransomware includes a software which encrypts certain important files with certain password. The process includes accessing the files and encrypting and storing the files  in the same place. Once the payment is done, files are unlocked.

Now a days, ransomware attacks to extort money are on the rise.

There’s more and more documented evidence that this is going on,” says Ori Eisen, founder and chief innovation officer of fraud prevention company 41st Parameter. “It’s more prevalent in the United Kingdom, which is sort of a staging or testing ground. It’s starting there and getting more momentum.”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.