Children’s Medical Clinics of East Texas Week 11

For ten weeks there has been data breaches ranging from physical to malware to cyber. For week 11 this breach happens from inside the company. Patient’s information was breached at Children’s Medical Clinics of East Texas when an employee took unauthorized screenshots of patient records (McGee, 2015).Not only do businesses have to worry about outsider threats they have to worry about insider threats as well.

A former employee took screenshots that were not authorized and sent them to a dissatisfied employee. The employee also took home business documents and did not return them (McGee, 2015).Children’s Medical Clinics of East Texas is not sure what patients records were exposed. This breach could affect over 16,000 patients at the clinic. Children’s Medical Clinics of East Texas is providing free credit monitoring to patients that ask for the service. Children’s Medical Clinics of East Texas is conducting a strict internal audit and may possibly upgrade security systems with guidance from Health and Human services (McGee, 2015).

Insider threats are just as risky as outsider threats. Companies need to review how information is transferred between businesses and how their employees handle information as well. If users need to transfer documents the business needs to be able to track the information. That also goes for USB access and file sharing websites. Screenshots are useful for help desk technicians to solve problems and it would be hard to block those altogether if they are used for other business functions.  The best thing a business can do is to mitigate risk of information being taken.

References

McGee, M. (2015, November 11). Clinic Breach Involved Authorized User. Retrieved November 17, 2015, from http://www.databreachtoday.com/clinic-breach-involved-authorized-user-a-8677

Yellowfront Grocery Store Data Breach Week 10

For week 10 a grocery store in Damariscotta, Maine was the victim of a data breach. The Yellowfront Grocery store was a victim of ram scraping malware. This is the same type of malware that was used in the target breach.  If you think that peoples credit or debit cards are safe at a grocery store think again.

The Yellowfront Grocery store is unsure how many peoples payment cards were stolen during the breach. They have said that over 3,000 cards have been replaced by two different banks, because of the breach at their store. They said that only the track 2 data from cards, which contains card numbers and expiration dates and that no cardholder data was comprised (Abel, 2015). Track 2 data contains the cardholder's account, encrypted PIN, plus other discretionary data (Magnetic Stripe Track 1, Track 2 Data Description). The ram scraping malware was able to steal the data before it was encrypted. It was not said if it was on multiple point of sale or POS systems or just one centralized POS system. The Yellowfront Grocery believes the attacker accessed his store's payment system by logging into it through CSTARS's compromised system (Abel, 2015). They believe that the breached happened between August 11 and October 16, 2015. Since only credit and or debit card information was stolen there is no need for credit monitoring. It is a good thing that banks are replacing every person’s card that was used in the store on those affected dates.

This ram scraping malware is very dangerous software. Once a system is affect it will steal card information out of the computers random access memory or RAM before it gets encrypted to be sent off to the payment processor. This is why it is important that stores and credit card companies work together to encrypt the data through the whole transaction. Any store that processes credit and or debit cards needs to make sure there network is secure. Grocery stores will need to check their security by hiring a contractor or security professional to assess their risk.

References

Abel, R. (2015, October 29). Maines Yellowfront Grocery hit by breach, other stores may be affected. Retrieved November 8, 2015, from http://www.scmagazine.com/yellowfront-grocery-notified-customers-via-facebook-of-pos-breach/article/450345/

Magnetic Stripe Track 1, Track 2 Data Description. (n.d.). Retrieved November 8, 2015, from http://www.acmetech.com/documentation/credit_cards/magstripe_track_format.html

Emergence Health Network Breach Week 9

Another week and another data breach happens. In week 9 a Texas mental health institute was breach. Emergence Health Network in El Paso, Texas was a victim of an internet attack that dates as far back as 2012. Over 11,000 patients were affected from this breach (McGee, 2015). Hospitals and any other institution that hold peoples personal information need to realize that they will be targeted, because of the valuable information they hold.

After finding out about unauthorized activity on the server, Emergence Health Network shutdown the server. Emergence Health Network reported the breach to the U.S. Department of Health and Human Services on October 16^th, 2015. They alerted the authorities and called in a third party to run forensics on the server. The third party company found that the unauthorized access to the server could date back to 2012. The information stored on the server included patients' first and last names, addresses, dates of birth, Social Security numbers, case numbers and information indicating that the individual accessed services from EHN or Life Management Center El Paso, the entity's previous name (McGee, 2015). The third party also found that no data was copied or stolen from the server. The third party company thinks that this attack may have been a way to get to another company’s data.  Emergence Health Network will be providing patients with free credit monitoring depending on the case.

After the breach Emergence Heath Network has went through a security overall. They have improved their firewalls and have even hired a third party company to monitor its network. The real question is why wasn’t Emergence Health Network using better information security protection in the first place. After writing this blog for over 8 weeks it seems companies always add more security after they have been breached. The reason for this is because the security is the lowest on the totem pole, but after a breach it becomes top priority.

References

McGee, M. (2015, October 27). Texas Mental Health Center Hacked. Retrieved November 1, 2015, from http://www.databreachtoday.com/texas-mental-health-center-hacked-a-8631

TalkTalk Breach Week 8

For this week’s blog we are going outside of the United States. Remember in week 5 blog’s there was a saying, “No one is safe”, well it seems that the statement was true. The British phone company TalkTalk was hacked. The hackers were able to steal lots of personal data, which will be discussed in the following paragraphs.

So far they are not one hundred percent sure if customers names, addresses, date of birth, phone numbers, email address, TalkTalk account information, credit card details and/or bank details were stolen (Krebs, 2015). The hackers must be doing this for financial gain as they sent TalkTalk a 122,000 dollars ransom to be paid in the digital currency bit coin. Along with the ransom the hackers provided tables from its user database to prove that they were not faking the breach (Krebs, 2015). The hackers have threaten to sell customer information on the dark web if the ransom isn’t paid, but there is no guarantee that even if the ransom is pay they won’t sell or post it on the dark web. The database that the hackers sent as part of the ransom seems to have credit checks from over 400,000 of its customers. Since the investigating is still ongoing TalkTalk is not sure how many customers were affect or what data was stolen.

This breached happened, because of vulnerability called an SQL injection.  A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application (SQL Injection, 2014). When this attack is successful it can give the attacker administrative privileges on the database. The SQL injection vulnerability was posted on the website Xssposed.org. The attacker then became public knowledge allowing hackers to use this vulnerability to steal information.

TalkTalk has issues one year of free credit monitoring services. Again companies don’t take cybersecurity seriously. When you have a website that has vulnerabilities and you don’t take care of them this can happen. This is especially true when the website ties back to a database that houses all their customers’ information. It is good to see they are taking security seriously now, but just like Target they are too late.

References

Krebs, B. (2015, October 24). Krebs on Security. Retrieved October 24, 2015, from http://krebsonsecurity.com/2015/10/talktalk-hackers-demanded-80k-in-bitcoin/

SQL Injection. (2014, August 14). Retrieved October 24, 2015, from https://www.owasp.org/index.php/SQL_Injection

America's Thrift Store Breach Week 7

Entering week seven there has been a credit card breach at America’s Thrift Stores. America’s Thrift Stores headquarters is based in Birmingham, Alabama and also have stores in Mississippi, Tennessee, Georgia and Louisiana (Krebs, 2015). They have a total of 18 stores throughout the states listed above. Hackers are now targeting any businesses that have vulnerabilities to get credit card or any personal information from. No one is safe from attackers or malware no matter how big or small.

America’s Thrift Store was attacked by malware that was used to steal credit card information. This special malware targeted a third party software vulnerability. The malware that attacked America’s Thrift Store also has been infecting other stores throughout the United States. It seems that the malware was used by criminals in Eastern Europe, because that’s where the U.S Secret Service found the information was sent too. The hackers only got away with credit card numbers and expiration dates of the cards. The incident happen on September 1, 2015 and September 27 (LeClaire, 2015).  America’s Thrift Store is not going to give their customers any credit monitoring protection. America’s Thrift Store has verified they have removed the malware and will work with a third party forensic company to get more details about the breach.

The surprise this week is that malware was used to steal credit card information. In the past six weeks hackers have broken in to steal personal information, but haven’t used malware. Another interesting part of the story is that the malware targeted third party software. Most companies today are eliminating third party providers. Target was hacked through their HVAC company they hired. From experience most companies should stay away from integrating third party providers in with their software and network as this adds more risk to having a breach. The good thing is customer names, phone numbers, physical or e-mail addresses were not compromised in the breach (LeClaire, 2015).

References

Krebs, B. (2015, October 12). Krebs on Security. Retrieved October 17, 2015, from http://krebsonsecurity.com/2015/10/credit-card-breach-at-americas-thrift-stores/

LeClaire, J. (2015, October 14). America's Thrift Stores Hit by Data Breach, Payment Cards Compromised | NewsFactor Network. Retrieved October 17, 2015, from http://www.newsfactor.com/story.xhtml?story_id=0320011MKY80

Scottrade Breach Week 6

Going into week six there has been more stories to choose from. This week I'm going to focus on story that involves a well know online brokerage firm. Seems like even well know companies are getting breached. Online companies need a higher budget for security as they are more likely to get attacked. This week’s blog entry will give an overview of the story and what the company needs to do moving forward.

Scottrade was informed by the FBI that they may have been breach around two years ago. “The system that was hacked contain Social Security numbers, email addresses and other sensitive data” (Kirn, 2015). They believe that people’s contact information was targeted. This would include the names and street addresses of their clients. Scottrade says that the attackers may have been after this information because they wanted to facilitate stock scams via spam emails (Krebs, 2015). Scottrade says their client passwords are fully encrypted and there has not been any fraud related to the incident. They are providing their affected customers with a free year of credit monitoring.

The question everyone should be asking is why it took two years to discover they had been breached. Customers of Scottrade may need to rethink if they want to keep doing business with a company that didn’t find a breach on their network for two years. On top of that why did Scottrade have to find out from the FBI? After reviewing the information it seems they do not have proper security measures setup. Honestly, even if their passwords are encrypted and none of them have seemed to be stolen, Scottrade should make all users changed passwords for security reasons.

Not knowing how the attackers got in and took the information it’s tough to say how this could have been prevented. Security breaches are costing companies in the millions each year because of lax security. How much it is going to cost Scottrade? They have to provide credit monitoring services for about four and half million people. According to creditcard.com it can cost 10 to 15 dollars a month or 120 to 180 a year (Johnson). If you take that number times four and a half million the total amount just for credit monitoring services comes in at eight hundred and ten million dollars. That number is just for the credit monitoring services it may end up costing them almost a billion dollars, which could have possibly been avoided if there had been more security in place. Part of the reason it may cost them over a billion dollars is because they will have to pay a third party forensics team and the FBI for researching the breach. 

References

Kirn, J. (2015, October 8). Scottrade faces lawsuit over security breach. Retrieved October 10, 2015, from http://www.bizjournals.com/stlouis/news/2015/10/08/scottrade-faces-lawsuit-over-security-breach.html

Krebs, B. (2015, October 2). Krebs on Security. Retrieved October 10, 2015, from http://krebsonsecurity.com/2015/10/scottrade-breach-hits-4-6-million-customers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed: KrebsOnSecurity (Krebs on Security)

Johnson, A. (n.d.). Credit monitoring services: Pros, cons and how to pick one. Retrieved October 10, 2015.

Hotel Breach Week 5

After four weeks of blogging, there has been a data breach at a school, hospital, and a physician's office. No one is safe from attackers wanting personal and credit card information. Anyone is vulnerable from department, grocery, and even clothing stores.  This week the Hilton Hotel has been breached. 

The breach happened on April 21, 2015 and continued through July 25, 2015. This happened at Hilton and other Hilton owned properties such as Embassy Suites, Doubletree, Hampton Inn and Suites, and Waldorf Astoria Hotels and Resorts. They have determined the breach didn't happen on their guest reservation system. “Rather, sources say the fraud seems to stem from compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties” (Krebs, 2015).

According to Visa’s policy they are not allowed to disclose who was breached. Since the name was not disclosed banks worked together and determined that the Hilton Hotels were breached. There are no other details as they are still investigating the breach.

When I started this blog I honestly thought that I might have some difficulty writing, but I’m amazed that there are so many breaches happening. Is this the same thing that happened to Target a year ago? Does Hilton take information security seriously? They say in the article that they do, but could this have been avoided? People were lucky that credit and debit cards were the only things that were taken. It is easier to close a credit card then have someone steal a social security number, address and birthdate.

References

Krebs, B. (2015, September 15). Krebs on Security. Retrieved October 2, 2015, from http://krebsonsecurity.com/2015/09/banks-card-breach-at-hilton-hotel-properties/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed: KrebsOnSecurity (Krebs on Security)

Hospital Data Breach Week 4

A data breach happened back in August at a physician’s office in Vermont. This data breach was not through the internet, but from a burglary. In the past weeks I have discussed data breaches over the internet, but not any physical ones. Companies are worried about data being stolen over the internet, but they also need to worry about physical break in’s as well.

About two thousand patients’ medical records are being exposed.  This includes patient names, dates of birth, Social Security numbers and Medicare/Medicaid numbers (Burglary of Vermont Medical Practice Reported). Since the break in the physician’s office has installed security cameras, they are going to encrypt the computers and train employees on data security. They have also given patients one free year of credit monitoring and identity theft repair as well. The good thing is that the doctor’s office had an identity theft insurance policy!

Why didn’t they have cameras install and the computers encrypted before the break in? Every business should have security cameras install, especially doctors’ offices and businesses that deal with people’s person information. It shouldn’t take a data breach to make businesses increase their security. After four weeks its becoming apparent that companies in both the physical and virtual aspect aren’t prepared for data breaches. I keep asking the same questions every week.

References

           

Burglary of Vermont Medical Practice Reported: PHI of 2,000 Patients Exposed - HIPAA Journal. (2015, September 16). Retrieved September 25, 2015, from http://www.hipaajournal.com/burglary-of-vermont-medical-practice-reported-phi-of-2000-patients-exposed-8103/ 

School Breach week 3

A data breach has happened at the vendor of Cal State called We End Violence. This is a vendor that is recommended by the White House. Students at eight California State University campuses had information such as their login names, course passwords, campus email addresses, gender, race, ethnicity, relationship status and sexual identity stolen when the Agent of Change website provided by vendor We End Violence was hacked (Derespina, 2015). There were about 80,000 students that were exposed in the hack. Students got lucky because no driver’s license numbers or social security numbers were stolen.

Once We End Violence found out about the hack they shut down their website two days after the incident. Any students that had their information stolen were alerted by the university. Cal State has given the students new usernames or login names and passwords. The vendor has contacted a third-party company about launching a forensic investigation.

This data breach could have been a lot worse than it was. Since the forensic investigation is still ongoing, there are no details as to why the hack happened. It is interesting to see that a third party vendor was hacked and not the actual college itself. Some data breaches occur this way. The hacker gets into the vendor’s system and pulls data from all their customers. So not only does the company have to be secure, but they have to make sure their vendors are secure as well. The university said, "Protecting student data and personal information is a top priority of the California State University (CSU)" (Eng, 2015).  It’s good to see that the university cares about the personal information of their students.

References

Derespina, C. (2015, September 11). Nearly 80,000 college students affected by data breach. Retrieved September 18, 2015, from http://www.foxnews.com/us/2015/09/11/nearly-80000-college-students-affected-by-data-breach/

Eng, J. (2015, September 10). Info on 79K Cal State Students Exposed in Hack of Third-Party Vendor. Retrieved September 18, 2015, from http://www.nbcnews.com/tech/security/info-79k-cal-state-students-exposed-hack-third-party-vendor-n425146

Health Records Breached Week 2

Earlier this week Excellus BlueCross BlueShield and another partner company had 10 million health records exposed. The breach follows Anthems this year in January with 80 million health records. Other health insurance based companies are being targeted as well. It's become such a large problem that law enforcement began warning health care industry companies last year that they may face an increased risk of data breach attacks (Hautala, 2015)

            It took Excellus over a year and a half to find out they had been breached. The companies said unauthorized computer access was discovered Aug. 5, and further investigation revealed that the initial attack occurred on Dec. 23, 2013 (Hack of Health Insurer Excellus May Have Exposed 10M Personal Records.). Excellus is not sure at this time if any of the information stolen had been sold or used.

            My question is if law enforcement warned them about data breach attacks why didn’t they increase their security? To me it seems the health insurance companies don’t have proper security measures setup for protecting their customer’s data. Would you trust these companies with your personal information? I know I wouldn’t trust them with my personal information if they have no way of keeping it safe. Excellus is doing the right thing by providing free credit monitoring for two years.

            I wonder how and when more of these incidents are going to happen? When will companies learn, the less you spend on security the more it will cost you when there is a data breach. I heard once from a security conference that if company a spent that extra 100,000 on security equipment it would have saved them 2.5 million when they got breached.

References

Hautala, L. (2015, September 10). Data breach exposes 10M health records from New York insurer - CNET. Retrieved September 12, 2015.

Hack of Health Insurer Excellus May Have Exposed 10M Personal Records. (2015, September 9). Retrieved September 12, 2015.

Company Data Breaches

On the news anymore it seems that you keep hearing about data breaches, mostly hacking! Ashley Madison is a more recent one that was high profile and got a lot of attention. Two other high profile data breaches were Anthem and OPM. Those are just the high profile ones. Here is a pdf of data breaches so far in 2015 http://www.idtheftcenter.org/images/breach/DataBreachReports_2015.pdf! I bet you didn't know that many companies were breached this year!

           

In 2014, we heard about Home Depot and the Target breach. The number of data breaches per year has increased from 2014. There seems to be a trend in that the data breaches per year keeps growing. Here http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html they have a chart of how hacking has increased in the past seven years.

The number one reason why business are being hacked are because of lack of security. Why don't companies spend more money on security? You would think after all the hacks in the news, companies would invest more in their InfoSec division to prevent this lost. I think that companies are starting to realize how important information security is.

I will be keeping this blog updated with data breaches and why they happened as the weeks go on. I look forward to keeping track of data breaches and see how the trend develops. We will get to see if companies are hardening there security in the coming weeks.