In one look.
- Recent health data breaches in the United States.
- Drive at your own risk.
- Magecart attacks are increasing.
- Industry commentary on the LendingTree incident.
Recent health data breaches in the United States.
The American Dental Association (ADA) revealed that it had been the victim of a ransomware attack in which an unauthorized party gained access to sensitive consumer data. JDSupra notes that while the ADA did not state exactly what data was compromised, the hackers released a sample of the stolen data on the dark web which includes W2 forms, nondisclosure agreements and spreadsheets. accountants belonging to dentists.
Insurance agency Blue Shield of California Promise Health Plan suffered a data breach that began with a vendor of a contractor used by Blue Shield. In May, Blue Shield learned that provider Matrix Medical Network suffered a ransomware attack following an incident involving one of Matrix’s providers, brand engagement company OneTouchPoint. The breach resulted in the compromise of Blue Shield plan members’ data, including names, addresses, dates of birth, subscriber ID numbers, diagnoses, medications, and medical histories. JDSupra adds that Blue Shield filed an official notice of the breach and notified affected individuals earlier this month.
The Center for Health Services at Oklahoma State University has paid $875,000 to settle potential HIPAA violations related to a malware attack that exposed the protected health data of more than 275,000 patients. JD Supra explains that the Center reported the violation to the Office of Civil Rights (OCR) of the US Department of Health and Human Services, as required by HIPAA, but the OCR’s investigation concluded that the Center did not did not perform an adequate risk analysis or implement an appropriate incident response.
Drive at your own risk.
BitSight cybersecurity analysts have discovered that a popular GPS vehicle tracker produced by Shenzhen-based electronics maker MiCODUS contains six vulnerabilities that could allow a malicious actor to remotely track or even shut down vehicle engines. The devices can be found in at least one million vehicles worldwide, including vehicles owned by a Fortune 50 company, a nuclear power plant operator, as well as law enforcement, military and government agencies. national governments around the world. TechCrunch notes that the most severe vulnerability involves a hard-coded password, embedded directly into the Android app’s code, which can be easily found by anyone with access to the code and can be used to gain full control of any GPS plotter and even cut off remotely. fuel to the vehicle engine. The bugs were found in the MV720 model, but Pedro Umbelino, the BitSight researcher who authored the report, says his findings raise “significant questions about the vulnerability of other models.” The security company contacted MiCODUS about the issues in September 2021, but so far no effort has been made to resolve the issue. BitSight and the Cybersecurity and Infrastructure Security Agency are urging vehicle owners to remove devices as soon as possible.
Magecart attacks are increasing.
Security firm Recorded Future has identified two web skimming operations targeting three online ordering platforms, resulting in the exposure of credit card details at more than three hundred US restaurants. Magecart malware has been detected on online ordering portals MenuDrive, Harbortouch and InTouchPOS, and details of 50,000 payment cards have already been put up for sale by hackers on the dark web. The campaign that hit InTouchPOS has infected more than four hundred e-commerce sites since 2020, and as of last June, thirty of the websites are still infected. These platforms have become a prime target for Magecart attacks because compromising a single portal can give cybercriminals access to online transactions made at a large number of restaurants, resulting in a huge payoff for few. of work. Bleeping Computer adds that although law enforcement and all relevant entities have been notified, both operations are ongoing and their corresponding exfiltration domains are still operational.
Kim DeCarlis, CMO at PerimeterX, sees cybercrime as a cyclical problem, and that a multi-layered solution is needed to break this cycle:
“This Magecart attack on 300 US restaurants is another example of the persistent challenges e-commerce businesses face when securing their sites. Sophisticated attackers understand that websites are made up of a supply chain of code, many of which come from third-party or n-th parties, and will continue to look for ways to steal credit card information by installing skimmers on site and abusing vulnerable code. This is another example of the life cycle of a web attack – the cyclical and continuous nature of cyberattacks – where a data breach on a site, perhaps as a result of a Magecart attack, fuels the carding, credential stuffing, or account takeover on another site. risks of Magecart and digital supply chain attacks, it is paramount that e-commerce businesses, such as restaurants and food delivery companies, implement solutions to stop theft, validation and fraudulent use of identity and account information on their websites and web applications. They can do this by deploying a multi-layered solution that helps protect users’ account and identity information throughout their digital journey.
Erfan Shadabi, cybersecurity expert at comforte AG says the problem calls for a data-centric solution:
“Typically, cyber attackers mainly target food delivery service providers or online ordering platforms to obtain their customers’ credit or debit card details. The key aspect to consider here, therefore, is to protect credit card information as well as user account details stored on a website or application. Companies in these industries need to apply data-centric protection to all sensitive data in their ecosystem (PII, financial, and transactional) as soon as it enters the environment and protect it even while employees are working with that data. By tokenizing PII or transactional data, they can strongly protect this information while preserving the original data format, making it easier for business applications to support tokenized data in their workflows. They should also review their enterprise backup and recovery tactics to ensure they can recover quickly if hackers manage to break into their environment and encrypt their enterprise data.
Industry commentary on the LendingTree incident.
LendingTree is dealing with a data incident, but it’s not the serious incident hoods have claimed on the dark web – those claims, according to reports from Record, are false. Henning Horst, CTO at comforte AG, commented that my successful financial services institutions like LendingTree are attractive targets for fraud on multiple levels:
“The past few months have seen a number of major global cyberattacks against the financial sector. Financial services companies continue to be heavily targeted and are generally in the top five sectors in terms of severity and frequency of cyberattacks. One of the reasons they are a prime target is the wealth of information they collect and process.
“As consumers, we need to be confident that the organizations that collect and process our most sensitive personal information handle and store that data with the utmost care, using the most sophisticated data protection tools. That means more than just traditional perimeter-based application controls.
“If your organization has such a wide range of sensitive customer information, you may wish to seek stronger protection and mitigation methods, such as data-centric security. By tokenizing sensitive data as soon as they enter your data ecosystem, you can keep in a protected state while continuing to work with the data of your business applications due to the preservation of the data format Even if threat actors get their hands on the data , it makes no sense or worth anything to them, and no sensitive information will be compromised.