Feb 162019
 

Geena Arevalo reports that Hampton Roads Community Health Center has disclosed that in December, it discovered that its server with (unencrypted) patient data had been compromised. The center did not disclose the number affected nor how the attack occurred (of course, they may not know that yet), but a notice posted on the center’s web site Friday about the incident informs the public that the files:

possibly contained: first name, last name, gender, date of birth, health plan(s), plan member identification number(s), and medical condition. In some cases, the files may have contained your address, social security number, credit card information or driver’s license number.

This incident has not (yet) appeared on HHS’s public breach tool.

Feb 152019
 

Yet another healthcare provider has revealed that they were hacked by thedarkoverlord (TDO).  Dr. Robert Spies, a plastic surgeon in Scottsdale, Arizona, has notified HHS and his patients of the hackers’ attempt to extort the practice.

Although he does not name the hackers responsible in a notice on his web site, Dr. Spies explains:

On December 10, 2018, we became aware cyber criminals gained unauthorized access to our computer network. We immediately contacted the FBI and local law enforcement authorities and have been cooperating with their investigations. We also engaged computer experts to determine if our systems and information were at risk. The investigation determined that the criminals could have viewed or accessed documents that contained patients’ personal and medical information, including names, addresses, dates of birth, procedure notes, diagnoses, medications and health insurance numbers. For a small handful of patients, the criminals could have viewed Social Security, driver’s license and/or passport numbers, if provided for verification purposes, a credit card number or financial account number, or pre-op photos. At this time, there is no evidence that patient information has been misused.

His report is entirely consistent with other information DataBreaches.net had obtained about this incident. In December,  thedarkoverlord had posted a notice on KickAss that said:

We’ve hacked a high-end plastic surgery business located in Arizona, United States. This surgery center is owned by Doctor Robert J. Spies and operates on celebrity patients. His website is (www.azplasticsurgerycenter.com). We’ll share some of his data with yoou, since he’s refused our most handsome business proposition.

Link: (link redacted by DataBreaches.net, even though it is no longer live).

If you’d like to let him know how foolish he’s been, you can SMS his mobile at (redacted by DataBreaches.net) or his e-mail at (redacted by DataBreaches.net).

The sample data was a 531.8 MB archive with folders containing “Dictations”  (75 files), “Photos” (more than 160 photos),  and “Patient ID Verification” (4 files).  The Dictations folder and Photos folder contained more than one file or image for some patients, so these were not all unique patients in each folder.

Many of the photos in the archive released by the hackers would permit identification of patients because in some cases, you can see the patients’ faces, and in other cases, the filenames for the photos may contain the patient’s first initial and last name.

DataBreaches.net is not reproducing any of the data from the archive the hackers provided.

Inspection of the meta data suggests that the newest dictation files were created December 5, 2018 and related to services or consultations conducted on November 28, 2018.

As with their hack of the London Bridge Plastic Surgery Center,  TDO may have hoped that people — especially celebrities — would pay good money not to have their before, during, or after pictures of plastic surgery released publicly.  Whether TDO is privately trying to extort patients directly is unknown to this site, but Dr. Spies seems to have refused to pay them, and has reported the incident to law enforcement, HHS, and his patients.  According to his notification to HHS,  he has notified 5,524 patients.

 

 

Feb 152019
 

Kennedy Nolen reports:

Foreign hackers targeted the Mount Zion schools computer system in an attack that resulted in 19 days’ worth of grades being wiped out across the district.

Data was not removed from the system, but the hackers encrypted several servers, making them unusable, Superintendent Travis Roundcount said in an emailed response to questions from the Herald & Review about the incident, which was noted on the district’s website as happening Feb. 4.

Read more on Herald & Review and then go review your backup situation/readiness.

Feb 152019
 

Swati Khandelwal reports:

A hacker who was selling details of nearly 620 million online accounts stolen from 16 popular websites has now put up a second batch of 127 million records originating from 8 other sites for sale on the dark web.

Last week, The Hacker News received an email from a Pakistani hacker who claims to have hacked dozens of popular websites (listed below) and selling their stolen databases online.

Read more on The Hacker News.
Feb 152019
 

Sir Julio reports:

A U.S.-based cybersecurity firm, Recorded Future, alleges to have identified a hacker allegedly responsible for exposing stolen data in a recent leak dubbed Collection #1.

Experts from Recorded Future’s threat intel team have claimed that the hacker goes by the pseudonym “C0rpz.”

According to the company, multiple individuals came out claiming to serve as the source of the breached data.

Read more on Dark Web News.