Viewing entries tagged
in the news

LabCorp Breach May Have Exposed Millions of Medical Records

LabCorp, one of the nation’s largest medical diagnostics companies, is investigating a security breach that may have put health records of millions of patients at risk.

In a filing with the Securities and Exchange Commission, the company says it detected “suspicious activities” on its network over the weekend of July 14 and “immediately took certain systems offline as part of its comprehensive response to contain the activity.” 

How Much Info Does Facebook Have on You?

Facebook is facing criticism after Cambridge Analytica may have wrongly had access to millions of users' personal data.

Wondering how much of your personal data Facebook stores? Our CMO, Jennifer Guidry, spoke with ABC 30 Action News to give viewers a clearer picture of what information Facebook saves and how it is used.

Equifax Finds 2.4 Million More Victims of 2017 Breach

Last month, reports surfaced that more information than previously thought may have been exposed in Equifax's massive data breach, and now, the company has confirmed it. Equifax said Thursday that 2.4 million more people than it previously believed were affected by its massive data breach last year, the second time it has revised up estimates of the number of Americans whose information was stolen.

In October of last year, Equifax revealed that forensics investigators had concluded that 2.5 million more US consumers were affected by the data breach it revealed in September, bringing the total number at that time to 145.5 million. This new revelation raises the number of victims in the US to 147.9 million people.

Indiana Health System Pays $47,000 Ransom to Unlock Patient Data

Indiana hospital system, Hancock Health, said it paid hackers 4 bitcoin, or about $47,000, to unlock it’s network after a ransomware attack on January 11, 2018.

Hackers compromised a third-party vendor’s administrative account to the hospital’s remote-access portal and launched SamSam ransomware, a ransomware variant which encrypts data files on the systems and uses a private key to unlock them. It quickly infected the hospital’s IT system by locking out data and changing the names of more than 1,400 files to "I'm sorry."

Up to 40,000 OnePlus customers affected by credit card security breach

OnePlus, the smartphone manufacturer behind a popular line of Android phones, has reported a credit card breach affecting up to 40,000 users at oneplus.net. Customers who entered their credit card data on the website between mid-November 2017 and January 11, 2018 could be at risk.

The announcement of the data breach followed numerous reports from customers over the weekend of January 13, 2018 related to fraudulent charges appearing on their accounts. The company immediately launched an investigation and learned one of its systems was attacked. A malicious script was injected into the payment page code to steal credit card information as it was being entered.

28,434 compromised records and the importance of addressing the insider threat.

The Center For Health Care Services, based in San Antonio, Texas, has notified 28,434 patients of a breach of privacy on their personal and health information. The data was allegedly stolen when a former employee took the information after being fired in 2016.

The compromised data includes patients' Social Security numbers, dates of birth, medical records numbers, dates of services, referral information, progress notes, types of services, diagnoses, medications, lab and toxicology reports, autopsy reports, death certificates, treatment plans and discharge and death summaries.

According to the released statement:  "A former employee of CHCS was discovered to have secretly taken personal health information from CHCS on his personal laptop computer at the time his employment was terminated on May 31, 2016. The discovery was made on Nov. 7, 2017, as a result of documents produced in litigation between the former employee and CHCS."

Concerned US States Buying Cyber Insurance

The growing threat of hackers and cybercriminals targeting government agencies has led a number of states to purchase cyber insurance to protect themselves - and their constituents. 

As massive data breaches like Yahoo and Equifax dominate news headlines, a growing number of businesses have rushed to purchase cyber insurance policies. Last year, insurers wrote $1.35 billion in premiums, a 35% jump from 2015, according to Fitch Ratings.

Now, US states have begun following suit. In a survey of state CIOs, 38% reported having some type of cyber insurance this year, compared to 20% in 2015.

California health system fined $2 million for making patient data public online - twice.

Santa Barbara, California-based Cottage Health System has agreed to a $2 million settlement with the state attorney general resolving allegations that the health system failed to implement “basic, reasonable safeguards to protect patient medical information”, which led to the exposure of nearly 55,000 medical records.

According to California Attorney General Xavier Becerra, the health system’s failure to protect patient medical information violated state and federal privacy laws. The state alleged the health system failed to adequately protect patient records.

In December 2013, Cottage Health was notified its patients’ records were accessible online, as one of its servers that contained 50,000 patient records was left unencrypted. Worse yet, there was no password protection, firewalls or permissions to prevent unauthorized access. Exposed information included medical history, diagnosis, laboratory test results, and medications.

Uber discloses a 2016 data breach affecting 57M users, after concealing it for a year

On Tuesday, November 21, Uber officially disclosed a massive data breach that affected 57 million users of the ride-hailing app. The breach originally occurred in October of 2016 with Uber working to conceal it for over a year after paying a $100,000 ransom.

Discovery of the company’s cover-up of the incident resulted in the firing of two employees who led Uber’s response to the hack, said Dara Khosrowshahi, who was named CEO in August following the departure of founder Travis Kalanick.

Khosrowshahi said he had only recently learned of the breach, which happened in October 2016. He said Uber had begun notifying regulators. The New York attorney general has opened an investigation into the data breach, a spokeswoman said.

U.S. Government more vulnerable to cyberattacks than your local McDonald’s

Data breaches and hacks of U.S. government networks, once novel and unheard of outside of spy movies, have become a common ‘breaking news’ story over the past few years. So it makes sense that a recently released report ranked U.S. state and federal governments at 16 out of 18 in a ranking of industries, ahead of only telecommunications and education.