Archive for January, 2017

2016 Cyber Security Summary

Posted by Julia Foster on January 13, 2017 in Blog

 

2016 review - cover
2016 Cyber Security Summary

2016 kept everyone in the healthcare industry on their toes having a record high number of data breaches! Luckily, the number of compromised records dropped drastically in comparison to 2015. However, one trend that was widely recognized was the rise of ransomware attacks. Although not a new method, ransomware is quickly gaining popularity and becoming a huge issue in the cybersecurity world. Read below to see a recap of 2016’s most impactful data breaches!

2016 Review - table

Top 5 Most Notable Breaches in 2016:

The Dark Net Sale
The largest and probably most notable data breach was released in June. The hacker, who goes by the name of TheDarkLord, listed 4 different databases for sale on TheRealDeal market (a dark net source). The databases were being sold for $100,000, $200,000 $400,000, and $485,000 and included names, birthdates, social security numbers, addresses, cell phone numbers, and medical history. Ransomware attacks can put providers in a tricky situation because even if the ransom is paid, they are not guaranteed to get their information back.

Held at Ransom
The first ransomware attack of the year occurred in February at a hospital in California. The hackers were able to lock the system cutting off access to hospital employees. During this time they had to resort to handwritten documentation and prescriptions instead of any electronic communication. The hospital was forced to pay the hackers 40 bitcoins (a type of digital currency operating independently of a central bank) or $17,000 to regain access. There is no evidence that any records were actually accessed during the lockout, but the hospital still took proper precautions.

The Food Court
Another large breach in 2016 consisted of 3.7 million records stolen from an Arizona health system in August. The hackers were able to gain access to a payment processing system in some food and beverage areas throughout their facilities. The stolen information included names, birthdates, social security numbers, credit card information, and health insurance information.

Twitter
One of the most unique data breaches of 2016 was linked to a radical right-wing Ukrainian political group. In July, the group posted a screenshot of information that they compromised from a urology group based out of Ohio to Twitter and uploaded half a million records to a Google cloud-based storage area. The information posted included names, addresses, phone numbers, birthdates, insurance ID’s and diagnoses. When asked the group stated that the motive was political, however, this specific urology group did not have anything to do with the issues.

ID Cards
In August, a company based out of New York that provides ID cards for health plans for big names such as Blue Cross Blue Shield and Health Now was involved in a data breach that consisted of almost 3.5 million records compromised. Information accessed consisted of names, dates of birth, ID numbers, dependents’ names and provider names. The hacker was able to gain unauthorized access to a server which held all of the private information.

The Semi-Truck
In December, almost half a million records were subject to exposure not because of a security attack, but rather a semi-truck. In Fort Myers, FL a truck driver, transporting a load of old paper medical records failed to securely lock the door on his truck, causing the medical records to fall from the vehicle and blow around. It took 3 days for officials to find all of the medical records that they could, however, not all were accounted for. There was no evidence that any information had been improperly used so far, but the information exposed consisted of everything from addresses and medical history to social security and financial information.

 

2016 review - infographic

07_linkedin 02_facebook 01_twitter 13_pinterest 10_instagram

Cyber Security Summary – December 2016

Posted by Amanda Harner on January 6, 2017 in Blog, News

december-blog-logo

Regarding cybersecurity, December had some good news and some bad news. The good news: December had the lowest amount of data breaches throughout 2016. The bad news: December had the 3rd highest number of records compromised, with a total of almost 1 million. Some of the most notable breaches include phishing emails being sent out, a ransomware attack, and a mobile app that was hacked into.

Since the beginning of December:

In December 2016, there were 16 health breaches and 925,863 records compromised. 61% of healthcare data breaches were due to hacking/IT incident.

graph

Since the beginning of the year:
In 2016 there were over 900 total data breaches and 350 healthcare breaches, consisting of over 35,000,000 records compromised throughout the entire year!

December’s most notable healthcare breaches:

 LA Health Department

The Los Angeles Health Department suffered the largest data breach in December. It is estimated a phishing email sent to employees compromised over 700,000 personal records. Phishing emails contain viruses which allow access to protected information. These emails usually have an open rate around 30%, but in this case, the open rate was only about 10%. However, even with the relatively small number of opens, a significant amount of damage was still caused to the server. The data compromised consisted of names, dates of birth, social security numbers, payment/bank account information, social security numbers, and medical diagnoses.

Ransomware

A health center also based in California was the victim of a ransomware attack. Troldesh, which is the ransomware that was used in this attack works by conducting scans and encrypting files making them inaccessible to authorized users. Toldesh was installed by an unauthorized user who logged into the server. Names, medical diagnoses, medical record numbers, and insurance numbers were among the information stolen. Luckily, no financial information or social security numbers were compromised.

Lab

Earlier this month, a medical laboratory company based out of New Jersey disclosed a data breach that affected more than 34,000 people. Information stolen included personal information such as names, phone numbers, dates of birth and lab results. The information was stolen through MyQuest, which is a mobile app that allows patients to share medical records. The app was improperly secured allowing the hackers to gain access to personal records.

excite-infographic-december

07_linkedin 02_facebook 01_twitter 13_pinterest 10_instagram