Healthcare Records for Sale on Dark Web*:
- Last August, a Baltimore substance abuse treatment facility had its database hacked.
- Patient records subsequently found their way onto the Dark Web, and included information such as dates of admission, whether the patients are on methadone, their doctors and counselors, and dosing information.
- The sample provided by the hacker consisted of 727 pages of unredacted patient profiles containing personal and treatment information on 633 patients.
- Healthcare records have historically been a key economic driver of the Dark Web economy for many years because they are such a rich source of very specific personal information that can be used to initiate fraud.
- The Identity Theft Resource Center reported that there were 355 breaches in 2016 affecting 15 million records.
- 2016 was a record year for US Healthcare breaches – affecting hospitals, dental clinics, and senior care facilities, among others.
- The Dark Web has been flooded with packages of personally identifiable information due to the high number of breaches, and it has caused the value of an individual record to drop to between $0.50 and $1.
- The healthcare sector remains a highly targeted industry as it offers rich, bundled resources of information that can be exploited and sold.
- Full understanding and support from the highest levels of management are absolutely critical to the success of any security program.
- All companies with a compliance obligation, like HIPAA, must remember that the point of compliance is to impose a certain level of security; compliance comes as a result of having a good security program.
- Both compliance and security are ongoing efforts – there are always new vulnerabilities discovered, new versions of software coming out, and advances in attacking and defending.
- The HIPAA Security Rule breaks down into three main areas:
- Administrative Safeguards
- Physical Safeguards
- Technical safeguards
*Source: CSO, April 24, 2017
Details of Over a Million Aadhaar Numbers Published on Jharkhand Govt. Website*:
- Digital identities of more than a million citizens have been compromised by a programming error on a website maintained by the Jharkhand Directorate of Social Security.
- The glitch revealed the names, addresses, Aadhaar numbers and bank account details of the beneficiaries of Jharkhand’s old age pension scheme.
- Their personal details are now freely available to anyone who logs onto the website, a major privacy breach at a time when the Supreme Court, cyber-security experts, and opposition politicians have questioned a government policy to make Aadhaar mandatory to get benefits of a variety of government services.
- Officials were surprisingly sanguine about the breach, suggesting that they had been aware of the situation for several days.
- The secretary of the state’s social welfare department stated their “programmers are working on it, and the matter should be addressed very soon.”
*Source: Hindustan Times, April 23, 2017
HipChat Got Hacked*:
- HipChat is an application service provider that launched in January 2010 for internal/private chat and instant messaging.
- An unknown intruder broke into HipChat, the Atlassian-owned team communication platform, and made off with a significant amount of data.
- The attacker was able to access user-account information, including names, email addresses, and hashed passwords.
- The company hashes all passwords using the bcrypt algorithm, with a random salt.
- In a small number of instances (around 0.05 percent), the attacker was able to access messages and content within rooms.
- In the other 99.95 percent of instances, it’s possible the attacker accessed room metadata.
- The company has invalidated passwords on all HipChat-connected accounts believed to be affected, and emailed password reset instructions.
- The issue lies in a third-party library, which contained unpatched security vulnerability.
*Source: The Next Web, April 24, 2017
Chipotle Serves Up Security Incident Warning*:
- Chipotle Mexican Grill has issued a security incident report noting that it spotted "unauthorized activity" surrounding its payment processing system over a period of at least three weeks.
- The possible breach involves credit and debit card transactions at Chipotle restaurants from March 24 to April 18.
- Chipotle noted that its investigation is still continuing, and more details may later emerge.
- The company immediately began an investigation with the help of cyber security firms, law enforcement, and their payment processor and have taken steps to stop the unauthorized activity.
- Chipotle also added in a statement that they have implemented additional security enhancements.
*Source: Dark Reading, April 26, 2017
10,000 Windows Computers May be Infected by Advanced NSA Backdoor*:
- Security experts believe that tens of thousands of Windows computers may have been infected by a highly advanced National Security Agency (NSA) backdoor.
- The NSA backdoor was included in last week's leak by the mysterious group known as Shadow Brokers.
- DoublePulsar, as the NSA implant is code-named, was detected on more than 107,000 computers in one Internet scan, and other researchers detected 41,000 and 30,000 infected machines in separate mass scans.
- To remain stealthy, DoublePulsar doesn’t write any files to the computers it infects; this design prevents it from persisting after an infected machine is rebooted and the lack of persistence may be one explanation for the widely differing results.
- Not everyone is convinced the results are accurate – critics speculate that a bug in a widely used detection script is generating false positives.
- Readers should consider the results of these scans tentative and allow for the possibility that false positives are exaggerating the number of real-world infections.
- At the same time, people should know that there's growing consensus that from 30,000 to 107,000 Windows machines may be infected by DoublePulsar and once hijacked, those computers may be open to other attacks.
*Source: ARS Technica, April 21, 2017
Web Attacks Decline, Ransomware Attacks Surge*:
- Symantec’s annual Internet Security Threat Report data shows that web attacks dropped by more than 30% last year and ransomware attack attempts jumped by 36%.
- The report also shows a continued dip in the total number of data breaches to 1,209 in 2016, from 1,211 in 2015, and 1,523 in 2014.
- The dip in total breaches is a combination of organizations doing a better job of reducing the amount of data that's at risk, and the fact that attackers have more automated methods of stealing information.
- There was an average of some 229,000 web attack attempts detected each day last year, and 76% of websites had bugs, 9% of which were critical.
- Symantec detected 463,000 cases of ransomware last year, up from 340,000 in 2015.
- The average ransom surged from $294 in 2015 to a whopping $1,077 last year.
- Consumers still represent about 70% of all ransomware infections, but businesses increasingly are becoming targets.
- 15 breaches in 2016 exposed more than 10 million identities, a slight increase from 13 in 2015, and 11 in 2014.
- Overall in the past eight years, some 7.1 billion identities have been exposed worldwide.
*Source: Dark Reading, April 26, 2017