Hackers Stole Anthem Data for Espionage; Not Fraud
The colossal data breach suffered by Anthem Inc., appears to have occurred for reasons related to espionage, not financial gain, according to Symantec. Hackers often break into healthcare databases to steal patient health data and Social Security numbers, which have a high value on the black market. The data can be used to commit identity fraud, file false tax returns, and obtain credit in the names of victims; but that is not the only way data can be used. Human intelligence (HUMINT) has the potential to be much more valuable. The Anthem cybersecurity attack has been linked to a group of hackers operating under the name of Black Vine. Black Vine hackers are well-funded, operate out of China, and are understood to have ties to the Chinese Government, although this is understandably denied by Beijing. The group has previously been linked to major security incidents throughout the U.S., conducted on aviation companies, gas turbine manufacturers, military installations, the financial sector, and some healthcare organizations. Black Vine is not known to engage in cybercrime for...
Email Error Results in Massachusetts General Hospital Data Breach
The spate of employee emailing errors continues, with the latest entry in the Office for Civil Rights “Wall of Shame” being a recent Massachusetts General Hospital data breach; another example of how a simple mistake can result in the Protected Health Information of hundreds of patients being exposed. The latest Massachusetts General Hospital data breach exposed the data of 648 patients, and included patient names, laboratory test results, and a limited number of Social Security numbers, although no insurance information or financial data were exposed. The security incident involved an email that was inadvertently sent to an incorrect recipient; potentially disclosing patient data. The error was identified promptly and the hospital made several attempts to recall the message, but those attempts proved to be unsuccessful. Deborah A. Adair, Massachusetts General Hospital’s Privacy Officer, confirmed in a letter to New Hampshire Attorney General, Joseph Foster, that no evidence has been uncovered to suggest that the data have been used inappropriately; although the letter did not...
Unauthorized Email Exposes PHI of 855 Advanced Radiology Consultants Patients
On July 24, Advanced Radiology Consultants, LLC., announced a data security event that exposed the data of a small subset of its patients. The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates 855 patients have been affected. The data breach was caused when an employee of the company emailed a list of patients’ PHI to a personal email account. The list of data included patient names, telephone numbers, dates of birth, balance information, patient identification numbers, examination results, treatment information, appointment dates and times, appointment notes, referring physician names, insurance provider, and insurance identification numbers. Advanced Radiology Consultants confirmed in a press release that no Social Security numbers, credit card numbers, driver’s license numbers or financial account information were included in the email. That said, the information that was copied and emailed outside the healthcare providers’ network did contain enough data to enable the employee to file false insurance claims, and...
East Bay Perinatal Medical Associates Data Breach Announced
An East Bay Perinatal Medical Associates data breach has recently been announced, in which names and dates of birth of patients have been exposed. The healthcare provider is now sending notification letters to patients warning them of the privacy violation. The healthcare provider became aware of the breach of personal information on June 2, 2015. The data breach was not uncovered by the hospital; instead it was brought to the attention of East Bay Perinatal Medical Associates (EBPMA) by the Berkeley Police Department as a result of a totally unrelated investigation. 1,494 individuals have been affected according to the HHS breach report. Berkeley Police Discover East Bay Perinatal Medical Associates Data Breach Law enforcement discovered a list of patient names stored on a laptop computer used by an employee of the hospital. An investigating officer alerted the healthcare provider to the potential breach of personal information and the laptop computer was retained by law enforcement. EBPMA’s Information Technology Security Consultant subsequently arranged for the...
Indiana Attorney General Advises Hoosiers to Exercise Extreme Caution after MIE Data Breach
As further details of the MIE data breach emerge, the Indiana State Attorney General, Greg Zoeller, has urged all state residents to exercise extreme caution and put credit freezes on their accounts to protect against identity theft and fraud. The MIE data breach exposed a significant amount of personal and highly sensitive data and is understood to have affected more than 1.5 million individuals in the state of Indiana. In total approximately 4 million records were exposed. High Risk of Fraud and Identity Theft from MIE Data Breach The data breach at Anthem may have exposed about 20 times as many records as the MIE data breach; but what is particularly worrying in this instance is Social Security numbers and health data have been exposed, placing breach victims at a much higher risk of suffering financial losses. Zoeller said, “These are very significant medical records, lab reports, people’s charts essentially online.” Zoeller pointed out that the incident has not just increased the risk of fraud; the information has already been used for fraudulent purposes. He said, “We’re...



