Microsoft has pulled its first updates of the year for Office 2010 after reports, mostly from Japan, that they have been breaking Excel.
The updates arrived on January 2 with changes in the Japanese calendar, most likely to reflect the changes coming with the end of Japanese Emperor Tenno Akihito's reign. He is planning to abdicate on April 30, 2019, marking the end of the Heisei era and ushering in an as yet unnamed new calendar era.
As reported by Borncity, Microsoft pulled the January 2019 Office 2010 updates on January 5. All updates for Excel 2010 and Office 2010 included "changes to Japanese calendar".
Japanese language blogs have reported that after installing the non-security updates, users were seeing messages that 'Excel cannot be opened' and that the spreadsheet app was sometimes freezing. Excel also couldn't handle new entries in cells. Users reported that uninstalling the updates resolved the issue.
Microsoft's support note for the Excel 2010 update confirms it has been removed due to problems the update causes in Excel.
"After you install this update, you may experience difficulties in Microsoft Excel or other applications. To resolve this, uninstall the update by following the instructions in the 'More information' section," Microsoft says.
SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)
Microsoft has previously written about the inter-era calendar bugs that could surface during and after the change in Japanese emperors.
The company described it as "The Japanese Calendar's Y2K Moment", referring to the chaos expected as computers, which only used the last two digits to indicate a year, failed to distinguish between the years 2000 and 1900.
"The magnitude of this event on computing systems using the Japanese Calendar may be similar to the Y2K event with the Gregorian Calendar," wrote Microsoft's Shawn Steele.
"For the Y2K event, there was world-wide recognition of the upcoming change, resulting in governments and software vendors beginning to work on solutions for that problem several years before January 1, 2000. Even with that preparation many organizations encountered problems due to the millennial transition."
Steele noted that after the era has changed it will be too late to test for compatibility problems. Microsoft included a special registry in the Windows 10 version 1803 to help developers spot problems before the change.
There are all sorts of cross-era data problems that could occur during and after the transition. At transition, software with calendar controls that presume only one current era could stumble. Also, how will algorithms handle the same date expressed differently in two eras?
Microsoft: Crash-causing Outlook 2010 security patches are now fixed
Microsoft's new Outlook 2010 update ought to provide the critical security fixes without the crashes.
Microsoft: We've pulled buggy Outlook 2010 patches over crashes
Flawed updates cause Outlook and other apps to crash.
Microsoft's Office 2019 price hike: Will it push you to Office 365?
Microsoft follows through with its plans to raise Office 2019 prices by 10 percent.
Microsoft Office malware: Banking trojan downloads if you hover over PowerPoint hyperlink
Malware gangs add mouse-hover downloads to their arsenal of social engineering tricks to infect PCs.
Microsoft boosts Office productivity with AI for Word and other features TechRepublic
Microsoft 365 got a number of upgrades this month aimed at increasing user productivity and focus.
Microsoft unveils its new Office app for Windows 10 CNET
The app will act as a hub for all your Microsoft Office needs.
Real-time GPS coordinates for over 11,000 buses in India have been left exposed on the internet for over three weeks.
The data leaked via an ElasticSearch server that was left connected online without a password, according to security researcher Justin Paine, who shared his findings with ZDNet.
The server contained data aggregated from 27 Indian state-owned transportation agencies and included exact, real-time GPS coordinates and route information from buses across all India, active on both inter and intra-city routes.
Image: Justin PaineFor buses, the server usually contained details such as license plates, start-stop stations, route names, and GPS coordinates.
The collected data was different for each transportation agency, and in some cases, it also included details about commuters, such as usernames and emails.
"In some cases, the username field appeared to be populated with a user-supplied username, but in other cases, it did appear to be the user's full name," Paine told ZDNet. "Some agencies also appeared to log the user's email address."
Image: Justin Paine Image: Justin Paine"I was not able to determine how many unique users had their information exposed as I did not want to run such a resource-intense query on someone else's server," the researcher said when ZDNet asked about an estimate about the number of users who had their data left online.
Paine told ZDNet he discovered the server using search engines for internet-connected devices like Shodan and Censys, on December 5.
"I can confirm the server was accessible as far back as at least November 30, 2018," he said. "It is unclear how long the server had been exposed [before that date] though."
The researcher said that despite his best efforts, he wasn't able to determine who owned the server leaking all this information. However, Paine said that after contacting India's CERT team, the server was eventually secured on December 22, although CERT India representatives declined to reveal to who the server belonged.
"I will include the significant caveat that I cannot be sure, but it seems very likely this data was being collected by some type of government entitiy," the researcher told us.
According to Paine, the exposed server contained data aggregated from the following transportation agencies:
ACTSL -- Allahabad City Transport Services Ltd.AICTSL -- Atal Indore City Transport Services LimitedAMCTSL -- Agra-Mathura City Transport Services LtdBCLL -- Bhopal City Link LimitedBMTC -- Bangalore Metropolitan Transport CorporationBSRTC -- Bihar State Road Transport CorporationC-TYPE -- ??CSTC -- Calcutta State Transport CorporationCTU -- Chandigarh Transport UndertakingDTC -- Delhi Transport CorporationHOHO -- Hop On Hop Off Sightseeing Bus Service, Govt. of DelhiIBUS -- Indore Bus Rapid Transit SystemJCBS -- Joint Council of Bus SyndicateJCTSL -- Jaipur City Transport Services LimitedKCTSL -- Kanpur City Transport Services LimitedKMRL -- Kochi Metro Rail LimitedKP -- ??LCTSL -- Lucknow City Transport Services LtdLNT -- Lukshmi Narayan TravelsMCTSL -- Meerut City Transport Services LimitedMINIBUS -- ??NMPL --- Nagpur Mahanagar Parivahan LimitedTMT -- Thane Municipal TransportUCTSL -- Ujjain City Transport Services LimitedUPSRTC -- Uttar Pradesh State Road Transport CorporationVVMT -- Vasai Virar Municipal TransportIn addition, the server also contained data from a 27th agency --KMRL, Kochi Metro Rail Limited-- that tracked metros instead of buses.
When ZDNet tried to identify the source of the leak with the help of a local news reporter, things weren't as clear as we've hoped either. Scouring the local press, there are countless of announcements about both private firms and government agencies about implementing bus tracking systems [1, 2, 3, 4], and there doesn't appear to be a connection between these entities at all. Currently, the mystery remains.
There are various reasons why this leak is quite worrisome. For starters, leaking usernames and emails would allow the tracking of certain individuals as they move around a city. Second, there's also the annoyance of having the leaked emails added to spam lists. Third, India is still a country where terrorist attacks happen on an annual basis, and leaking bus real-time route information would certainly help threat actors fine-tune attack plans for maximum damage ahead of time.
This incident is just the latest in a string of data leaks caused by companies failing to secure their ElasticSearch servers properly. Other companies that have exposed user data via ElasticSearch servers include Sky Brasil (32 million subscribers), Brazil's Federation of Industries of the State of São Paulo (34.8 million users), FitMetrix (35 million users), and a yet-to-be-identified data analytics firm (57 million US citizens and 26 million companies).
Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management
Demanding Bitcoins, Blackmailing Hacker Group Turns to 9/11 Conspiracies(euroinfosec) • January 4, 2019 Beginning on Dec. 31, 2018, The Dark Overlord took to Twitter and Pastebin, claiming that it had a trove of documents tied to 9/11.The notorious hacker blackmail gang The Dark Overlord continues its shakedown efforts, now turning its hand to 9/11 conspiracy theories to attempt to compel hacked organizations into giving it hush money, payable in bitcoins.
See Also: Live Webinar: Building Secure Delivery Pipelines with Docker, Kubernetes, and Trend Micro
The modus operandi of the hacking group, which apparently is international, remains unchanged. The Dark Overlord often threatens to leak information or to leak snippets of stolen information - and images - to try to compel victims into sending bitcoins to the group in return for a promise that no more data will get leaked (see: Hollywood Studio Hit By Cyber Extortion Says: 'Don't Trust Hackers').
Already, the group has targeted health clinics, U.S. school districts, software developers and media giants.
On Monday, however, the group began claiming that it was sitting on a treasure trove of 9/11 litigation information. Via Twitter and text-sharing site Pastebin, the group claimed to have stolen documents tied to 9/11 litigation from "dozens of solicitor firms," as well as two insurers - Hiscox Syndicates and Lloyds of London - and real estate developer Silverstein Properties in New York.
In a Monday - New Year's Eve - post to Pastebin, the group claimed to possess gigabytes of data, including 18,000 litigation documents, which it promised to sell wholesale or in batches. It also said it had released samples of the stolen data to the KickAss forum on Tor.
"The good news for you is that we'll be selling these documents for a limited time," the group said via Pastebin. "If you're a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you're welcome to purchase our trove of documents."
Concurrently, The Dark Overlord appears to have been trying to interest various media outlets in a 2017 hack against a London plastic surgery clinic that it has apparently not yet been able to pressure into giving it bitcoins.
In response to The Dark Overlord's claims, Twitter suspended the group's latest account (@tdo_h4ck3rs).
Even so, the group's bitcoin wallet has received 3.3 bitcoins ($12,500) this week via 13 transfers, some of which may have been from victims.
Victims say that The Dark Overlord may, indeed, be sitting on a cache of information tied to 9/11 insurance claims.
Hiscox on Monday said that The Dark Overlord's claims tie to a hack attack against a specialist U.S. law firm with which it works. Hiscox disclosed the data breach in April 2018, although did not say when it occurred.
"The incident involved illegal access to information stored on the law firm's server, which may have included information relating to up to 1,500 of Hiscox's U.S.-based commercial insurance policyholders," Hiscox said in its April 2018 breach notification. "The law firm's systems are not connected to Hiscox's IT infrastructure and Hiscox's own systems were unaffected by this incident."
On Monday, Hiscox said some litigation tied to 9/11 may have been compromised. "One of the cases the law firm handled for Hiscox and other insurers related to subrogation litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach," Hiscox says in a statement.
"Once Hiscox was made aware of the law firm's data breach, it took action and informed policyholders as required," it says. "We will continue to work with law enforcement in both the U.K. and U.S. on this matter."
But Silverstein Properties, which signed a 99-year lease for the Twin Towers prior to 9/11, says it has found no indications that it was hacked, the Register first reported.
"We are aware of claims of alleged security breaches at firms involved in the five-year insurance litigation following the attacks of 9/11, and are conducting an internal investigation based on these claims. To date, we have found no evidence to support a security breach at our company," a company spokesman tells Information Security Media Group.
"We have spent the last 17 years fulfilling our obligation to deliver a magnificent and fully rebuilt World Trade Center," he says. "We will not be distracted by 9/11 conspiracy theories."
Similarly, Lloyd's of London says it has found no signs that it was hacked. "Lloyd's has no evidence to suggest that the corporation's networks and systems have been compromised by the hacker group," a spokeswoman tells ISMG. "We remain vigilant with a number of protections in place to ensure the security and safety of data and information held by the corporation. Lloyd's will continue to monitor the situation closely, including working with managing agents targeted by the hacker group."
This week, The Dark Overlord has been sharing with media outlets photographs that it appears to have stolen from a U.K. plastic surgery clinic in 2017, Sky News first reported on Friday. The group's attempt to resurrect interest in the old hack appears to be a public relations maneuver designed to pressure the hacked organization - London Bridge Plastic Surgery - into paying, Sky reported.
After the clinic was hacked, however, it attempted to hack back, sending The Dark Overlord a Microsoft Word document that included an IP address beacon, reported Daily Beast's Joseph Cox in 2017. The effort apparently failed.
In the wake of The Dark Overlord this week attempting to whip up interest in the data it stole from the clinic, a spokesman says that it has suffered no new data breach since the 2017 intrusion.
"In October 2017, London Bridge Plastic Surgery was targeted in a sophisticated cyber attack in which patient data was stolen by a malicious, criminal hacking group known to international law enforcement agencies. We took measures to block the attack immediately and reported the matter to the Metropolitan Police," he tells ISMG.
"All patients were informed of the breach at the time of the attack and were offered support and guidance. "We continue to liaise with the cyber crime unit of the Metropolitan Police, whose investigation is ongoing, and we also worked closely with the Information Commissioner's Office."
The spokesman adds: "We have taken further extensive and robust measures to increase our security in order to protect patient data. Once again, we are saddened by news of the latest threats and we condemn the actions of the individuals responsible."
The tactics employed this week by The Dark Overlord are nothing new.
"The group has a history of hacking organizations to obtain sensitive information before demanding money in exchange for not leaking it into the public domain," according to a 2017 alert from the U.K.'s National Cyber Security Centre, which is the public-facing part of intelligence agency GCHQ (see: UK Cybersecurity Center Issues 'The Dark Overlord' Alert).
"They leak snippets of data to the media to encourage them to report on their activity," NCSC said. "This is aimed at 'proving' that a breach has taken place and increases the pressure on the victim to pay the ransom."
Despite law enforcement eradication efforts, The Dark Overlord has proven tough to stop.
Last May, working with the U.K.'s National Crime Agency and the FBI, Serbia's Ministry of Internal Affairs arrested a suspected member of the group.
Identified only as a Belgrade-based suspect born in 1980 with the initials "S.S.," authorities noted that the group had received at least $275,000 in bitcoin payments from U.S. victims (see: Noose Tightens Around Dark Overlord Hacking Group).
Following the arrest, however, as well as the arrest of a man in the U.K. with alleged ties to the group, an individual with control of The Dark Overlord's then Twitter account (@tdo_hackers) told ISMG: "We're still around."
This story has been updated with comments from Lloyd's of London, London Bridge Plastic Surgery and Silverstein Properties.
Where is the greatest potential for the implementation of blockchain in healthcare?
"What we're seeing in terms of real applications - outside the whole morass of cryptocurrency types of offerings - are auditing and portability capabilities that make it easier for ... patients to access and hold onto their most current records without carrying around a file cabinet," says attorney Steven Teppler of the law firm Mandelbaum Salsburg.
And for organizations that handle and manage health records, blockchain, a distributed ledger technology, offers "an easier way to facilitate both the generation, the transmission, and the security of the records," Teppler says in an interview with Information Security Media Group.
But as with most technologies, there are security pros and cons for the use of blockchain in healthcare, he notes.
"The security pros for blockchain are that once a block is created, it can't be undetectably altered," he says. "That means that whatever information is associated with it, meaning an event or the time, and the content associated with it ... is not alterable and is reliable as long as the cryptography, the encryption strength, the algorithm remains viable."
As for the cons, "those are pretty simple but hard to realize to the extent that this goes to the very anchor of trust in the beginning of the blockchain: The initiator of the blockchain has to have a degree of trust built into the system from the onset. And if you don't have that trust anchor ... you call into play the accuracy, validity or trustworthiness of the entire blockchain, the blocks that follow," he says.
In the interview (see audio link below photo), Teppler also discusses:
Data interoperability issues involving blockchain; Compliance considerations for blockchain; Security advice for healthcare sector entities planning to pilot blockchain implementations.Teppler leads the electronic discovery and technology-based litigation practice at the law firm Mandelbaum Salsburg P.C. He's the co-chair of the American Bar Association's IoT Committee; a member of the Seventh Circuit Court of Appeals Electronic Discovery Pilot Program; a founder and co-chair of the American Bar Association's IoT National Institute as well as the American Bar Association's National Institute on Electronic Discovery and Information Governance; and a contributing author of the ANSI X9F4 trusted timestamp guideline standards for the financial industry.
Cybercrime , Cyberwarfare / Nation-state attacks , Data Breach
Chancellor Angela Merkel Among the Victims of Massive Hack Attack and Data Leak(euroinfosec) • January 4, 2019 Leaked details included letters and personal information for German Chancellor Angela Merkel. (Photo: European People's Party, via Flickr/CC)Hundreds of members of the German parliament, Chancellor Angela Merkel as well as numerous local celebrities have had their personal details and other sensitive information leaked online.
See Also: Key Drivers to Enable Digital Transformation in Financial Services
The information, including financial details, contact information, memos and private chats, was leaked in December but only recently spotted.
The leak includes details for German celebrities as well as members of six of the seven main political parties in the Bundestag lower house, including the ruling center-right and center-left parties, as well as The Greens, left-wing party Die Linke and the Free Democratic Party, the BBC reported.
But there's a notable exception: No members of the far-right Alternative for Germany - AfD - saw their personal details get spilled, according to German media reports. It's not clear, however, if that's a clue to the perpetrator's identity or a false flag.
"Whoever is behind this wants to damage faith in our democracy and its institutions," says Justice Minister Katarina Barley in a statement.
It's also not clear if all of the leaked data is authentic or unaltered.
The leaked information was made available online via tweets from a Twitter account, which has now been suspended, that linked to a platform that appeared to be based in the German city of Hamburg.
"The amount of data published is immense," says Hamburg's Data Protection Commissioner, who has been responding to the data leak by cataloging tweets that contain links to the stolen data. The commissioner has been communicating to Twitter as part of its legal request that all such information be removed.
"Even if no information relevant to public safety is concerned, the damage that may be caused by the publication of personal information to the individual concerned is nonetheless significant," the commissioner says.
Germany's Federal Office for Information Security, or BSI, is investigating the leak.
"Hacker attack on politicians: The BSI is currently intensively examining the case in close cooperation with other federal authorities," the BSI tweeted on Friday. "The National Cyber Defense Center has taken over the central coordination. According to our current information, government networks have not been targeted."
The data dump included Merkel's email address and fax number, as well as letters she wrote or which were written to her, German news agency DPA reported. One reporter who reviewed the data dump said it also appears to contain numerous private details, including sensitive information about individuals' private lives.
Officials say the data may have been obtained by hackers using stolen passwords to log into email accounts, social networks and cloud-based services (see: Credential Stuffing Attacks: How to Combat Reused Passwords).
"After an initial analysis, much evidence points toward the data being obtained through the improper use of login details to cloud services, email accounts or social networks," Minister of the Interior Horst Seehofer said in a statement on Friday, the Guardian reported. "Currently, nothing points towards the system of the parliament or government having been compromised."
The information security researcher known as the Grugq says that whoever stole and packaged up the information appears to have done so over a significant period of time. They also went to great lengths to make it difficult to eradicate online copies of the information by mirroring the data in numerous places online, and then creating mirrors of the mirrors, according to the Grugg.
"If I had to guess, I'd say that the leak files were not produced at the same time," the Grugq says via Twitter. "The changes in layout and naming suggest that it wasn't one person in one marathon session creating these. There is variation in the archive passwords too: 123, abbreviations, variations."
At least one German media outlet published links to the stolen information, drawing a rebuke from information security experts.
"Today's German data leak presents a particularly sharp dilemma: It is highly unethical to further publicize access to all the private data of so many prominent, high-interest individuals - but the leak's rollout design is also highly resilient to takedowns," says German political scientist Thomas Rid, a professor of strategic studies at Johns Hopkins University's School of Advanced International Studies.
This isn't the first major information security mishap to occur on the BSI's watch. In 2015, the BSI shut down the parliamentary intranet after discovering it had been infected with spyware.
In February 2018, it admitted that in December 2017, it discovered that for up to a year, hackers had infiltrated the sensitive "Informationsverbund Berlin-Bonn" - IVBB - network used by Germany's Foreign Ministry and Defense Ministry, and planted malware, German public broadcaster Deutsche Welle reported.
The Russian government hacking group APT28 is suspected as being responsible for that attack. The group is also known as BlackEnergy Actors, Cyber Berkut, CyberCaliphate, Fancy Bear, Pawnstorm, Sandworm, Sednit, Sofacy, Strontium, Tsar Team and Voodoo Bear (see: Dutch and British Governments Slam Russia for Cyberattacks).
Reuters, meanwhile, reported that the BSI only learned of the new, massive data dump on Friday, shortly before it was reported by German news media.
Some information security experts say that the dump of German politicians' personal details, memos and other potentially sensitive data has none of the hallmarks of a typical Russian information operations campaign.
For starters, the dump appeared to be designed to be an "Advent calendar" of big and little leaks, with new data being dumped every day in December up until Christmas via a Twitter account - reportedly followed by up to 18,000 people - before it was suspended.
Initially, at the beginning of December 2018, the account began leaking data for celebrities before switching to politicians on Dec. 20.
"Someone put a lot of effort into this. It doesn't make sense for a Russian op, the timing is way off," the Grugq tweets. "And they'd have been pissed that they got ignored for all of December as they were leaking. It is unusual to do an IO and just wait around until it is found."
The Hamburg Commissioner for Data Protection says it's been working throughout Friday to legally compel Twitter to excise all links to the stolen data from any tweets. To do so, the commissioner is working with Ireland's Data Protection Commission because Twitter's European operations are based in Ireland (see: GDPR: EU Sees More Data Breach Reports, Privacy Complaints).
But it's not clear yet if any of the links specified by Hamburg's data protection commissioner have yet been removed by Twitter or if the social networking firm will honor those requests.
"We are continuing to investigate this issue and our teams will take action where appropriate," a Twitter spokeswoman tells Information Security Media Group.
"Posting a person's private information without their permission or authorization is a direct and serious violation of the Twitter Rules," she says. "We also recently updated our rules to prohibit the distribution of any hacked material that contains private information, trade secrets or could put people in harm's way."
Breach Preparedness , Breach Response , Data Breach
Hacking Incidents Still Dominate, But Fewer Huge Incidents Than in Years Past(HealthInfoSec) • January 3, 2019Major health data breaches added to the official federal tally in 2018 impacted more than twice as many individuals as the incidents added to the list 2017. But the 2018 victim total was far less than in 2016 and 2015, when the healthcare sector was hit with a string of huge cyberattacks.
See Also: Live Webinar: Building Secure Delivery Pipelines with Docker, Kubernetes, and Trend Micro
A Jan. 3 snapshot of the Department of Health and Human Services' Office for Civil Rights' HIPAA Breach Reporting Tool website shows 353 major health data breaches were added to the federal tally in 2018, impacting more than 13 million individuals.
Six of the 10 largest health data breaches posted to the tally in 2018 involved hacking/IT incidents.
The cumulative tally includes 2,533 breaches impacting a total of about 190 million individuals since 2009, when regulators began keeping track as a result of the HITECH Act. Commonly called the "wall of shame," the website lists health data breaches impacting 500 or more individuals.
Of the breaches added to the tally in 2018, about 43 percent were reported as hacking/IT incidents; those incidents affected nearly 9 million individuals.
The largest of those breaches, reported in November by third-party billing vendor AccuDoc, impacted its client, North Carolina-based Atrium Health, which notified 2.65 million individuals of a cyberattack on databases hosted by the vendor (see Attack on Billing Vendor Results in Massive Breach).
That trend of hacking incidents racking up the biggest victim totals emerged nearly four years ago when health insurer Anthem Inc. reported in February 2015 a hack the previous year that exposed the protected health information of nearly 79 million individuals.
In 2015, 269 breaches impacting nearly 113.3 million individuals were added to the tally, more than any other year. Of those, the Anthem breach, as well as cyberattacks reported by several other insurers, including Premera Blue Cross (11 million victims) and Excellus BlueCross BlueShield (10 million individuals impacted) - racked up the most victims.
By comparison, in 2016, 327 breaches affecting 16.6 million individuals were added to the wall of shame, and in 2017 the tally added 359 breaches that impacted 5.1 million individuals.
"Unauthorized access/disclosure" breaches were the second most common type of breach added to the tally in 2018. About 139 such incidents impacting about 3 million individuals were posted.
In the initial years of the tally, breaches involving loss or stolen records - especially those stored on unencrypted laptops and other computing gear - racked up the biggest victim counts.
But in 2018, about 53 breaches involving losses or thefts, impacting only 726,000 individuals, were added to the tally. Of those loss/theft breaches, 35 incidents are listed as involving unencrypted electronic gear, such as laptops; those breaches affected nearly 112,000 individuals. But the largest loss/theft breach posted in 2018 involved the theft of paper/film. That incident, stemming from a break-in and fire impacting the data of about 582,000 individuals, was reported in April by the California Department of Developmental Services.
The federal tally also shows eight improper disposal breaches impacted nearly 340,000 individuals were added to the tally in 2018. The largest of those breaches, affecting 301,000 individuals, was reported by SSM Health St. Mary's Hospital in Jefferson City, Missouri.
Breached Entity | Individuals Affected | Type of Breach |
---|---|---|
AccuDoc Solutions | 2.65 million | Hacking/IT Incident |
Iowa Health System/UnityPoint Health | 1.4 million | Hacking/IT Incident |
Employees Retirement System of Texas | 1.2 million | Unauthorized Access/Disclosure |
Calif. Dept. of Developmental Services | 582,000 | Theft |
MSK Group | 566,000 | Hacking/IT Incident |
CNO Financial Group | 566,000 | Unauthorized Access/Disclosure |
LifeBridge Health | 538,000 | Hacking/IT Incident |
Health Management Concepts | 502,000 | Hacking/IT Incident |
AU Medical Center | 417,000 | Hacking/IT Incident |
SSM Health St. Mary's Hospital | 301,000 | Improper Disposal |
Kate Borten, president of privacy and security consulting firm The Marblehead Group, predicts that the top two categories of health data breaches reported in 2018 - hackers and other unauthorized access or disclosures - are likely to continue at the top in 2019.
"The good news is that breaches that are easier to avoid are finally being reduced. It's becoming the norm for all user portables to be encrypted, so that loss and theft of devices and media don't result in breaches," she says. "And more and more organizations and their employees are careful about paper disposal."
Mark Johnson, a former healthcare CISO and shareholder at consulting firm LBMC Information Security, says he's "a little surprised" that there were not more major breaches in 2018 appearing on the wall of shame. "While 343 total, and over 13 million individuals affected, are large numbers, my work with our clients would indicate there are many more attacks ongoing against the healthcare ecosystem," he says.
"This would seem to be telling me that the healthcare industry still is struggles with identifying these attacks. So, I really would have expected more of these rather than less."
Johnson also notes that among the top 10 breaches added to the wall of shame in 2018, several involved business associates. Some 83 incidents added to the tally last year, or nearly 24 percent, involved business associates; they affected a total of 5.8 million individuals.
"This tells me that the hackers have spread their focus from just traditional healthcare entities and are now attacking the entire healthcare ecosystem," Johnson says.
If healthcare continues to get better at identifying these cyberattacks, more data breaches likely will be reported in 2019 and beyond.
"Most would see an increase in reported breaches as a bad thing; I would see it as we are getting better at recognizing the attacks, instead of what feels like under reporting. Hopefully with the 'increase' of breaches, healthcare will start to look at protecting their environments to prevent and protect critical care systems," Johnson says.
"If the healthcare sector continues to treat information security as compliance vs. cybersecurity, then we will see roughly the same number of reported breaches and we will be lulled into a false sense of security, if we haven't already. We will think, 'Well we've plateaued, it's not getting worse,' when in reality, it has gotten much worse."
Healthcare is increasingly directly delivered to patients through internet-connected devices and systems, he notes. "This makes integrity and availability of the care systems far more critical and presents far graver risks than simply exposing the data," he says. "That is why hacking is recognized as the number one risk to patient safety. "
In this edition of the ISMG Security Report, former federal CISO Gregory Touhill explains why a zero-trust security model is essential, and Ron Ross of NIST describes initiatives to protect critical infrastructure from IoT vulnerabilities.
In this report, you'll hear (click on player beneath image to listen):
Touhill, a retired Air Force brigadier general who now serves as president of Cyxtera Federal Group, discuss how organizations can shift to a new model of security; Ross, a fellow at the National Institute of Standards and Technology, describe new initiatives; Attorney Mark Rasch outline what board members and communication teams should do in the event of a data breach.The ISMG Security Report appears on this and other ISMG websites on Fridays. Don't miss the Dec. 21 and Dec. 28 editions, which respectively discuss the Data Care Act and plans and predictions for cybersecurity in 2019.
Theme music for the ISMG Security Report is by Ithaca Audio under a Creative Commons license.