End of July 2016 Cyber Security Summary

August 4, 2016

the art of

What has happened since the beginning of the year?

There have been 572 breaches in 2016 so far, 171 of which have been in the healthcare field. A total of 13,491,597 records have been compromised and the year is only half over!

 

What has happened in July:

Throughout July there were 18 data breaches in the healthcare field consisting of almost 100,000 Compromised records. This accounts for around 33% of the data breaches in July. Some notable breached this month include:

 

Twitter Hacker

A Urology group based out of Ohio was hacked by a cybercriminal based out of the Ukraine. The hacker, who revealed himself on twitter, said that the purpose of the hack was for “political reasons.” The majority of information stolen was related to billing, however some personal information stolen was posted (in picture format) on the twitter account. Most of the stolen data was revealed to be from unprotected excel documents that contained large amounts of information regarding patient’s surgeries.

 

The Darknet

There was a series of related hacks at different healthcare systems, which included an orthopedic group that reported 29,000 records compromised.  The hacker who operates under the name “TheDarkOverlord” compromised records consisting of patient health information including, names, dates of birth, addresses, social security numbers, diagnoses, lab results, medical records and financial information. The information was found to be for sale on TheRealDeal, which is a darknet website, although it is unclear whether any of the information was actually sold or not.

 

Ransomware

An Arkansas surgery center fell victim to a data breach in June (the breach was not made public until July). This breach was a ransomware attack. The installed ransomware did not allow the healthcare providers to access their patient’s records until a ransom was paid. However, the surgery center had a full back up of all patient’s records, so the hackers did not receive any money. In most cases, these types of hacks are not used to access patient’s records, but to receive a payment in the form of ransom.  The investigation is still ongoing to ensure patient information is not being exposed.

 

The Largest Attack in a String of Attacks

A healthcare system in Arizona has discovered 2 cyberattacks leaving 4,000,000 records compromised. The hackers accessed both patient records and payment card recods of food and beverage customers. This is the largest attack in a string of 32 recent attacks on healthsystems in Arizona.

July '16twitter (1)