September 2016 Cyber Security Summary
October 6, 2016
September 2016 Cyber Security Summary
September, yet again, turned out to be an eventful month when it comes to Cyber Security. There were many notable breaches including a ransomware attack, a twitter leak, and a facility that was forced to shut down their computers for 3 weeks.
Cyber Security since the Beginning of 2016:
Since the beginning of 2016, 725 data breaches have occurred, 223 of which were healthcare related. There has also been almost 14,000,000 healthcare records compromised during this time!
Healthcare Data Breach Highlights from September 2106:
Political Attack
A Ukrainian hacker going by the name of Pravyy Sector hacked into the systems of one of the largest urology groups in Ohio. They are thought to be part of a radical right-wing Ukrainian group. The group posted a screenshot containing patient information on their twitter account, along with access to a Google Drive account containing the information from over 300,000 patients. When speaking with different sources, Pravyy Sector states that this attack was politically motivated and they have plans for more attacks in the future.
Ransomware
A spine center in New Jersey fell victim to a ransomware attack effecting almost 28,000 patients. CryptoWall, the ransomware used the in the attack, locked providers out of patient’s records, and disabled the facility’s phone system. The ransomware had access to patient demographics, medical history, and even credit card information. Although there is no evidence suggesting that the information was being used in a harmful way, the facility saw no other option and agreed to pay the ransom.
Virus Attack
A large health system based in West Virginia suffered from a virus attacking their computer system. In order to stop the spread of the virus throughout the system, they shut down their computer system for three weeks. During this time, facilities remained open however, they were required to do everything manually, and had limited access to patient medical history. So far, there is no evidence of misuse of any patient information, and the system is back up and running.
