Cyber Security Blog

Bon Secours breach

There is a lot to gain from patient medical history and cyber-criminals know it!

R-C Healthcare Management is a reimbursement optimization firm and a business associate of the Bon Secours hospital system. R-C Healthcare Management left patient PII accessible on the web for four days. The breach affects more than 650,000 Bon Secours patients and includes informational such as names, insurance identification numbers, banking information, social security numbers and some clinical data from three states

The vulnerability was discovered on June 14 and R-C Healthcare shortly thereafter took down the sensitive data.  

Omni Hotels & Resorts

On May 30 2016, Omni Hotels & Resorts suffered a data breach. The hotel chain notified its customers that hackers stole payment-card information due to malicious software being installed on their point-of-sale systems.  Omni Hotels wrote on its website, “(The) malware may have operated between Dec. 23 and June 14, although most of the systems were affected during a shorter time frame”. They also stated that 49 of its 60 hotels in North America were affected.

A hacker, who goes by the name ‘JokerStash’, sold more than 50,000 payment card numbers related to the Omni breach on the dark web.

U-Miss Medical Center

A data breach can be costly. You can ask the University of Mississippi Medical center just how costly it can be. On March 21, 2013 a U-Miss Medical Center privacy officer found that a password-protected laptop was missing from UMMC’s Medical Intensive Care Unit and notified the Department of Health and Human Services Office for Civil Rights. Three years later, the Medical Center is being fined $2.75M for HIPAA violations due to this incident. Approximately 10,000 people were affected by the PHI breach.

Investigation revealed that UMMC was aware of risks and vulnerabilities to its systems as far back as April 2005,

Polish Telecom Breach

Netia, the second-largest telecoms operator in Poland, recently suffered a data breach following a hack. The attack resulted in 14GB of customer data being stolen and kept the website down for the majority of the day. The exact details of information of the data stolen has not yet been disclosed.

In a statement, Netia said the incident involved “unlawful access to personal data that [our customers] inserted through forms on the website netia.pl”. In the same statement, Netia said “the passwords and logins to the self-service NetiaOnline webportal are secure,

Pokémon Go

While I haven’t yet dared download the Pokémon GO game yet, it is all many of us have been hearing about on the news, radio, and social media. However, some of the publicity the game is receiving has been negative. Fake versions of the game, riddled with malware were found on the Google play store last week.

One version of the game appeared in the app store as Pokemon Go Ultimate’ but once installed it appeared as PI Network on an Android device.

Stamford Podiatry Group

Stamford Podiatry Group in Connecticut suffered a cyber-attack that put the health information of 40,491 patients at risk. The organizations technology contractor discovered the attack on April 14th. They responded by shutting down the information systems and engaging Equifax for investigation and remediation. The investigation concluded that the hacker had access to systems between February 22nd to April 14th. The compromised information may have included: medical history and treatment information in the electronic health records system, names, birth dates, Social Security numbers, gender, marital status, addresses, telephone numbers, email addresses,

Project Zero

I must tip my hat off to Google for many of its projects! One of them that has been making news for the past couple of years is Project Zero. It is a team of security analysts employed by Google and tasked with finding zero-day exploits (you know, every company’s dream, just kidding).

Recently they discovered “as bad as it gets” vulnerabilities in Symantec and Norton security products. My first reaction was to freak out a little especially since I personally use these products and work with them.

Hard Rock Hotel & Casino Las Vegas

On June 27, 2016 Hard Rock Hotel and Casino in Las Vegas released a statement on its website about a recent breach they experienced. They are yet another example of a malware attack on payment card systems.  The information captured by the card-scraping malware included cardholder name, card number, expiration date and internal verification code. Customers may have been impacted if their payment cards were used between October 27, 2015 and March 21, 2016 at Hard restaurants and retail outlets in Las Vegas, NV.

POS Malware attacks are common occurrence and as we know with almost all breaches,

Exploiting the IoT

This year’s Defense One Tech Summit, an annual military technology conference was held last week in Washington DC. The US Secretary of Defense, CEO’s from leading tech companies, and technology scholars came together to discuss important security developments. The agenda at the summit was without a doubt very impressive with many technology leaders speaking. Perhaps the topic that captured the most attention was the NSA expressing interest in exploiting internet-connected biomedical and other smart devices to surveil people of interest and collect foreign intelligence. They are looking to exploit the Internet of Things,

Breach at CiCi’s Pizza

I’ll take a thin crust with ham, green pepper, olives, and extra sauce, please! When I research data breaches I always take particular interest in food businesses mostly because I’m a self-proclaimed foodie and love to eat out.

Cici’s Pizza, an American restaurant chain, was recently affected with a credit card breach. Patterns of fraud on customer credit cards were detected in the last few months at various CiCi’s Pizza locations. According to Krebs on Security, “hackers obtained access to card data at affected restaurants by posing as technical support specialists for the company’s point-of-sale provider”.