Interestingly, that extcitrix.we11point[dot]com domain, first put online on April 22, 2014, was referenced in a malware scan from a malicious file that someone uploaded to malware scanning service Virustotal.com. According to the writeup on that malware, it appears to be a backdoor program masquerading as Citrix VPN software. The malware is digitally signed with a certificate issued to an organization called DTOPTOOLZ Co. According to CrowdStrike and other security firms, that digital signature is the calling card of the Deep Panda Chinese espionage group.
(AP) -- The Social Security numbers, grades and other personal information of more than 40,000 former University of Hawaii students were posted online for nearly a year before being removed this week, The Associated Press has learned. googletag.cmd.push(function() googletag.display('div-gpt-ad-1449240174198-2'); ); University officials told the AP that a faculty member inadvertently uploaded files containing the information to an unprotected server on Nov. 30, 2009, exposing the names, academic performance, disabilities and other sensitive information of 40,101 students who attended the flagship Manoa campus from 1990 to 1998 and in 2001. A handful of students from the West Oahu campus were included in the security breach.UH-West Oahu spokesman Ryan Mielke said there was no evidence that the faculty member acted maliciously or that any of the information was used improperly. The faculty member, who retired from the West Oahu campus in June, was conducting a study of the success rates of Manoa students, and believed he was uploading the material to a secure server.The university apologized for the incident, saying it was investigating how it happened. It was notifying the former students by e-mail and letters, and has also alerted the FBI and Honolulu police."We are troubled (and) determined to notify everyone according to law and committed to do everything possible in the future to prevent this from happening," UH system spokeswoman Tina Shelton said.The incident is the third major information breach in the UH system since last year. Each time, university officials promised it was strengthening its network systems and working to identify other potential security risks.In the latest breach, UH immediately removed the exposed files and disconnected the server from the network when it was notified of the information breach on Oct. 18 by Aaron Titus, information privacy director of Liberty Coalition, which is a Washington-based policy institute.Google cleared its caches late Thursday, some 11 months after the information was first put online."During that time, theoretically, anybody with an Internet connection could have had access to it. How likely that is ... is anybody's guess," said Titus, who discovered the files under a Google search.Titus said the university's statement that it has no evidence that the personal information was used maliciously was somewhat misleading."Of course they don't have any evidence of misuse, because the bad guys wouldn't tell them if they had," Titus said.UH President M.R.C. Greenwood has discussed the issue with all the chancellors in the 10-campus system, emphasizing the policy regarding security and protection of sensitive information.UH has setup a call center and website for individuals who may have been affected. Those who might be affected by the breach were advised to obtain a credit report and to review financial statements to look for unusual activities.The university system's other major breaches include this summer's incident involving the personal information of 53,000 people - including 40,000 Social Security numbers - who had business with the Manoa parking office. Last year, more than 15,000 students at Kapiolani Community College were warned after an infected computer compromised their information on financial aid applications."There is absolutely no way that we can say this will never happen again, but we are taking every step that's possible to make sure it doesn't happen," which includes upgrading security systems and additional training, Shelton said.Titus said the university could've caught the latest mishap much earlier and quickly blocked any access if it regularly scanned its server for personal information, which takes software that's readily available."That wheel has been invented at low cost," Titus said.UH believes problems will lessen with time because of changes in the use of Social Security numbers. The UH system started to phase out Social Security numbers to identify students in 2002. The numbers are still used to identify students from before that time for transcripts and other requests for information. More information:University of Hawaii-West Oahu: National ID Watch: 2010 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Wellpoint Glitch: Online Security Breach
As with hacking, healthcare organizations are getting better at detecting insider breaches and reporting those breaches to the Office for Civil Rights. These incidents consist of errors by employees, negligence, snooping on medical records, and data theft by malicious insiders. Better HIPAA and security awareness training along with the use of technologies for monitoring access to medical records are helping to reduce these data breaches.
The table below shows the raw data from OCR of the data breaches by the entity reporting the breaches; however, this data does not tell the whole story, as data breaches occurring at business associates may be reported by the business associate or each affected covered entity. Many online reports that provide healthcare data breach statistics fail to accurately reflect where many data breaches are occurring.
The graphs below paint a more accurate picture of where healthcare data breaches are occurring, rather than the entities that have reported the data breaches, and clearly show the extent to which business associate data breaches have increased in recent years. In 2022, more data breaches occurred at business associates than at healthcare providers, and business associate data breaches affected the most individuals. These data highlight the importance of securing the supply chain, conducting due diligence on vendors before their products and services are used, and monitoring existing vendors for HIPAA Security Rule compliance and cybersecurity. In 2023, one of the biggest challenges in healthcare cybersecurity is securing the supply chain.
HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.
Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. On December 2, 2022, employees experienced difficulty accessing data. Third-party cybersecurity experts were engaged to investigate the attack and assist with the breach response and confirmed that malware had been used to encrypt files on...
Our HIPAA breach news section covers HIPAA breaches such as unauthorized disclosures of protected health information (PHI), improper disposal of PHI, unauthorized PHI access by cybercriminals and rogue healthcare employees, and other security and privacy breaches.
The HIPAA breach news reports highlight common areas of non-compliance and new attack vectors used by cybercriminals to gain access to healthcare networks and PHI, the security failings that allowed them to happen, and the measures that have been implemented to prevent them from happening again.
No healthcare organization wants to experience a data breach, but when a breach does occur, lessons can be learned. HIPAA-covered entities can use these breach examples to help train their staff as well as to discover some of the methods other covered entities have adopted to improve data security.
Our HIPAA breach news section is an important source of information about potential security issues that covered entities should be identifying when conducting their own risk assessments. Many of the situations in our HIPAA breach news posts could have been avoided if a risk assessment had identified a vulnerability that was later exploited to gain access to PHI.
Regal Medical Group, a San Bernardino, CA-based affiliate of the Heritage Provider Network, recently announced that it was attacked with ransomware. On December 2, 2022, employees experienced difficulty accessing data. Third-party cybersecurity experts were engaged to investigate the attack and assist with the breach response and confirmed that malware had been used to encrypt files on some of its servers. The forensic investigation confirmed that the attackers gained access to the servers on or around December 1 and exfiltrated files before the ransomware was deployed. The review of those files confirmed they contained the protected health information of patients of Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group, and Greater Covina Medical. The files contained information such as names, phone numbers, addresses, dates of birth, diagnosis and treatment information, laboratory test results, prescription data, radiology reports, health plan member numbers, and Social Security numbers. Regal Medical Group said additional security measures have been implemented...
The Dallas, TX-based home help service provider, Home Care Providers of Texas (HCPT), has recently announced that unauthorized individuals gained access to its network and used ransomware to encrypt files. The security breach was detected on June 29, 2022, when staff members were prevented from accessing files. Leading third-party cybersecurity experts were engaged to investigate the incident and determine the nature and scope of the breach and confirmed that the threat actors had access to its network between June 15, 2022, and June 29, 2022. During that time, files were exfiltrated from the network that contained names, addresses, dates of birth, Social Security numbers, treatment or diagnosis information, and medication information. The delay in issuing notification letters was due to the lengthy process of reviewing all files potentially accessed or obtained to determine which individuals had been affected. That process was completed on November 15, 2022. Affected individuals have been advised to monitor their credit reports, accounts, and explanation of benefits statements for... 2ff7e9595c