Mandiant

CareFirst database breached by cyber attackers

May 27th, 2015

The database which is used for members and other individuals to access CareFirst’s websites and online services was breached when cyber attackers gained access to it. The attack was discovered by the CareFirst IT security team. The company mentioned that it is working with Mandiant for IT examinations. The attack likely led to “limited unauthorized access to a database.

The affected information includes member-created user names created by individuals to access CareFirst’s website, members’ names, dates of birth, email addresses and subscriber identification numbers. Social Security Numbers, medical claims information and financial information were not affected.

“Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords,” the statement read.

Affected individuals will receive notification with an activation code to safeguard their accounts from further damage.

“We deeply regret the concern this attack may cause”, CareFirst President and CEO Chet Burrell said in a statement. “We are making sure those affected understand the extent of the attack – and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

11M affected by Premera Health data breach

March 11th, 2015

Sophisticated cyber attack on Premera Blue Cross leads to health data breach affecting 11 million individuals. Company discovered data breach on Jan 29, 2015. Affected entities involve Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the health insurer’s affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Also, members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska were also affected by the cyber attack.

The breached information includes Applicants and members’ names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and claims information, including clinical information.

“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected,” according to the Premera statement. “The investigation has not determined that any such data was removed from our systems.  We also have no evidence to date that such data has been used inappropriately.”

According to the statement, letters will be sent to affected individuals, and two years of free credit monitoring and identity protection services will also be offered to those applicants and members.

“As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward,” Roe said. “All of us here at Premera have been affected by this attack and we understand and share your concerns. Please know that we’re committed to making sure you get the tools and assistance you need to help protect you.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Chinese hackers use malware to access data

August 6th, 2014

Community Health Systems, Inc. reported data breach which affected 4.5 million patients which was cause by Chinese hacking into the computer network using malware. Patient data includes names, addresses, birth dates, telephone numbers and Social Security numbers, but no credit card or medical data were involved. Community Health Systems manages 206 hospitals across 29 states and is among the largest publicly-traded hospital companies in the U.S.

Highlights of the data breach –

  • It was HIPAA violation so organization is alerting all 4.5 million affected patients.
  • Organization is providing free identity-theft protection services.
  • Chinese “Advanced Persistent Threat” group was the culprit.
  • The group was able get through Community Health’s network security with advanced malware.
  • Organization will update its network security to avoid future attacks.

According to the statement:

Since first learning of this attack, the Company has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack. The Company also engaged Mandiant, who has conducted a thorough investigation of this incident and is advising the Company regarding remediation efforts.

The Company carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature. While this matter may result in remediation expenses, regulatory inquiries, litigation and other liabilities, at this time, the Company does not believe this incident will have a material adverse effect on its business or financial results.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.