INSIGHTS
Valuable insights and thought leadership.
- All
- Breadcrumb News
- In The News
- Insights
Indiana Health System Pays $47,000 Ransom to Unlock Patient Data
Indiana hospital system, Hancock Health, said it paid hackers 4 bitcoin, or about $47,000, to unlock it’s network after a ransomware attack on January 11, 2018.
Hackers compromised a third-party vendor’s administrative account to the hospital’s remote-access portal and launched SamSam ransomware, a ransomware variant which encrypts data files on the systems and uses a private key to unlock them. It quickly infected the hospital’s IT system by locking out data and changing the names of more than 1,400 files to “I’m sorry.”
Up to 40,000 OnePlus customers affected by credit card security breach
OnePlus, the smartphone manufacturer behind a popular line of Android phones, has reported a credit card breach affecting up to 40,000 users at oneplus.net. Customers who entered their credit card data on the website between mid-November 2017 and January 11, 2018 could be at risk.
The announcement of the data breach followed numerous reports from customers over the weekend of January 13, 2018 related to fraudulent charges appearing on their accounts. The company immediately launched an investigation and learned one of its systems was attacked. A malicious script was injected into the payment page code to steal credit card information as it was being entered.
21st Century Oncology to pay $2.3M HIPAA settlement for 2015 data breach
21st Century Oncology has agreed to pay a $2.3 million fine to the Department of Health and Human Services for a 2015 data breach that impacted more than 2.2 million patients.
According to court documents, the national cancer care provider headquartered in Fort Myers, Florida, has also agreed to class action lawsuits filed in 2016. 21st Century Oncology operates 179 treatment centers across 17 states.
The breach of the company’s network SQL database and theft of the medical data and Social Security numbers of millions of patients is believed to have occurred as early as October 3, 2015.
Meltdown and Spectre: What You Need to Know
By now you’ve probably heard the terms ‘Meltdown’ and ‘Spectre’ making their rounds in security, tech, and even mainstream news. But if you’re like the majority of the population, these terms don’t mean much to you, nor are you actively paying attention the unfolding of events.
Let’s start by saying that if you’re reading this article, you’re affected. In fact, if you own a computer, smartphone or tablet made in the last 20 years, you are affected. The ‘Spectre ‘and ‘Meltdown’ vulnerabilities affect almost every computer in the world.
Got your attention now?
Meltdown and Spectre are the names of two serious security flaws that have been found within computer processors. They could allow hackers to steal sensitive data without users knowing, one of them affecting chips made as far back as 1995. The vulnerabilities were discovered last year, but only recently disclosed to the public.
How to Have ‘the Talk’ with Your Parents
It’s time to have ‘the talk’ with your parents – the security talk, that is.
2017 was, undoubtedly, the worst year for cyberattacks of all time; and it’s safe to assume that cybersecurity will get brought up at family get-togethers throughout 2018. With half of the American population affected by Equifax’s breach, security will be fresh on everyone’s minds.
Being the tech wiz that you are, your ‘family time’ likely doubles as a free visit from their favorite tech support – and this year will be no different. Uncle Joe will probably bring up the Uber breach coverup (and use it to comment about ‘kids these days’), and Grandma will likely ask you about her Yahoo account (that she’s still using).
Take this opportune moment to provide security tips to all of your family members. Explaining cybersecurity to relatives who grew up in an age without computers can be difficult, so be sure to explain it in a way they’ll understand.
28,434 compromised records and the importance of addressing the insider threat.
The Center For Health Care Services, based in San Antonio, Texas, has notified 28,434 patients of a breach of privacy on their personal and health information. The data was allegedly stolen when a former employee took the information after being fired in 2016.
The compromised data includes patients’ Social Security numbers, dates of birth, medical records numbers, dates of services, referral information, progress notes, types of services, diagnoses, medications, lab and toxicology reports, autopsy reports, death certificates, treatment plans and discharge and death summaries.
According to the released statement: “A former employee of CHCS was discovered to have secretly taken personal health information from CHCS on his personal laptop computer at the time his employment was terminated on May 31, 2016. The discovery was made on Nov. 7, 2017, as a result of documents produced in litigation between the former employee and CHCS.”
