October 2016 Cyber Security Summary
November 3, 2016
October 2016 Cyber Security Summary
While there were still almost 150,000 people affected by data breaches in October, there were less compromised records last month than in the months previous. Data breaches last month included a facility with permanently lost information, phishing emails, and private info being made available for 5 months!
Since the Beginning of the year:
Since the beginning of 2016 there have been a total of 845 data breaches consisting of almost 30 million records compromised! Healthcare data breaches make up for around 35% of the total data breaches, but almost half of the total records compromised!
Lost Information
A children’s hospital was the source of a ransomware attack effecting over 30,000 patients. Once the hospital detected that hackers were encrypting data, they immediately shut down their computer system to prevent losing any records. Even with these measures taken, some data was unable to be recovered. The unrecoverable data included information like demographics, medical history, and billing information. Since then, the hospital has taken steps to strengthen its security and notify patients of the breach.
The Phishing Email
A phishing email was sent out to the employees of a health center, based out of Massachusetts, in an attempt to gain access to important files. Phishing emails, which often come in the form of an official looking email, are scams that attempt to trick users into downloading software or into visiting an infected website, so that the hacker can gain access to the system. This particular incident caused the hacker to gain access to over 13,000 patient’s medical records. Although there has been no evidence that any of the information is being used illegally, patients have all been notified and given a support number to call if needed.
Amazon
A physical therapy and fitness center was the victim of a data breach that exposed their client’s information including social security numbers and Medicare numbers. It came to their attention that their client’s information had been accessible to unauthorized users through Amazon Web Services for almost 5 months. So far, they have no evidence of misuse of any of the information.
