Children’s Medical Clinics of East Texas Week 11

For ten weeks there has been data breaches ranging from physical to malware to cyber. For week 11 this breach happens from inside the company. Patient’s information was breached at Children’s Medical Clinics of East Texas when an employee took unauthorized screenshots of patient records (McGee, 2015).Not only do businesses have to worry about outsider threats they have to worry about insider threats as well.

A former employee took screenshots that were not authorized and sent them to a dissatisfied employee. The employee also took home business documents and did not return them (McGee, 2015).Children’s Medical Clinics of East Texas is not sure what patients records were exposed. This breach could affect over 16,000 patients at the clinic. Children’s Medical Clinics of East Texas is providing free credit monitoring to patients that ask for the service. Children’s Medical Clinics of East Texas is conducting a strict internal audit and may possibly upgrade security systems with guidance from Health and Human services (McGee, 2015).

Insider threats are just as risky as outsider threats. Companies need to review how information is transferred between businesses and how their employees handle information as well. If users need to transfer documents the business needs to be able to track the information. That also goes for USB access and file sharing websites. Screenshots are useful for help desk technicians to solve problems and it would be hard to block those altogether if they are used for other business functions.  The best thing a business can do is to mitigate risk of information being taken.

References

McGee, M. (2015, November 11). Clinic Breach Involved Authorized User. Retrieved November 17, 2015, from http://www.databreachtoday.com/clinic-breach-involved-authorized-user-a-8677

Yellowfront Grocery Store Data Breach Week 10

For week 10 a grocery store in Damariscotta, Maine was the victim of a data breach. The Yellowfront Grocery store was a victim of ram scraping malware. This is the same type of malware that was used in the target breach.  If you think that peoples credit or debit cards are safe at a grocery store think again.

The Yellowfront Grocery store is unsure how many peoples payment cards were stolen during the breach. They have said that over 3,000 cards have been replaced by two different banks, because of the breach at their store. They said that only the track 2 data from cards, which contains card numbers and expiration dates and that no cardholder data was comprised (Abel, 2015). Track 2 data contains the cardholder's account, encrypted PIN, plus other discretionary data (Magnetic Stripe Track 1, Track 2 Data Description). The ram scraping malware was able to steal the data before it was encrypted. It was not said if it was on multiple point of sale or POS systems or just one centralized POS system. The Yellowfront Grocery believes the attacker accessed his store's payment system by logging into it through CSTARS's compromised system (Abel, 2015). They believe that the breached happened between August 11 and October 16, 2015. Since only credit and or debit card information was stolen there is no need for credit monitoring. It is a good thing that banks are replacing every person’s card that was used in the store on those affected dates.

This ram scraping malware is very dangerous software. Once a system is affect it will steal card information out of the computers random access memory or RAM before it gets encrypted to be sent off to the payment processor. This is why it is important that stores and credit card companies work together to encrypt the data through the whole transaction. Any store that processes credit and or debit cards needs to make sure there network is secure. Grocery stores will need to check their security by hiring a contractor or security professional to assess their risk.

References

Abel, R. (2015, October 29). Maines Yellowfront Grocery hit by breach, other stores may be affected. Retrieved November 8, 2015, from http://www.scmagazine.com/yellowfront-grocery-notified-customers-via-facebook-of-pos-breach/article/450345/

Magnetic Stripe Track 1, Track 2 Data Description. (n.d.). Retrieved November 8, 2015, from http://www.acmetech.com/documentation/credit_cards/magstripe_track_format.html

Emergence Health Network Breach Week 9

Another week and another data breach happens. In week 9 a Texas mental health institute was breach. Emergence Health Network in El Paso, Texas was a victim of an internet attack that dates as far back as 2012. Over 11,000 patients were affected from this breach (McGee, 2015). Hospitals and any other institution that hold peoples personal information need to realize that they will be targeted, because of the valuable information they hold.

After finding out about unauthorized activity on the server, Emergence Health Network shutdown the server. Emergence Health Network reported the breach to the U.S. Department of Health and Human Services on October 16^th, 2015. They alerted the authorities and called in a third party to run forensics on the server. The third party company found that the unauthorized access to the server could date back to 2012. The information stored on the server included patients' first and last names, addresses, dates of birth, Social Security numbers, case numbers and information indicating that the individual accessed services from EHN or Life Management Center El Paso, the entity's previous name (McGee, 2015). The third party also found that no data was copied or stolen from the server. The third party company thinks that this attack may have been a way to get to another company’s data.  Emergence Health Network will be providing patients with free credit monitoring depending on the case.

After the breach Emergence Heath Network has went through a security overall. They have improved their firewalls and have even hired a third party company to monitor its network. The real question is why wasn’t Emergence Health Network using better information security protection in the first place. After writing this blog for over 8 weeks it seems companies always add more security after they have been breached. The reason for this is because the security is the lowest on the totem pole, but after a breach it becomes top priority.

References

McGee, M. (2015, October 27). Texas Mental Health Center Hacked. Retrieved November 1, 2015, from http://www.databreachtoday.com/texas-mental-health-center-hacked-a-8631