Feb 212018

WVIR reports:

The University of Virginia Health System is notifying patients of a cyber attack that affected the hospital.

The hacker was able to get access to private medical records for 19 months.

The FBI discovered that a physician’s devices with the Health System were infected with malware, which allowed the hacker to see what the employee was viewing on devices at the same time.

According to the FBI, the hacker may have been able to view patient information from May 2015 to December of 2016.

Read more on NBC29.  See also WHSV.  It’s pretty good that they discovered the breach in December 2017 and have already made an arrest. They do not say how they discovered the breach, though, and why it wasn’t discovered much sooner.

Feb 202018

White and Bright Family Dental in Fresno is notifying patients of a recent hack.  In a letter dated February 16 to patients, they write:

On January 30, 2018, a business computer server containing your protected health information was accessed by cyber criminals. We immediately notified the Fresno Police Department, so that identification and prosecution of those involved could begin. A police report has been prepared on this incident; the report number is 18300943.

What Information was Involved?

The business computer server that was accessed without authorization contained specific personal information such as patient name, address, telephone number, social security number, date of birth, driver license number, insurance information, and dental history.

What We Are Doing:

We believe that this information was accessed, but do not have knowledge regarding if information was copied or stolen, and we do not know the intent of the cyber criminals with respect to the data accessed. This incident is currently under review by our practice, and in response we have heightened our security measures to prevent a future recurrence. In accordance with our policies and procedures, please be assured that all necessary actions are being taken including notification of government agencies as required, including the active and ongoing investigation by the Fresno Police Department referenced above.

What You Can Do:

As always, we recommend that you review your health statements for accuracy and let us know if something does not look right. Review statements from your financial institutions and the businesses you frequent, to ensure that inaccuracies are detected and immediately reported. The police report number listed above may be required to clear you of any fraudulently detected charges that may occur.

For your protection, you may want to contact one of the national credit reporting agencies to place a fraud alert in your file and to receive a free copy of your credit report. We are informed that the agency you contact will notify the other two agencies.

Here are the names of the credit reporting agencies and their contact information:

Equifax 1-800-525-6285; www.equifax.com
Experian 1-888-397-3742; www.experian.com
TransUnion 1-800-680-7289; www.transunion.com

For More Information:

Our practice respects your right to file a complaint. If you have any questions, concerns or wish to file a complaint with us, please contact us at (559) 432-9988.

You also have the right to contact the Department of Health and Human Services through the Office for Civil Rights regarding a health information privacy complaint at 1-800-368-1019.

On behalf of our practice, we offer our sincerest apology that this unfortunate incident occurred. We assure you that safeguarding your information is always one of our highest priorities.


_________________________ Salih M. Mayalidag, D.D.S.

On a positive note, they seem to have detected the intrusion promptly and began incident response quickly. Good for them!

Their notification does not indicate how many patients were notified, but I expect we’ll see this on HHS’s breach tool at some point.

Feb 202018

Channel NewsAsia reports:

SINGAPORE: Approximately 685,000 user profiles were affected when the HardwareZone (HWZ) Forum website was hit by a security breach, the site’s owner SPH Magazines said in a news release on Tuesday (Feb 20).

A suspicious post on Sunday prompted an investigation to ascertain whether a security breach had occurred, the news release said.

The probe showed that a senior moderator’s account had been compromised by an unidentified hacker, and used to access the user profiles since September 2017.

Read more on CNA.

Feb 162018

The following was sent to DataBreaches.net this morning by someone claiming to have received it. Roomsurf did not respond to multiple emailed inquiries throughout the day and evening asking them to confirm or deny whether this was sent by them to members.  Roomsurf.com’s site, which currently has no notice about any breach, claims that they have 1,160,508 members. 

From: Roomsurf <[email protected]>
Subject: Important Message from Roomsurf to our Members
Date: February 15, 2018 at 3:01:57 PM CST
To: <[email protected]>
Reply-To: Roomsurf <[email protected]>

Dear Roomsurf Members,

Student safety has always been our top priority at Roomsurf. I wanted to notify you that we recently experienced a data breach into certain user contact information that included names, phone numbers, and email addresses.

Because your safety is our top priority, Roomsurf does not store your credit card information, so none of your financial related information has been taken or compromised.

Our top priority is taking care of you and helping you feel confident about using Roomsurf and it is our responsibility to protect your information when you use our Website.

Please know we moved as swiftly as we could to address the problem once it became known and specifically, we have:
1. Closed the access point that the outside users used
2. Moved the Roomsurf Website code and databases onto brand new servers with new security safeguards

We appreciate your understanding with this matter and apologize for any inconvenience this may have caused.


Dan Thibodeau

Feb 152018

Chris Bing reports:

Hackers armed with destructive malware appear to have compromised the main IT service provider for the Winter Olympic Games months before last week’s highly publicized cyberattack.

Publicly available evidence analyzed by experts and reviewed by CyberScoop suggests that whoever deployed the Olympic Destroyer malware on Feb. 9 likely previously penetrated a series of computer systems around December belonging to Atos, a multinational information technology service provider that is hosting the cloud infrastructure for the Pyeongchang games.

Read more on CyberScoop.