Hacker

Hacking incident and data breach

May 20th, 2016

Alcohol and substance abuse patients in San Juan County, New Mexico suffered data breach due to hacking incident. According to the official statement, San Juan County mentioned that an outside entity had gained access to a county-owned computer. The device contained PHI and was accessible to hacker for half an hour. Affected information included names, addresses, health assessments, treatment information, and medication information.

Health information of participants in two treatment programs that collected PHI was viewed by hackers. Both the programs were created to help individuals in the criminal justice system for the cases related to drunk driving or substance abuse violations. The treatment programs support offenders to recover from drug and alcohol addictions.

“We take your privacy and protection very seriously and we deeply regret that this incident occurred,” reported the notice. “We are now in the process of reviewing our internal policies and data-management protocols and will be implementing enhanced security measures to help prevent this type of incident from recurring in the future.”

According to the statement, no other information other than mentioned above was disclosed in the possible healthcare data breach.

“Upon learning of the incident, SJC immediately took steps to investigate the incident and to ensure that no additional information may have been put at risk. SJC completed a forensic computer investigation and has found no evidence that this information was accessed by the intruder or removed from the computer.”

Healthcare data security measures and patient privacy policies are analysed and improved after the incident.

SJC advised patients for following –

Contact SJC at the phone number provided below. SJC will determine if your information was potentially affected. SJC can then provide complimentary identity repair and protection services, at no cost to you. 

Although financial account details were not affected by this incident, as a general precaution we recommend that you review your credit and debit card account statements as soon as possible to determine if there are any discrepancies or unusual activity listed.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Cyberattacks remains major concern for healthcare industry

April 19th, 2016

According to the recent survey by Symantec Corporation on healthcare cybersecurity, cyberattacks were the top reason behind healthcare data breaches in 2015. Many healthcare facilities are now focusing more on cybersecurity. Ransomware and phishing scams are on the rise with increased threat to sensitive data.

“For the first time in 2015, criminal attacks are the number one cause of data breaches in the health sector,” stated the study. “Why? Because, the cyber-criminals have figured out that health data is deep and valuable, and that healthcare IT infrastructure, from traditional IT systems to connected medical devices, is typically vulnerable and easy to penetrate.”

In last decade the data breaches were mainly due to lost or stolen device but it is changing now. Cyberattacks are growing exponentially and soon it may take over other forms of data breaches.

EHR and other health IT systems mostly get shutdown due to cyberattack strongly affecting hospital routine work. Researchers of Symantec also connected the rise in cyber threats to the increase in innovative medical devices.

“Healthcare is a uniquely difficult environment to secure against cyber threats and often security measures conflict with care delivery,” wrote the authors of the report. “There are a lot of shared devices, many of which are critical to patient care. Routine security measures often don’t work in a clinical context.”

Healthcare industry should implement cybersecurity tools to protect from any such attacks. According to the surveys, healthcare sector suffers most under the hands of cyber criminals as compared to other industry because the it is highly regulated. There are stringent laws in case of healthcare data breach which tempts criminal to extort handsome money.

“Certainly, security technologies are available to protect organizations from these sophisticated attacks across multiple security control points―email, network, and endpoint―but the front line of defense is still the employee who receives the email and may be tempted to click on an infected web link,” stated the report. “Investment in contemporary security technology is important, but always needs to be complemented by training and drills for your workforce.”

Also, healthcare providers should be prepared for all types of attacks.

“Any breach, no matter how small, can provide valuable information to attackers as they accumulate details on healthcare organizations, their staff and patients, and their IT infrastructure,” noted the report.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data Breach Due to Email Misconduct

April 11th, 2016

Val Verde Regional Medical Center recently announced data breach when unsecured PHI in an email was discovered.

“On or about August 9, 2015, an independent healthcare provider downloaded unsecured protected health information and emailed it to a personal account without encryption protection,” explained the press release. “In addition, the independent contractor was not authorized to access some of the protect[ed] health information.”

Val Verde Regional Medical Center came to know about health data breach on December 8, 2015. Affected patient information in the email included names, addresses, phone numbers, medical record numbers, and visit numbers.

According to the OCR data breach portal, two thousand individuals were affected by the incident. Val Verde Regional Medical Center launched an investigation. It also notified patients who were possibly affected by the event.

Internal audit and improved security measures to the hospital’s HIPAA security program is being undertaken by the hospital.

Val Verde Medical Center  believes that there have been no reports of improper use of PHI, patient medical histories, or Social Security numbers by unauthorized individuals. It has encouraged all potentially affected patients to monitor credit reports for suspicious activity.

Users are advised to take necessary steps.They are advised to obtain credit reports from one or more of the major credit reporting agencies to monitor financial accounts for unauthorized activity. Consumers are entitled to  get a free copy of their credit report from each of the major nationwide credit reporting companies once every 12 months. They need to request the same as per the federal law.

Del Rio and surrounding communities received services from Val Verde Regional Medical Center since 1959. Val Verde Regional Medical Center considers the privacy of patients as a high priority task. It is guided by the mission to improve the health of the people in the communities served.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare Data Security and Hackers

April 9th, 2016

In recent times, hackers are looking for innovative ways to infiltrate through covered networks. With digitization of healthcare industry comes challenges to secure patient information. But the change has brought speed, efficiency, and effectiveness to treat patients and prevent diseases. The scenario is also boon for hackers. All the sensitive data is now present on the server which can be hacked.

According to the reports, the healthcare industry was the most targeted sector for cyber attacks in 2015. Cyber

attacks have compromised over 100 million medical records.  Attack on Anthem’s network resulted into 70% of all compromised records.

According to the CEO of Vigitrust, Mathieu Gorge,  “The first thing to consider is the actual value of the patient data, so if you go to a hospital or to your GP, data that is held about you has a lot of value to you and we need to protect the confidentiality and integrity of that.”

The reason behind the cyber attacks on healthcare are on the rise due to following reasons

 Sensitive Personal Information

Electronic Health Records (EHRs) is being used frequently in the healthcare industry. The availability of information lures hackers to get ransom for sensitive information.  Sometime attack lock medical histories, psychological profiles, and family connections to billing data and addresses. Hackers can then demand money to unlock affected information.
Hackers can also indulge in activities like insurance fraud, identity theft, and extorting victims. The most shocking fact of the medical information is that it can be used number of times unlike credit cards which can be blocked immediately.  Also, healthcare data is extremely valuable in the black market.

Taking advantage of Intellectual Property
Considering R& D department of big companies, there is possibility of cyber attack to gain access to intellectual property. Due to competitive market, the price of intellectual property sky rockets in the grey market.

Lack of Awareness
Recent trends show that the healthcare industry is undergoing fast transition towards digitization. IT is migrating health records to digital and using new storage and processing techniques to analyze patient data. But the pace with which data is translated is not reflected into security aspects. One needs to keep security process intact to safeguard data.

Human Resources
There is a lack of security professionals in the healthcare industry. Many who are working in the industry don’t have enough knowledge to handle sophisticated cyber attack.

Innovation in Attack
Below are the few examples where hackers have gone beyond the conventional attack. Example includes – remotely modifying the dosage rates of an insulin pump and manipulation of baby monitors.

To safeguard data, Gorge suggest that, “The first thing to do, if you are an entity that has access to health records, is to make sure you have a data classification policy. This allows you to do an inventory of your data: The structured data, the unstructured data, that you hold yourself, and the data that you might need to access that might be held by another entity.”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hospitals and Ransomware

March 28th, 2016

The Ottawa Hospital, Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital was recently infected with ransomware.

As per Kentucky Methodist Hospital, “Methodist Hospital is currently working in an internal state of emergency due to a computer virus that has limited our use of electronic Web-based services. We are currently working to resolve this issue, until then we will have limited access to Web-based services and electronic communications.”

“It did cause significant disruptions of our IT systems,” Fred Ortega, spokesman for Prime Healthcare Services, which operates Chino Valley Medical Center and Desert Valley hospital, told BBC News. “However, most of the systems and the critical infrastructure has been brought back online.”

Locky ransomware was delivered by email and spread from the initial infected computer to others on the network. Jamie Reid, Kentucky Methodist’s information systems director mentioned in the statement.

“We have a pretty robust emergency response system that we developed quite a few years ago, and it struck us that as everyone’s talking about the computer problem at the hospital maybe we ought to just treat this like a tornado hit, because we essentially shut our system down and reopened on a computer-by-computer basis,” David Park, an attorney for Kentucky Methodist, told Krebs.

Attackers demanded four bitcoins (approximately $1,600) to decrypt the files.

Canada’s Ottawa Hospital was also infected. Around 9,800 computers were infected with ransomware. “The malware locked down the files and the hospital responded by wiping the drives,” hospital spokeswoman Kate Eggins told the National Post. “We are confident we have appropriate safeguards in place to protect patient information and continue to look for ways to increase security.”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Passwords under threat at Linode

April 20th, 2013

One of the leading VPS hosting company Linode came under a vicious hack attack, that posed serious threats to its customers. Luckily for them, Linode had been proactive in safeguarding its customers’ credit card information. They had been successful in thwarting the attack. According to a blog post that was published soon after the incident, the company’s officials identified and blocked all suspicious activities on the networks.

“Credit card numbers in our database are stored in encrypted format, using public and private key encryption,” Read one of the blog posts on the company’s website. Linode maintains that a group named Hack The Planet (HTP) claimed   responsibility for accessing   Linode Manager web servers, by exploiting an obscure vulnerability in Adobe’s ColdFusion application server. These vulnerabilities tended to in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was belted out last week.

This is not the first time hackers have tried to get inside Linode .A year ago, sometime in the March of ’12 servers it hosted were hacked and the hackers got their bank balances full with bitcoins.

The susceptibility resulted in the group getting exposure to a web server, parts of Linod’s source code and finally its database. The company is reported to have been bending over backwards to safeguard critical information of its customers.

A customary investigation done by the company revealed that HTP did not get access to any other section of the company.

However, HTP has asserted it has access to those keys, however, as it was stored on the same server it compromised

The company also divulged a little information on how they function. Their database contains credit card numbers in an encoded format, using both public and private encoding. Since the private key is protected and the complex password is not stored on the network, it becomes next to impossible for hackers to get all the information

The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically.

“There were occurrences of Lish passwords in clear text in our database. We have corrected this issue and have invalidated all affected Lish passwords effective immediately. If you need access to the Lish console, you can reset a new Lish password under the Remote Access sub-tab of your Linode,” one of the officials maintained.

It is advisable for the customers of Linode to change their passwords in case they have used their Linode passwords on any service other than Linode.

How Alertsec can be of help to customers in such murky waters

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Enhanced by Zemanta