News Recap: Two Healthcare Cybersecurity Systems Breached

By | September 19th, 2014|Uncategorized|

Small Biz WebinarAccording to USA Today contributor Steve Weisman, and Community Health Systems have experienced recent data breaches.

Last week, officials said they learned that, the site that “hosts the federal insurance exchange on which millions of American have purchased health insurance,” was breached earlier in July, reported TIME’s Denver Nicks. During further investigation, it was found that “hackers had not coordinated an assault to get valuable personal information, but had intended to install malware to allow other computers to control the system for later mass attacks, like a DDOS attack, designed to send so many visitors to a website it overwhelms the site’s ability to function. Investigators said they believe the hack is not the work of another government or government sponsored group.”

In an unrelated attack, Community Health Systems, “a hospital chain with medical facilities in 29 states in which the records of 4.5 million patients of Community Health Systems’ hospitals including names, addresses, birth dates and Social Security numbers were stolen” by Chinese identity thieves using Heartbleed, Weisman reported.

The FBI recently warned that cyber criminals are specifically targeting the healthcare industry. Reuters reporter Jim Finkle mentioned that the FBI sent a warning in April to the healthcare industry, stating that “its systems were lax compared with other sectors, making it vulnerable to hackers looking to access bank accounts or obtain prescriptions.”

Why is the healthcare industry behind in its cyber security measures? How can the industry as a whole become more secure? We’re hosting a webinar on this topic October 21st at 12 PM CT, and would love for you to join. As always, please join the conversation on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Gmail’s 5 Million Usernames + Passwords Leak Affects 100,000 Users

By | September 12th, 2014|Uncategorized|

blog post_091214The story that filled this week’s cyber security headlines involved a leak of nearly five million Gmail addresses and passwords.

Alice Truong of Fast Company, described the leak saying, “A database reportedly containing 4.93 million Google usernames and passwords was uploaded late Tuesday to a Russian bitcoin forum, according to reports from Russian news outlets. A site administrator has since purged the passwords, though email addresses remain intact.” While a leak of this magnitude would seem to be a major concern for users, there is cause to believe a small percentage of those email addresses are current.

Emil Protalinski of The Next Web, quoted a Google spokesperson saying, “We have no evidence that our systems have been compromised, but whenever we become aware that accounts may have been, we take steps to help those users secure their accounts.” Furthermore, “A quick analysis of the text file shows it includes mainly English, Spanish, and Russian accounts, but also that it seems to combine older lists accumulated over a longer period of time.” Protalinski concluded that the number of individuals impacted by this leak is considerably less than the total number released.

In fact, Google claims that “less than 2% of the leaked address-password pairs were current for Gmail,” reported Kashmir Hill from Forbes. That means that there are 100,000 people who have been affected by this leak, all of whom have already been notified by Google, Hill wrote.

Whether or not this leak impacted you or your business, it serves as a reminder to maintain your online security. What are some good habits to protect yourself and your business online? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

For more news and information about passwords, check our related blog posts on the topic.


News Recap: Healthcare Industry Accounts for 44 Percent of Breaches

By | September 4th, 2014|Uncategorized|

medicalEarlier this year, our friends at the Identity Theft Resource Center published their latest breach statistics, showing that the healthcare industry accounted for nearly 44 percent of all breaches. According to Fortune reporter Laura Shin, 2013 “was the first time that the medical industry surpassed all others, and stood in stark contrast to the financial services industry, which represented just 3.7% of the total.”

Shin reports that the “leading causes of a breach are typical for any business: a lost or stolen computing device, an employee error, a third-party snafu.” However, there’s also a different kind of fraud that occurs in the healthcare industry, one that Shin terms “Robin Hood fraud.” In this case, family members knowingly give their insurance to an uninsured family member or friend so they may receive health care.

The effects of medical identity theft are harmful to victims and the industry. Not only can fraudulently altered medical records lead to misdiagnoses, but “clearing up a record corrupted by commingled information costs victims an average of $19,000,” reported Jane Antonio at FireceHealthPayer.

Beyond these fraudulent causes, Shin notes that “one cause has grown in importance: criminal attacks have doubled in the last four years,” according to Ponemon’s Fourth Annual Study on Patient Privacy and Data Security.

How can the healthcare industry better protect against data breaches and “friendly fraud?”  Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.


News Recap: Sophisticated Cyber Attack Targets Financial Infrastructure

By | August 29th, 2014|Uncategorized|

Financial BreachIn this week’s news, there has been a potential breach of multiple major financial institutions. Experts are analyzing the situation in an effort to provide consumers, businesses and other financial institutions with security solutions.

Paula Mejia of Newsweek reported “hackers have stolen gigabytes of sensitive data from JPMorgan Chase and at least four other banks in a series of complex cyber attacks.” Mejia goes on to say, “In mid-August, a group of hackers broke into the banks’ computer networks using top-shelf malware, then nabbed information such as checking and saving account numbers and deleted records, according to a select few briefed on the attacks.”

Fox Business’s, Adam Samson wrote that the cyber criminals who targeted these financial institutions “were trying to send a poignant message: Even the most secure systems can be infiltrated.” Samson explains that beyond the obvious reasons why financial institutions are such high targets, they are also frequently pinpointed for their ability to thwart a variety of attacks, “including frequent distributed denial-of-service attacks that bring their consumer-facing websites to a crawl.”

Laura Lorenzetti of Fortune attributed this most recent attack, among others, to the considerable political tension around the globe. Specifically this attack by Russian hackers was an effort to “retaliate against U.S. imposed sanctions.” Lorenzetti quotes vice president of security solutions at Radware, Carl Herberger, who stated, “In the world of globalization, we will continue to see that for every real world government action, there will be a cyber reaction.”

What do these financial institutions need to do in order to protect their infrastructures and consumer data? How does a breach like this directly impact consumers and what should they do to protect themselves? Tell us what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Consumers are Likely to Share Passwords

By | August 22nd, 2014|Uncategorized|

news recap_082114More than 2,000 consumers were surveyed by Intercede and the results are in: many are sharing passwords with friends, family and colleagues. In fact, 51 percent of those surveyed admitted to sharing usernames and passwords with others, reported Help Net Security.

In addition to sharing passwords, more than half of the respondents are in the good habit of using mobile device passcodes, though more than a quarter admit to sharing these passcodes with others. This puts their device and access to personal information at risk.

The survey also revealed that consumers typically like to be “remembered” on their favorite sites – including banking and financial institutional sites. In fact, “of those that use Amazon and other shopping sites, 21% said they were automatically logged in, while the figures stood at 16% for mobile banking and 12% for PayPal,” reports Help Net Security.

“Keeping your Facebook, Gmail, shopping and financial accounts automatically logged in might be convenient for consumers, but it’s leaving the back door wide open to hackers,” stated Richard Parris, CEO of Intercede. “There are plenty of rich pickings available in email and social media accounts too. Leaving yourself automatically logged in is like leaving the windows of your house wide open while you’re out – it’s time for a new generation of secure identity authentication.”

What are the risks associated with sharing passwords? What’s the harm in telling your username and password to someone – even a close friend or family member? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Energy Industry Concerned about Cyber Security

By | August 15th, 2014|Uncategorized|

Energy post_081514Government concerns about the nation’s cyber security have been making headlines recently. The latest? It lies in the energy sector, following a number of attacks.

Alan Neuhauser of US News shared the growing concerns of the energy industry: “Cyber security leapt onto the list of the top five concerns for U.S. electric utilities this year, yet fewer than a third say they’re prepared to meet the growing threat of an attack, according to a new survey.” Despite the current lack of preparation, many in the industry are “actively moving forward with the deployment of comprehensive asset protection plans following several high-profile cyber and physical threat events.”

Neuhauser mentioned that a “federal analysis reported by The Wall Street Journal in March showed that if only nine of the country’s 55,000 electrical substations were to go down – whether from mechanical issues or malicious attack – the nation would be plunged into a coast-to-coast blackout. One month later, sniper fire knocked out a substation in San Jose, California.”

Rochelle Nadhiri of Breaking Energy reported on similar concerns impacting natural gas companies around the globe. Nadhiri quotes Senior Consultant for Black & Veatch, Cathy Ransom, saying, “The dependence on key operational and informational technology for natural gas transportation and storage is a key part of the U.S. critical infrastructure supporting both residential and commercial customers. Therefore, it is important that gas technology infrastructure be protected from cyber attacks that could disrupt or damage operations.”

What proactive security measures and practices should companies within the energy industry be taking to defend against possible cyber security threats? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Mobile Security at Black Hat Conference

By | August 1st, 2014|Uncategorized|

Mobile Security_080114Mobile security will be a major focus during next week’s Black Hat Security Conference in Las Vegas. During the conference, Mathew Sonik, a 20-year-old security consultant at Accuvant, Inc., along with several others, will be presenting their mobile hacking techniques.

According to Danny Yadron of The Wall Street Journal shared, Solnik and his associates “can take over a smartphone from 30 feet away without alerting the user or the phone company. Then, he can turn the phone into a live microphone, browse its contacts or read its text messages.” Why would a hacker want to do this?

“Smartphones are constantly connected to the Internet, infrequently updated and are challenging to secure,” Solnik explains. “They’re rich targets, recording pictures, names of associates and conversations.”

While all mobile devices have security threats, Android devices tend to be at higher risk for attacks from cyber criminals. In fact, this week, Tereza Pultarova of Engineering and Technology Times reported a particular cyber threat facing Google’s Android mobile devices pulling from a survey of behavior of smartphone users. According to Pultarova, “Sensitive financial and personal information of Android smartphone users could have been accessed by hackers since 2010 due to a previously unknown vulnerability.” Pultarova further reports that the “vulnerability allowed attackers to use malicious software to mimic other, legal apps, thus gaining access to data stored in smartphones without having to request the user’s consent.”

Google quickly offered a patch for the vulnerability, but “a survey of behavior of smartphone users, compiled by mobile phone comparison site, revealed that not only do users not install security software, most of them don’t even have measures in place to protect unauthorized access to the information stored in their gadgets in the case of theft.”

What sort of security measures do phone manufacturers and network providers need to take to protect against these threats? How can consumers protect their information on their mobile devices? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

For more information on mobile security check out our whitepaper, When Good Technology Goes Bad: Evolution of Mobile Technology.

News Recap: Experts Working To Protect Cars From Cyber Attacks

By | July 25th, 2014|Uncategorized|

Car Cyber AttacksThis week, Reuters released news that security experts Chris Valasek and Charlie Miller plan on displaying an “intrusion prevention device” in a prototype vehicle during August’s Black Hat hacking 2014 conference. This prototype will demonstrate ways to keep vehicles safe from cyber attacks.

The automotive industry is finding that cyber criminals are using vehicles’ electronics to their advantage as the Internet of Things (IoT), or the idea that everyday objects have network connectivity and the ability to send and receive data, continues to evolve. Wil Rockall, director at KPMG’s cyber security practice, explains in Information Security just how cyber criminals are using cyber attacks to put drivers in danger.

“These attacks could potentially allow cyber-attackers to penetrate in-car systems, either using physical interaction or also by seizing control through attacks over the Internet; typically a connected car network has over 50 potential access points for a cyber-attacker now, and this will only increase as the level of technology integrated into the car goes up,” explained Rockall. “Three years ago, criminals sought access to vehicles by stealing the keys, but today three-quarters of cars stolen in London are done so without them, principally through electronic methods. It is important that cyber-attacks do not become physical ones because manufacturers are unable or unwilling to design in security.”

Kaspersky Labs recently analyzed potential attack vectors in vehicles and shared ways in which cyber criminals can attack connected cars. One example of an attack vector includes stolen credentials. These credentials could possibly enable a cyber criminal to “install a mobile app with the same credentials and potentially enable remote services before opening up the car and driving it away.”

The device that security experts Valasek and Miller plan to exhibit at the Black Hat conference costs $150 in electronic parts, Reuters reported, “though the real ‘secret sauce’ is a set of computer algorithms that listen to traffic in a car’s network to understand how things are supposed to work.” Valasek explained that the device has the ability to detect traffic anomalies when an attack occurs and blocks rogue activity.

How can the automotive industry better protect against cyber criminals’ attacks? What other everyday objects or devices are at the risk of being hacked? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Keep An Eye Out For Medical Identity Theft

By | July 18th, 2014|Uncategorized|

Medical PostWhile credit card fraud and identity theft have been hot topics over the past year due to a spate of massive data breaches, experts warn that medical identity theft should not be overlooked. Politico’s David Pittman reports that the Identity Theft Resource Center has identified 353 breaches so far this year across different industries, and almost half have occurred in the health sector.

How exactly are cyber criminals using others’ medical identities for their personal gain? WRCBTV’s Hayley Mason dug into this question with the AARP and found that cyber criminals can “use your insurance to buy medicine, devices and even pay for surgeries in your name.” AARP advises everyone to “make sure that all charges you receive are legitimate and that they correspond with services you actually received.”

Health IT Security’s Patrick Ouellette reported that Robert Wah, president of the American Medical Association and chief medical officer at the health technology firm CSC, believes the healthcare industry is behind the times – and cyber criminals are taking advantage.

“[Criminals] are seeking health records not because they’re curious about a celebrity’s blood type or medication lists or health problems,” Wah said. “They’re seeking health records because they can do huge financial, fraudulent damage, more so than they can with a credit card number or Social Security number.”

Should there be a larger focus on medical identity theft awareness among consumers? How can the healthcare industry ramp up their security efforts? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Cyber Information Sharing Act Moves Past Senate

By | July 11th, 2014|Uncategorized|

SenateThis week, the Senate Select Committee on Intelligence approved the Cyber Information Sharing Act (CISA). While some consider this bill to be a big step towards improving cyber security, others find it controversial.

Gregory McNeal of Forbes explains, “the bill is intended to help companies and the government thwart hackers and other cyber-intrusions. The bill passed by a 12-3 vote, moving it one step closer to a floor debate.” While it was passed with a fairly significant margin, McNeal reports, “Lawmakers have been struggling for years to move cybersecurity legislation. Civil liberties advocates have opposed CISA, arguing that it fails to adequately shield Americans’ privacy. Proponents of the bill say it will help stop attacks by encouraging data-sharing between businesses and the government. The bill achieves data-sharing by protecting businesses from lawsuits if they voluntarily disclose cyberthreat details for the purpose of assisting government or industry partners.”

Russell Brandom of The Verge reports the aim of the bill is to require businesses and government to share information on potential “cyber threat indicators.” Brandom continues by explaining, “Once a company makes a report to the government with information about a threat indicator, CISA would require broad sharing across federal agencies, including with the NSA, which would be given a more central role in threat management under the new scheme. Companies would also be encouraged to monitor their networks to gather more information about the threat.”

Will this legislation be effective in preventing cyber attacks? Should the consumer privacy be a more important part of the legislation? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

For more information on the legislation read, The Latest on Cyber Security Legislation.

Load More Posts