Community Health System, located in Tennessee, has agreed to settle claims made against it arising from a 2014 data breach for $4.5 million. The data breach, believed to be caused by Chinese hackers, compromised the names, dates of birth, addresses, telephone numbers, and Social Security numbers of 4.5 million patients of the hospital system, which … Continue Reading
The scammers continue to find easy ways to dupe unsuspecting businesses into sending information or money to them. It used to be that we had to address vast fraud schemes with phishing emails requesting the W-2s of employees. That is child’s play now as most companies are aware of the scheme and don’t fall victim … Continue Reading
The bane of data security is the patch. The patch is what your IT guys are doing in the background to fix vulnerabilities in software that are known to the manufacturers, and to attempt to fix the vulnerability before hackers can exploit it. Patching is a very important part of a security plan, but the … Continue Reading
Atrium Health and its vendor, AccuDoc Solutions, released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident. The information contained in the database included patient names, addresses, dates of birth, health insurance information, account balances, dates of service and some … Continue Reading
Phishing attacks continue to hit health care providers and experts say the attacks will become even more frequent in 2019. As previously reported, the largest breach of health care information was recently settled by Anthem, which involved almost 80 million individuals’ information, all caused by a phishing email sent to one individual at Anthem [view … Continue Reading
The U.S. Patent and Trademark Office (USPTO) announced last week that it has discovered that unauthorized users have attempted to hack into its online trademark system to attempt to make unauthorized changes to active trademark applications and registrations. They have also tried to register marks owned by others on third-party brand registries. According to USPTO, … Continue Reading
Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents in which we have been engaged in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the … Continue Reading
As we previously noted, Facebook originally announced a breach late last month, in which hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from 50 to roughly 30 million, and it acknowledged that hackers … Continue Reading
Facebook announced late last week that it had suffered the largest breach in its history with 50 million accounts were compromised, and another 40 million accounts affected. Yes, that equals 90 million accounts. If you use Facebook and were locked out of your account over the weekend, your account was most likely affected. The 50 … Continue Reading
The State of California is once again leading the way with trying to keep up with technology and protecting consumers. Senate Bill 327 requires Internet of Things (IoT) developers to implement “reasonable security features” in IoT products, such as baby monitors, televisions, automobiles, home appliances, fitness monitors, home security systems, and the like. This is … Continue Reading
Yesterday (September 26, 2018), Uber Technologies Inc. agreed to finish inquiries of all 50 states of its 2016 data breach by paying $148 million in different amounts to all 50 states and the District of Columbia. The settlement concludes the investigations into the data breach, which occurred in 2016 when hackers absconded with the personal … Continue Reading
California lawmakers have taken the lead in trying to address privacy and security issues with Internet of Things (IoT) devices (which we have been writing about for years), by passing the country’s first IoT security bill, which is now headed to Governor Brown’s desk for signature by September 30. One of the issues addressed by … Continue Reading
Data breaches continue to plague the health care industry, and July 2018 was the worst month so far this year in the number of data breaches reported to the Office for Civil Rights (OCR). Thirty-three data breaches were reported by covered entities and business associates in July, with the largest one reported by UnityPoint Health, … Continue Reading
We reported last week that a spyware maker compromised users’ and victims’ sensitive information [view related post]. Since that time, another spyware maker, mSpy, which holds itself out as having over a million users employing its product to “spy” on their partners and children, has reportedly leaked the passwords, call logs, text messages, location data, … Continue Reading
An old trick is coming back and working. It is a wire fraud scheme targeted at homeowners instead of businesses, and it is happening at an alarming rate. Here’s how it works: An individual is in the process of purchasing a home. Most of the communication in real estate transactions these days is done via … Continue Reading
It has been reported that a hacker was able to break into the servers of TheTruthSpy, a company that is described as “one of the most notorious stalkerware companies out there” (Motherboard, August 2018) and was able to steal logins, audio recordings, text messages, and pictures of victims. Motherboard has issued a series of stories that … Continue Reading
A new ransomware, dubbed “Ryuk,” has surfaced in the last few weeks that is said to be targeting large organizations in the United States. The attackers behind Ryuk have reportedly made over $640,000 in just two weeks, and are allegedly connected to the well-known hacking group out of North Korea—Lazarus. According to security company Check … Continue Reading
Just days after the FBI issued a private warning to the banking industry (read more here), the botnet network known as Necurs began a spamming campaign that targeted the banking industry. The activity was discovered by the security research firm Cofense. According to Cofense, the Necurs network started a concentrated spear phishing campaign against approximately … Continue Reading
The Department of Homeland Security (DHS) has indicated that Russian hackers successfully attacked the energy, nuclear, aviation and critical manufacturing sectors through targeted phishing campaigns throughout 2017. According to DHS, the coordinated attacks started in 2016 with one compromise that was dormant for a year until other infiltrations occurred. The hackers targeted real people by … Continue Reading
In a lawsuit against its insurance company requesting reimbursement for close to $2.4 million from two different hacking incidents, National Bank of Blacksburg detailed the intrusions, which are instructive of a sophisticated scheme against the financial services industry. According to the lawsuit, the first theft took place on Memorial Day weekend of 2016. In that … Continue Reading
As a frequent traveler, both personally and professionally, this bit of research unnerved me. Of course, it makes sense when you think about it, and none of us should be surprised, but it is a good reminder for those of us who are on the road a lot. Security researchers at F-Secure in Finland report … Continue Reading
In what is being called a systematic targeting of large health care organizations, pharmaceutical companies, and IT companies and equipment manufacturers that service the health care industry, Symantec has reported that a new hacking group, dubbed “Orangeworm,” is carefully selecting its targets and strategy prior to launching an attack. According to Symantec, the hackers have … Continue Reading
Inogen, which manufactures portable oxygen devices, has alerted the Securities and Exchange Commission in a recent filing that it is notifying 30,000 individuals that their personal information was compromised when a hacker gained access to one of its employees’ email accounts through a phishing scheme. The incident illustrates how the manufacturing sector is continuing to … Continue Reading
Late last week, a joint statement by the Department of Homeland Security and the Federal Bureau of Investigation confirmed that the Russian government has been behind an ongoing targeted campaign to penetrate U.S. power plants and the electric grid. Of course, this fact has been well known and has been reported on repeatedly in the … Continue Reading
