In this week’s breach roundup, read about the latest incidents affecting organizations in the higher education, financial, and healthcare sectors.
University of Connecticut Health Center Reports Incident
According to DataBreach Today, “The University of Connecticut Health Center reports that a former employee inappropriately accessed about 1,400 patient records. Exposed information on those patients included names, addresses, dates of birth and, in some cases, Social Security numbers and health information, according to a notice posted to the hospital’s website. The health center said there’s no evidence that the patient information inappropriately accessed was used for any purpose.
University of Connecticut Health Center requires all employees to undergo training about patient privacy upon hiring and offers continuous training to reinforce the education, according to the notice. As a result of the incident, the health center is evaluating all its education and monitoring efforts. Affected individuals are being offered free credit monitoring services, along with insurance coverage, for two years.”
DDoS: 6 Banks Hit on Same Day
BankInfo Security reported that “six leading U.S. banking institutions were hit by distributed-denial-of-service attacks on March 12, the largest number of institutions to be targeted in a single day, says security expert Carl Herberger of Radware.
The attacks are evolving, and the bot behind them, known as Brobot, is growing, he adds. This recent wave of DDoS attacks has proven to be the most disruptive among the campaigns that date back to September, says Herberger, vice president of security for the anti-DDoS solutions provider.”
“The Brobot has grown, the infection rate has increased, and the encrypted attacks have become more refined,” Herberger says. “As a result, it all is more effective. They’ve clearly gotten better at attacking more institutions at once.”
Radware offers DDoS-mitigation tools to several high-profile clients, including U.S. banking institutions targeted in the recent attacks, Herberger says. As a result, the company has insights about numerous industrial sector attacks as well as online traffic patterns.
Herberger declined to name the institutions affected, citing Radware’s non-disclosure agreements. But according to online traffic patterns collected by Internet and mobile-cloud testing and monitoring firm Keynote Systems Inc., JPMorgan Chase & Co., BB&T and PNC Financial Services Group suffered online outages on March 12. The three banks declined to comment about the attacks or confirm whether they had been targeted this week.
Chase, however, acknowledged an online disruption in a March 12 post to the Chase Twitter feed. The post states: “*ALERT* We continue to work on getting Chase Online back to full speed. In the meantime, pls. use the Chase Mobile app or stop by a branch.” On March 13, the bank came back with this tweet: “We’re sorry it was such a rough day and we really appreciate your patience.”
To view entire news article, visit http://www.bankinfosecurity.com/ddos-6-banks-hit-on-same-day-a-5607
Lost, unencrypted USB thumb drive impacts more than 50k Medicaid providers
SC Magazine disclosed that “a government contractor in charge of building North Carolina’s Medicaid billing system lost a USB thumb drive containing the personal information of thousands of Medicaid providers nationwide.”
How many victims? 1,182 North Carolina providers were affected, but the personal information of more than 50,000 providers nationwide was compromised.
What type of personal information? Provider data included full names, Social Security numbers, addresses, and dates of birth. No patient information was included.
What happened? A USB thumb drive containing the sensitive data belonging to the North Carolina Department of Health and Human Services was lost by an employee of Falls Church, Va.-based CSC (Computer Sciences Corporation) while it was being delivered between facilities.
What was the response? CSC was told by the state department to perform an outside review of its security. The company said that affected providers would be notified this week.
Details: According to a CSC spokesperson, the employee who misplaced the thumb drive worked on the new Medicaid billing system and is currently on administrative leave. An investigation is currently taking place into the matter. CSC has set up a dedicated hotline where providers can reach out with any inquiries.
Quote: “I have instructed CSC that North Carolina expects an independent third-party assessment to assure CSC’s adherence to required security standards,” Aldona Wos, DHHS secretary, said in a statement.
Source: www.wral.com, WRAL TV, “Medicaid contractor loses provider’s personal information,” March 8, 2013.
About Tactical FLEX, Inc.
For nearly a decade, Tactical FLEX, Inc. has taken great pride in providing best-of-breed security solutions to every type of organization around the world. Our wide spectrum of customers demonstrates our sincere commitment to an industry that remains at the forefront of the digital evolution of the world. Information security is our business, and our customers are our greatest asset. Tactical FLEX, Inc. is a trusted security vendor protecting more than 6,000 organizations within every industry in more than 100 countries. Our product Aanval® is the industry’s most comprehensive Snort and Syslog Intrusion Detection, Correlation, and Threat Management console on the market. Aanval supports both Snort and Suricata, as well as virtually any Syslog data source, and is designed specifically to scale from small single-sensor installations to global enterprise deployments.
We invite you to visit our Industry Focus page at http://www.aanval.com/industry to find out how our products and services can aid securing your valuable assets and information.