The Week in Breach: 5/14/18 – 5/20/18
The Week in Breach: 5/14/18 – 5/20/18
Breach news to share with your customers!
Highlight’s from The Week in Breach:
- Ransomware still plaguing state and local agencies
- Accidental data disclosures on the rise
- AWS implementation flaws create security flaws compromised
Breach activity remained strong over the past week. Enterprise exploits held steady as expected; however, we’ve seen a resurgence in state actor-led attacks downstream targeting mid-market and SMB. Largely credential-based stuffing and phishing attacks, they have proven highly effective and will undoubtedly grow over the coming months.
Check out the post on Health Data Breaches at the end of this week’s report. The number of health data breach victims reported to Federal agencies in 2018 has doubled in recent weeks to more than 2 million.
What We’re Listening to This Week:
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!
The New 1st State… In Cyber that is…
Maryland becomes the first state in the nation to offer businesses tax credits for purchasing cybersecurity equipment and services. It’s promoting programs to encourage young women to pursue careers in tech (cyber in particular), as well. Kudos to Governor Hogan, we are proud to be based in a forward-thinking state!
Fail of the Week! Comcast Xfinity!
If Comcast created its own version of Verizon’s Data Breach Investigation Report (DBIR), do you think they would report on this?
TeenSafe App… Not Really Keeping Your Teens Safe
And I quote, “…for a hacker, even a child’s phone is a treasure trove of data that can be used against their will.” Yikes.
The Breach Rundown
Manufacturing
Worcester Bosch (British boiler maker)
Small Business Risk: High (Malware/ Forensics, Brand Reputation/ Loyalty)
Exploit: Suspected Phishing, Malware Injection
Risk to Individuals: Low (Limited/ Low-value PII)
What you need to know: This incident demonstrates that organizations across all industries are indiscriminately targeted by automated compromise services. Damage, as it relates to this particular incident, is largely breach forensics, reputation and monetary loss.
Worcester Bosch (British boiler maker)
Date Occurred/Discovered | May 13, 2018 |
Date Disclosed | May 14, 2018 |
Data Compromised | Home addresses of customers of “tens of thousands of customers” |
How it was Compromised | A “systems issue” on Sunday morning caused multiple emails with addresses and names of customers to be sent out by accident |
Customers Impacted | Exact number uncertain, but noted to be “tens of thousands” |
Attribution/Vulnerability | Undisclosed at this time |
Healthcare
Boston Dental
Small Business Risk: High (Forensics, Brand Reputation/ Loyalty)
Exploit: Database & Security Misconfiguration
Risk to Individuals: High (Exploitable/High-value PII)
What you need to know: Not much was publicly disclosed about the misconfiguration or how long the data was exposed. I’m sure we’ll see more on this incident in the coming weeks.
Boston Dental (Las Vegas-area dental group)
Date Occurred/Discovered | Discovered March 13, 2018 |
Date Disclosed | May 14, 2018 |
Data Compromised | The breached data included health insurance information, Social Security numbers and birth dates. |
How it was Compromised | The information of patients was inadvertently posted on Cambridge Dental Consulting Group’s public website, A caller from the U.S. Department of Health and Human Services notified the company on March 13 that it had downloaded the information. |
Customers Impacted | 3 percent of patients from any of the 19 Boston Dental offices plus Diamond Lake Dental in Hemet, CA |
Attribution/Vulnerability | Undisclosed at this time |
https://www.reviewjournal.com/life/health/data-breach-affects-dental-patients-in-las-vegas-area/
Public Sector
LA County
Small Business Risk: High (Forensics, Reputation/ Public Trust)
Exploit: Database & Security Misconfiguration, Poor Security Controls
Risk to Individuals: High (Exploitable Credentials/ High-value PII)
What you need to know: This is an alarming incident for several reasons.
- Basic Cloud Services Misconfiguration
- Poor Credential Encryption Hygiene
- Poor Data Storage/ Data at Rest Encryption
- Poor Data Loss Monitoring
LA County Social Service Hotline (211)
Date Occurred/Discovered | Discovered: UpGuard, a cybersecurity firm based in Mountain View, Calif., said it notified the county in April 2018. |
Date Disclosed | May 2018 |
Data Compromised | UpGuard discovered exposed Social Security numbers, addresses and sensitive notes about calls regarding mental health and abuse. The data also contained records for 3.5 million calls and a substantial amount of personally identifiable information that included 33,000 Social Security numbers and in many cases full names and addresses — as well as detailed notes for 200,000 calls logged between 2010 and 2016 |
How it was Compromised | It was not immediately clear whether any unauthorized people accessed the data, which was kept in a cloud storage repository maintained by 211 L.A. County, the nonprofit group that operates the county’s 211 hotline. |
Attribution/Vulnerability | UpGuard officials indicated that the information discovered included names, email addresses and weakly encrypted passwords of users operating the 211 system, potentially opening them to attack. He said it was available for public download from an Amazon web server. UpGuard officials said that if an administrator incorrectly configures permissions for the data it stores with Amazon, accessing the data can be “as simple as typing a URL”, which is what happened in this case. |
http://www.latimes.com/local/lanow/la-me-ln-211-data-20180515-story.html
Public Sector
Greenwood, SC
Small Business Risk: High (Ransomware, Bitcoin Payment, Forensics, Reputation/ Public Trust)
Exploit: Ransomware, Security Misconfiguration, Poor Security Controls
Risk to Individuals: High (Exploitable Credentials / PII)
What you need to know: Ransomware exploits are plaguing poorly resourced and defended public sector systems. The data extracted email addresses, passwords and home addresses and can be used to create highly effective phishing campaigns.
Greenwood, SC Commissioners of Public Works (CPW)
Date Occurred/Discovered | Occurred May 16, 2018 |
Date Disclosed | May 18, 2018 |
Data Compromised | The hackers were able to see a data table that contained email addresses, CPW customer and account numbers, and passwords. However, officials said no personal identifying information, such as social security and driver’s license numbers, credit card information and addresses, was compromised. |
How it was Compromised | Foreign hackers accessed CPW’s online customer portal. The hackers used ransomware and demanded CPW pay via bitcoin. Instead, the utility disabled portal access and took related systems offline |
Attribution/Vulnerability | Outside actors / undisclosed at this time. |
Health Data Breaches are on the Rise
The number of health data breach victims reported to Federal agencies in 2018 has doubled in recent weeks to more than 2 million.
The largest breach of the year so far involved a break-in at a California government office that affected 582,000 individuals. The agency reports the “unauthorized access/disclosure” incident to OCR in April. In a statement posted on the agency’s site, DDS says “trespassers ransacked files, vandalized and stole state property and started a fire” at the agency’s Sacramento legal and auditing offices. The offices contained PHI of about 582,000 individuals, plus personal information of about 15,000 employees at the agency’s regional centers, service providers, and applicants seeking employment with the department, the statement says. After the break-in, DDS discovered a number of paper documents and compact discs were either displaced or damaged from the fire and the sprinklers. DDS says it has no evidence that personal and health information was compromised due to the incident. Also stolen in the break-in were 12 laptop computers owned by the state. Those computers, however, were encrypted, the statement notes.
The incident involving the California DDS is one of 57 breaches reported in 2018 so far that are described as “unauthorized access/disclosure” cases. In total, those incidents have impacted 1.1 million individuals; about half of those breach victims were impacted by the California DDS break-in.
As of Thursday, the Department of Health and Human Services’ HIPAA Breach Reporting Tool website – commonly called the “wall of shame” – showed that 124 breaches have been reported to HHS so far in 2018. About 30% of those breaches – 38 incidents – have been posted to the website since April 17, the last time Information Security Media Group analyzed the federal breach tally.
By far the largest of breach ever posted on the wall of shame is a hacking incident reported in 2015 by health insurer Anthem Inc., which impacted 78.8 million individuals.
The Five Largest 2018 Breaches, So Far
Name of Entity | Individuals Affected |
California Dept. of Developmental Services | 582,000 |
Oklahoma State University Center for Health Sciences | 280,000 |
St. Peter’s Ambulatory Surgery Center | 135,000 |
Center for Orthopaedic Specialists | 82,000 |
Tufts Associated Health Maintenance Organization | 70,000 |
Source: U.S. Dept. of Health and Human Services
Hacking Incidents
Meanwhile, the wall of shame shows 36 hacking/IT incidents posted so far in 2018, impacting about 41 percent of the total number of people affected – or about 812,000 individuals.
The second largest incident posted to the federal tally so far in 2018 – and the biggest “hacking/IT incident” posted to date this year – was reported by the Oklahoma State University Center for Health Sciences. That incident reported in January but discovered in November 2017, impacted nearly 280,000 Medicaid patients.
Another hacking incident recently posted on the wall of shame is a breach impacting nearly 82,000 individuals reported by the California-based Center for Orthopaedics Specialists on April 18. That incident involved a February ransomware attack on the center’s computer network.
Thefts and Losses
Another common cause of breaches posted on the wall of shame this year are losses or thefts. So far this year, 27 such incidents impacting a total of 79,000 individuals have been listed. Of those, 21 incidents involved laptops and other electronic devices. The rest involved paper/film.
While the wall of shame is still splattered with 2018 breach reports involving the loss or theft of unencrypted computing devices, far fewer of those major incidents are being reported now compared to several years ago when those cases were the No. 1 culprit in many of the largest breaches appearing “wall of shame” breaches. The wall of shame has likely seen fewer big breaches in recent years involving lost or stolen unencrypted devices because of improved awareness and security practices involving mobile devices.
Credit: https://www.govinfosecurity.com/health-data-breach-tally-latest-additions-a-11013
MSP Partners, please feel free to share this information with your customers!
Are you looking to see how Dark Web ID™ can help you protect your customers’ credentials? Learn about ID Agent’s Partner Program now!