Phishing Attack Causes Major Breach
However advanced cybercriminal tactics become, there will always be those who prefer to play it old-school—and sometimes the oldest, most reliable strategies are the ones you’re least prepared for.
However advanced cybercriminal tactics become, there will always be those who prefer to play it old-school—and sometimes the oldest, most reliable strategies are the ones you’re least prepared for.
Oftentimes, a prominent cyber-attack leaves us wondering why the targeted organization didn’t do more to protect themselves. And sometimes this is a correct response, like in the case of the infamous Yahoo breaches, where so many things could have been done differently to prevent the massive fallout that company has experienced as a result of these attacks. Of course, this isn’t the case with all breaches. An organization can take every appropriate step to protect themselves, yet still be a victim. This doesn’t mean that these efforts were a failure; in a world with rapidly increasing numbers of malware and daily cyber-attacks, managing to ward off any portion of an attack is a win. ABCD Pediatrics, a Texas-based practice, recently
We’ve written about the massive Yahoo data breach in this space a few times now. First there was the news of the breach itself and the potential fallout as far as consumer confidence and valuation for the business itself. Then we learned that the breach was even worse than originally reported, with the original breach going back years. At this point, it might seem like all the news has been had out of this particular attack. Well not so fast, as yet again the story of the Yahoo breach continues to provide valuable insights into what organizations might face should they too suffer a breach. Investigation Underway The two previously reported Yahoo breaches occurred in 2013 and 2014. The 2014
Many times in this space we have discussed the results of an organization suffering a breach. These have included the fines an organization receives due to lackluster security practices, or the long-term damage a breach could potentially inflict on an organization’s reputation. Today, we’re going to move our gaze from the aftermath of an attack to it’s beginnings. What does a breach in real time look like, and what are the immediate steps an organization can take to remedy this attack? Meet the Attacker Since the summer of 2016, a hacking group known as “TheDarkOverlord” has been attacking businesses in the healthcare and financial sectors, grabbing private information and using it as a means of extortion. For example, in September
Recently, we discussed the massive impact the Yahoo data breach was having on companies in all fields. At the time of our writing, there were rumors of Verizon beginning to get cold feed out of a proposed merger with Yahoo, potentially costing Yahoo up to a billion dollars. Things were not looking so great. News this week has warranted an update to Yahoo’s plight, however, as it appears somehow things have gotten even worse with the admission that their breach problems might have begun years ago. A Hidden Problem According to a filing Yahoo made to the Securities and Exchange Commission (SEC), Yahoo believes that the attacker who affected at least 500 million accounts first obtained access to their system
Previously we’ve written about breaches caused by outside sources: cyber criminals and the virulent programs designed to rob you of valuable information. These are faceless criminals off in the distance. But what happens when the source of the breach is closer to home? A Florida-based pediatric practice recently had to find out, as Bank Info Security reported. Stolen Information The Pediatric Gastroenterology, Hepatology & Nutrition of Florida recently had a former administrative employee indicted in federal court for alleged identity theft and fraud crimes. This employee, along with two other individuals not associated with the medical office, have been accused of stealing patient information. An indictment document cited by Bank Info Security notes that: “It was a part of the
Data Security Lessons To Learn Right Now Much has been said about the recent Ashley Madison (AM) hack attack, and even more was said about the subsequent data dump of highly sensitive customer information. Are there lessons to be learned from AM? To some extent—the consequences would have been worse had card data not been encrypted. But in the wake of last week’s court ruling that gives the U.S. Federal Trade Commission (FTC) the authority to sue companies for failing to maintain adequate cyber security, it’s obvious that business needs to pay more attention to their security controls. The FTC Is Watching The court decision came in response to the FTC’s lawsuit against Wyndham Worldwide Corporation for digital security failures—storing payment
A random audit program to gauge Phase 2 HIPAA compliance is expected to be underway soon. This round will target business associates, including financial institutions that are typically exempted from HIPAA compliance when they provide what are considered to be typical banking services such as payment processing and credit/loans. But financial institutions that “create, receive, maintain, or transmit” protected health information may now have direct obligations under HIPAA. This round will include both on-site and off-site reviews. Off-Site Audits Off-site audits focus on documentation reviews. These audits typically focus on one of the three mail HIPAA provisions – breach notification, security, or data privacy protocols. Documentation cannot be created after you receive the audit request, so review your policies and
Insider negligence is no longer the number one cause of data breaches in the healthcare industry – cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s new Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and nation-state actors eager to illegally access their valuable data. According to the report’s synopsis: “Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.” The Ponemon study found that
RSA 2015 drew more than 28,000 security-minded people to its latest week-long conference in San Francisco. The key takeaways from the discussions, workshops, and keynotes were highlighted by the tech, business, and mainstream press. The Associated Press coverage pointed out that attending RSA is a particularly sobering experience for those not involved in the security industry. The reporter noted that many breaches are the result of human error – one click on a link in a phishing e-mail, malicious text message, or website can open a network to attack. “Verizon researchers estimate one in five phishing emails were read by their targets and one in 10 persuaded someone to open an attached file,” the reporter noted, adding that the newest
We’re here to discuss your upcoming IT security assessment and compliance audit needs.