Viewing entries tagged
data breach

Healthcare Data Breach Costs Highest of Any Industry at $408 Per Record

According to a new study from IBM Security and the Ponemon Institute, the cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year. 

For the eighth year in a row, healthcare organizations had the highest costs associated with data breaches. The next highest industry was financial services with an average of $206 per lost or stolen record - half of what it cost the healthcare industry. The cost for healthcare organizations is also nearly three times higher than the cross-industry average of $148 per lost or stolen record.

LabCorp Breach May Have Exposed Millions of Medical Records

LabCorp, one of the nation’s largest medical diagnostics companies, is investigating a security breach that may have put health records of millions of patients at risk.

In a filing with the Securities and Exchange Commission, the company says it detected “suspicious activities” on its network over the weekend of July 14 and “immediately took certain systems offline as part of its comprehensive response to contain the activity.” 

Macy’s and Bloomingdales Reveal Two-Month-Long Data Breach

Macy’s and Bloomingdale's have informed online shoppers of a data breach that lasted nearly two months. 

According to a letter from Macy’s Inc., the department stores’ parent company, an unauthorized party reportedly used stolen usernames and passwords to log into the online accounts of certain Macys.com and Bloomingdales.com customers between April 26 and June 12. While it said only “a small number of our customers” were affected by the breach, it didn’t specify how many and said only that the data was obtained from an outside source.

Tesla Sabotage Highlights the Risks of Insider Threat

A former Tesla employee used his access to the company’s network to steal “gigabytes” of highly sensitive data and transferred it to unknown third parties.

Tesla CEO, Elon Musk, sent an email to all employees late last Sunday night alleging that he had discovered a saboteur in the company's ranks.

Musk said this person had conducted "quite extensive and damaging sabotage" to the company's operations, including changing code to an internal product and exporting data to outsiders.

How Long Does It Take to Breach a Healthcare Network?

A recent survey of hackers, incident responders, and penetration testers revealed that the majority can gain access to a targeted system within 15 hours, but more than half of hackers (54%) take less than five hours to gain access to a system, and steal sensitive data. 

The data comes from the 2018 Nuix Black Report and its survey of 112 hackers and penetration testers, 79% of which were based in the United States.

New Colorado Breach Notification Rules Signed Into Law

If your company has customers in Colorado, you may need to revamp your policies for notifying victims of a data breach.

Last week, Colorado Gov. John Hickenlooper signed into law expansive consumer data legislation that mandates all organizations report breaches within 30 days, making it the most stringent in the nation.

The legislation updates the state’s current notification language that states notification must happen without “reasonable delay.”

TeenSafe app leaked tens of thousands of user passwords

Two servers used by an app for parents to monitor their teenagers' phone activity have exposed the account information of tens of thousands of parents and children.

The mobile app, TeenSafe, allows parents to track the smartphone usage of their children, including their social media interactions, web history, call logs, installed apps, and real-time location. According to the Los Angeles-based company behind the service, more than a million parents currently use the service.

Over 1M Patients Affected by Healthcare Breaches in Q1 of 2018

According to a new report by the HIPAA Journal, the first three months of 2018 have seen 77 healthcare data breaches. The breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), have impacted more than one million patients and and health plan members.

This number is twice the number of individuals impacted by healthcare data breaches in Q4 of 2017. Between January 1 and March 31, 2018, 1,073,766 individuals had their Patient Health Information (PHI) exposed, viewed, or stolen compared to 520,141 individuals in Q4, 2017.

Fresno State Data Breach Affects 15,000 People

A Fresno State hard drive containing personal data for about 15,000 people was stolen in January, the university said Tuesday.

The hard drive was reported missing on January 12, a theft the school believes took place in late December in a break-in at the school’s athletic department while the campus was closed for winter break.

Up to 40,000 OnePlus customers affected by credit card security breach

OnePlus, the smartphone manufacturer behind a popular line of Android phones, has reported a credit card breach affecting up to 40,000 users at oneplus.net. Customers who entered their credit card data on the website between mid-November 2017 and January 11, 2018 could be at risk.

The announcement of the data breach followed numerous reports from customers over the weekend of January 13, 2018 related to fraudulent charges appearing on their accounts. The company immediately launched an investigation and learned one of its systems was attacked. A malicious script was injected into the payment page code to steal credit card information as it was being entered.