McAfee Study Investigates How Hackers Exfiltrate Data
A new data exfiltration study has been released by McAfee, which examines the actors and tactics used by criminals to obtain Protected Health Information and other sensitive data, in addition to effective detection and preventative measures employed by companies to thwart cyberattacks and data theft. The report details the commonest methods used by hackers to get data out of systems once access has been gained. Most cybersecurity reports focus instead of how hackers manage to gain access to computer systems. McAfee has instead concentrated on the little-studied area of data exfiltration. Participants in the study were interviewed by the company’s researchers and asked questions about their main security concerns, the threats they face on a day-to-day basis, the tools used to identify data exfiltration, as well as being asked to provide details of how data were actually exfiltrated. The results of the study provide IT professionals around the world with valuable intel, which can be used to determine the most important measures to address security risks and prevent data theft and...
New Data Breaches Reported by Kindred Healthcare and Rite Aid
Two new data breaches have been announced, highlighting the difficulty organizations have in preventing the exposure of Protected Health Information. Even robust physical, technical and administrative controls are oftentimes insufficient to prevent the exposure of sensitive information. It is therefore essential to have a data breach response plan which can be enacted immediately upon discovery of a security breach. Kindred Healthcare Discovers Locks are not Enough to Prevent Device Theft Healthcare providers are required to implement a host of technical controls to prevent the exposure of PHI under HIPAA Rules; however the volume of records stolen in recent months suggest that some healthcare providers fail to adequately physically secure files, medical images, and computer equipment. However, even when files and equipment are secured under lock and key, there is no guarantee that the PHI is safe. Kindred Healthcare, a Louisville, KY. healthcare company that operates a number of hospitals and nursing centers throughout the United States, took a number of steps to secure its...
Glidewell Laboratories Reports Breach of Employee Data
An unauthorized individual has been discovered to have stolen the personal information of a number of employees of James R. Glidewell, Dental Ceramics, Inc., according to a breach notice submitted to the California Department of Justice. The breach notice does not specifically mention whether the security breach was the work of a malicious insider or outsider, although the breach notice hints that the breach was caused by a former Glidewell employee. Glidewell has told employees “we are continuing to explore all available means of legal recourse and plan to pursue civil and/or injunctive relief, as may be appropriate.” Upon discovery of the data breach, law enforcement agencies were notified and Glidewell enlisted the help of external data security experts to conduct an internal forensic investigation. The investigations into the data theft are continuing. Patient data were not exposed in the incident, although confidential data of employees have been stolen. The information that has been compromised includes employee names, addresses, financial account information related to...
PHI of 54K Molina Healthcare Members Stolen by Former CVS Employee
A former employee of CVS, an Over-the-Counter benefits vendor contracted by Molina Healthcare, has been discovered to have stolen the Protected Health Information (PHI) of 54,203 current and former members of Molina Medicare Options Plus HMO SNP. The unnamed employee emailed data from a work computer to a personal email account on March 26, 2015, and while no evidence has yet been uncovered to suggest that data have already been used to make fraudulent claims, affected members do face an increased risk of suffering identity, insurance and medical fraud. According to the breach notification letter issued by Molina Healthcare, the information contained in the emailed file included patients’ full names, CVS ID numbers, CVS ExtraCare Health Card numbers, Rx Plan numbers, Rx Plan State, Plan start and end dates, and Member ID numbers. No financial information or Social Security numbers were exposed in the security breach. Members have been offered credit monitoring services for a year without charge, and have been informed to place alerts on their credit files to protect against...
Senator Calls for Answers over Excellus Data Breach; Lawyers Seek Damages for Victims
The Excellus data breach, first reported earlier this month, potentially exposed the Protected Health Information (PHI) of approximately 10.5 million health insurance subscribers. The Rochester-based insurer is investigating the malware infection that caused the breach, but many victims have been left puzzled over what went wrong, and how their data came to be exposed. On Friday, nine days after the Excellus data breach was announced, New York State Sen. Michael Nozzolio wrote a 4-page letter to the health insurer demanding answers. The data breach is understood to have affected 7 million health insurance subscribers, in addition to 3.5 million customers of its affiliates, Lifetime Healthcare Companies. Excellus BlueCross BlueShield is in the process of notifying all affected individuals about the exposure of their PHI, yet the information provided so far has been insufficient, according to the senator, who claims the company “has not been sufficiently transparent, nor comprehensive.” The letter, posted on the New York Senate website, says “Victims of this cyberattack simply have...



