Cyber Security Summary – May 2017

June 16, 2017

Cyber Security Summary –  May 2017

In the cyber security world, May was an extremely eventful month due to the largest ransomware attack to date, occurring worldwide. Luckily, this outbreak only had minimal effects on the United States healthcare industry. For cyber security in the US healthcare industry, May turned out to be a fairly average month in terms of total breaches, but extremely high when it comes to the amount of records compromise. Throughout May there were approximately 30 healthcare breaches and 900,000 records compromised.* Some major cyber security breaches included the global WannaCry ransomware outbreak, TheDarkOverlord stealing (more) health records and a simple URL change exposing personal information.


From the Beginning of the Year:

Since the beginning of 2017 through May 2017, there have been 724 data breaches and nearly 11 million records compromised. The medical/healthcare industry accounts for 23% of records compromised, with nearly 2.5 million records, and 22% of breaches with 159 breaches.*

Major Cyber Security Activity


The WannaCry outbreak was the largest ransomware attack to date! Over the course of one weekend the virus infected approximately 200,000 computer systems in 150 different countries. The ransomware targeted vulnerabilities in Microsoft Windows computers. Britain’s National Health System runs on Windows XP making its hospitals one of WannaCry’s largest victims.  Over 40 U.K. hospitals’ systems were paralyzed by the attack.  While the WannaCry attack did not hit healthcare systems in the US as hard, it was reported that numerous US medical devices were infected.

Although the attack effected so many different computer systems it is reported that the hackers only made $50,000. Which is a rather small amount for the high quantity of systems they took control of (for reference in 2016 a hospital in Hollywood paid $17,000 to a hacker to release one system.) Luckily, the attack was stopped by a hacker group known as “Shadow Brokers” and any new waves of WannaCry are not as harmful as the original.

TheDarkOverlord….. is back

The hacker know as, TheDarkOverlord is back.  This particular hacker or hacker group (it is still unknown if TheDarkOverlord is working alone or as a group), who is responsible for numerous other healthcare attacks including the breach of 9.3 million records from a health insurer, stole and released 180,000 patient healthcare records. These records were stolen from a New York based dentist, California’s OC Gastrocare and a Surgery Center in Florida. In TheDarkOverlord fashion, these records were made accessible to the public on Twitter. The database of records contained information such as medical conditions, insurer details, Social Security numbers, birth dates, and payment information.  TheDarkOverlord does not only specialize in extorting healthcare organizations, they are credited for leaking the newest season of Netflix’s show, Orange is the New Black.

A Simple URL Change

A glitch in a large healthcare organization’s online patient portal was giving unauthorized access to patient information with a simple change of a URL.  While this problem was reported in April 2017, it was not entirely fixed until May.  In April a patient portal user reported that when looking at their personal health records, they were able to access other’s records without a username or password by changing a number is the web address.  When accessing these records users could see, names, birthdates, addresses and information that may point to specific diseases. Once the issue was brought to light the organization immediately shut down the patient portal and corrected the problem.

*Values are approximate, based from a report release on June 6th, 2017 by the Identity Theft Resource Center