Cyber Security Summary – December 2016

January 6, 2017


Regarding cybersecurity, December had some good news and some bad news. The good news: December had the lowest amount of data breaches throughout 2016. The bad news: December had the 3rd highest number of records compromised, with a total of almost 1 million. Some of the most notable breaches include phishing emails being sent out, a ransomware attack, and a mobile app that was hacked into.

Since the beginning of December:

In December 2016, there were 16 health breaches and 925,863 records compromised. 61% of healthcare data breaches were due to hacking/IT incident.


Since the beginning of the year:
In 2016 there were over 900 total data breaches and 350 healthcare breaches, consisting of over 35,000,000 records compromised throughout the entire year!

December’s most notable healthcare breaches:

 LA Health Department

The Los Angeles Health Department suffered the largest data breach in December. It is estimated a phishing email sent to employees compromised over 700,000 personal records. Phishing emails contain viruses which allow access to protected information. These emails usually have an open rate around 30%, but in this case, the open rate was only about 10%. However, even with the relatively small number of opens, a significant amount of damage was still caused to the server. The data compromised consisted of names, dates of birth, social security numbers, payment/bank account information, social security numbers, and medical diagnoses.


A health center also based in California was the victim of a ransomware attack. Troldesh, which is the ransomware that was used in this attack works by conducting scans and encrypting files making them inaccessible to authorized users. Toldesh was installed by an unauthorized user who logged into the server. Names, medical diagnoses, medical record numbers, and insurance numbers were among the information stolen. Luckily, no financial information or social security numbers were compromised.


Earlier this month, a medical laboratory company based out of New Jersey disclosed a data breach that affected more than 34,000 people. Information stolen included personal information such as names, phone numbers, dates of birth and lab results. The information was stolen through MyQuest, which is a mobile app that allows patients to share medical records. The app was improperly secured allowing the hackers to gain access to personal records.


07_linkedin 02_facebook 01_twitter 13_pinterest 10_instagram