Women’s Health Group of Pennsylvania Notifies 300,000 Patients of Ransomware Attack



A data breach at one of Pennsylvania’s largest health networks has sparked safety concerns and questions regarding why it took several months for patients to be notified.

The Women’s Health Care Group of Pennsylvania, which is based in Oaks, Pennsylvania but has 45 offices serving women in Montgomery, Chester and Delaware Counties, sent a letter to patients this month informing them that hackers had stolen their information. That information included patient names, birth dates, social security numbers, pregnancy histories, blood type information and medical diagnoses.

The following notice, posted on Women’s Health Group’s site on July 18, indicates that this was a ransomware attack:

Notice of Security Breach Incident

Posted: July 18, 2017

On May 16, 2017, we discovered that a server and workstation located at one of our practice locations had been infected by a virus designed to block access to system files. Upon discovering the virus, we immediately removed the infected server and workstation from our network and began an investigation with the assistance of an expert computer forensics team to determine how the virus made it onto our systems and the extent to which the virus may have affected any of our data. Local Federal Bureau of Investigation authorities were contacted and a report was filed.

As part of our investigation, we learned that external hackers gained access to our systems, as far back as January 2017, through a security vulnerability. We also believe the virus was propagated through this vulnerability. Although this security vulnerability allowed access to limited patient information and the virus encrypted certain files, we have been unable to determine if any specific information was actually acquired or viewed in connection with this incident. In addition, the encrypted files were promptly restored from our back-up server and the incident had no effect on our ability to continue to provide patient care nor was any information lost.

The types of files that could have been accessed may have included information about a patient’s name, address, date of birth, Social Security number, lab tests ordered and lab results, telephone number, gender, pregnancy status, medical record number, blood type, race, employer, insurance information, diagnosis, and physician’s name. No driver’s license, credit card or other financial information was stored in any files on the infected server.

Individuals whose information may have been affected by this incident will receive a letter informing them of this incident, with instructions on steps they can take to receive free credit monitoring and identity theft protection services for a year. We recommend these individuals review all financial account information closely and report any fraudulent activity or suspected incident or identity theft. We have set up a call center with a toll-free help line for individuals who have questions about this incident. The phone number is (877) 534-7033. The call center is staffed weekdays Monday through Friday from 9:00 AM to 9:00 PM (EST) and Saturday and Sunday from 11:00 AM to 8:00 PM (EST)

We sincerely regret any concerns or inconvenience this incident may cause our patients. Maintaining the integrity and confidentiality of our patients’ personal information is very important to us and we are conducting a comprehensive internal review of our information security practices and procedures to help prevent such events in the future.

Update: When this incident appeared on HHS’s breach tool, it was reported as impacting 300,000 patients.

Continue Reading

New Ransomware Threatens to Send Your Internet History & Private Pics to All Your Friends



After WannaCry and Petya ransomware outbreaks, a scary (but rather creative) new strain of ransomware is spreading via bogus apps on the Google Play Store, this time targeting Android mobile users.

Dubbed LeakerLocker, the Android ransomware does not encrypt files on victim’s device, unlike traditional ransomware, rather it secretly collects personal images, messages and browsing history and threatens to share it to their contacts if they don’t pay $50.

Researchers at security firm McAfee spotted the LeakerLocker ransomware in at least two apps — Booster & Cleaner Pro and Wallpapers Blur HD — in the Google Play Store, both of which have thousands of downloads.

To evade detection of malicious functionality, the apps initially don’t contain any malicious payload and typical function like legitimate apps.

But once installed by users, the apps load malicious code from its command-and-control server, which instructs them to collect a vast number of sensitive data from the victim’s phone — thanks to its victims granting unnecessary permissions blindly during installation.

The LeakerLocker ransomware then locks the home screen and displays a message that contains details of the data it claims to have stolen and holds instructions on how to pay the ransom to ensure the information is deleted.

The ransom message reads:

All personal data from your smartphone has been transferred to our secure cloud. In less than 72 hours this data will be sent to every person on your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50. Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won’t affect your data in the cloud.

Although the ransomware claims that it has taken a backup of all of your sensitive information, including personal photos, contact numbers, SMS’, calls and GPS locations and browsing and correspondence history, researchers believe only a limited amount of data on victims is collected.

According to researchers, LeakerLocker can read a victim’s email address, random contacts, Chrome history, some text messages and calls, take a picture from the camera, and read some device information.



All the above information is randomly chosen to display on the device screen, which is enough to convince the victims that lots of data have been copied.

Both malicious apps have since been removed by Google from the Play Store, but it is likely that hackers will try to smuggle their software into other apps.

If you have installed any of the two apps, uninstall it right now.

But if you are hit by the ransomware and are worried about your sexy selfies and photographs being leaked to your friends and relatives, you might be thinking of paying a ransom.

Do not pay the Ransom! Doing so motivates cyber criminals to carry out similar attacks, and there is also no guarantee that the stolen information will be deleted by the hackers from their server and will not be used to blackmail victims again.


Article by: Mohit Kumar Continue Reading

White Blossom Care Center Notifies Residents of Data Security Incident



From their press release:

White Blossom Care Center (“White Blossom”) announced today an incident that resulted in the exposure of certain resident information at its facility in San Jose, Calif. It is important to note that, based on the available information, we have no specific evidence that any potentially exposed data has been used inappropriately.

What happened.

We recently received a report that a former White Blossom employee had improperly acquired resident data while employed at the facility. We immediately engaged an independent technical security expert to investigate and contacted state and federal law enforcement; we have continued to work closely with them on their investigation.

What information was involved.

Based on the available information, we believe data relating to approximately 800 residents may have been inappropriately acquired by the former White Blossom employee. We do not know when this took place. We currently believe that a limited number of the inappropriately acquired files contained some combination of resident names with social security numbers, dates of birth, health insurance carrier and account numbers, and/or limited medical information, such as admission dates, diagnoses, medications, and/or procedures. It is important to note that, based on available information, no bank account numbers or any other financial information is impacted.

What we are doing.

We recognize the trust that our residents place in us and have committed ourselves to taking steps to prevent this type of incident from happening again. Although our data systems have always contained safeguards to protect personal information, we are enhancing data security by resetting employee computer user accounts and passwords and reconfiguring our computer systems to further limit access to already-restricted sensitive resident data. We will continue to work with our independent technical expert to ascertain if additional improvements can be made. Additionally, although we have no specific evidence that any potentially exposed data has been used inappropriately, we are offering identity theft protection services to affected individuals in an abundance of caution.

What you can do.

The social security number of a limited number of individuals affected by this incident may have been exposed, and we therefore recommend that, in addition to enrolling in the services outlined above, you place a fraud alert on your credit files. A fraud alert requires potential creditors to use “reasonable policies and procedures” to verify your identity before issuing credit in your name. This fraud alert will automatically renew every 90 days. You can place a fraud alert by calling one of the three credit reporting agencies at the telephone number provided below. The company you call should contact the other two credit reporting agencies, so you should be able to place an alert with all three agencies through a single phone call. You will receive letters from all three agencies, confirming the fraud alert and letting you know how to obtain a free copy of your credit report from each agency. If you do not receive a letter from each agency, you may choose to contact the additional agencies to place individual fraud alerts.

Experian 1-888-397-3742

Equifax 1-800-525-6285

TransUnion 1-800-680-7289

When you receive your credit reports, look them over carefully. Look for accounts you did not open, inquiries from creditors that you did not initiate, and for personal information, such as home address and Social Security number, that is not accurate. If you see anything you do not understand, call the credit reporting agency at the telephone number on the report. If you do find suspicious activity on your credit reports, call your local police or sheriff’s office and file a police report of identity theft.

For more information.

We take our obligation to protect the personal and medical information of our residents very seriously and sincerely apologize for any inconvenience and concern this may cause. If you have any questions regarding this incident, please call our dedicated toll-free line at 1-888-697-8571, where a team is standing by to assist you Monday through Friday from 6 a.m. to 6 p.m. Pacific Time.

SOURCE: White Blossom Care Center

Continue Reading

Corpus Christi ISD: employee information inadvertently made visible online



Some Corpus Christi Independent School District employee names and Social Security numbers from late 2016 through early 2017 were inadvertently made visible online, a district news release states.

The Texas Association of School Boards notified the Corpus Christi ISD of the incident, which was discovered May 22.

“All employee information has been taken down,” a district news release states.

The school board association, which administers a group unemployment compensation program for Texas school districts, reports there is no evidence that the personal information was accessed or used in any way, the release states.

Districts officials notified employees via email and online communications, the release states. In CCISD, 6,100 people will receive notification of the incident.

The incident potentially affected employees throughout Texas and other entities that participate in the unemployment insurance program administered by the association.

CCISD is required to send a quarterly report to the association, listing all CCISD employees who received any payment from CCISD for work performed, the release states. The report does not include employee financial information.

The association informed the district the incident included CCISD reports from the fourth quarter of 2016 and the first quarter of 2017.

The association offered those affected one year of credit monitoring at no charge, the release states. It also is in the process of setting up a toll-free information line.

Article: caller.com – by Beatriz Alavarado Continue Reading

Anthem settles data-breach litigation for record $115 million


Anthem has reached a $115 million deal to settle a class-action lawsuit over a 2015 data breach in which hackers stole personal information from 78.8 million employees and current and former members.

The settlement is the largest data-breach settlement ever. As part of the deal, Anthem will offer two years of credit protection to those affected—in addition to the two years of monitoring they already received—and will set aside funding for cybersecurity improvements, including modifying its current cybersecurity systems. It will also set aside $15 million to pay plaintiffs for out-of-pocket costs due to the breach.

The deal comes more than two years after Anthem announced hackers had gained access to its IT system. They stole the names, birthdates, Social Security numbers, addresses, and other information of tens of millions of people.

“As we have seen in cyberattacks against governments and private sector companies including Anthem over the past few years, many cyberthreat actors are increasingly sophisticated and determined adversaries,” the company wrote in a statement. “Anthem is determined to do its part to prevent future attacks.”

The settlement must be approved by a U.S. District Court in California.

Continue Reading

Get in touch

CoreRecon

Talk to us

Did you know?

$32,000 is the average cost per DAY of a cyber attack on a business.