Dec 102018

Baylor Scott & White Medical Center – Frisco, a joint venture managed by United Surgical Partners International (USPI), announced today it has sent letters to approximately 47,000 patients or guarantors whose payment information, including partial credit card information, may have been subject to an inappropriate computer intrusion. Baylor Scott & White Medical Center – Frisco is a joint venture affiliated with Baylor Scott & White Health and USPI.

On September 29, 2018, the hospital discovered an issue with a third-party vendor’s credit card processing system. The hospital immediately notified the vendor and terminated credit card processing through them. An investigation determined the inappropriate computer intrusion occurred between September 22-29, 2018. There is no indication the information has been further disclosed or misused by any other unauthorized individuals or entities.

Baylor Scott & White and USPI take safeguarding information seriously. As a precaution, the hospital has arranged for TransUnion Interactive, a subsidiary of TransUnion, one of the three nationwide credit reporting companies, to provide patients or guarantors with one year of credit monitoring services, free of charge.

It is important to note that the hospital’s information and clinical systems were not affected, and medical information was not compromised. Social Security numbers and medical record information were not accessed. No other Baylor Scott & White facility was impacted.

Data that may have been accessed included name, mailing address, telephone number, date of birth, medical record number, date of service, insurance provider information, account number, last four digits of the credit card used for payment, the credit card CCV number, type of credit card, date of recurring payment, account balance, invoice number, and status of transaction.

Patients or guarantors in need of more information related to this incident may contact 1-833-836-9900 between the hours of 7:00 am and 6:00 pm CST Monday – Friday, excluding holidays.

Source: Baylor Scott & White

The incident was reported to HHS on November 26 as affecting 47,984 patients.  As of December 10, the online payment system is still down.  USPI has not responded to an inquiry from asking whether they were in the process of finding another vendor. 

Dec 102018

Stephen Jewkes reports:

Italian oil services company Saipem said it had identified a cyber attack out of India on Monday that had primarily affected its servers in the Middle East.


Saipem’s head of digital and innovation, Mauro Piasere, told Reuters the attack had originated in Chennai, India. 

Servers in Saudi Arabia, the United Arab Emirates and Kuwait had been attacked as too, partially, had infrastructure in Aberdeen in Scotland, he said.

Read more on Reuters.

Dec 102018

Gene Myers reports that not only does the township not have answers, they are fighting and resigning over who is being included in the security investigation:

No new information has been released two weeks after the Thanksgiving Day cyber attack against the police department’s computer system.
The lack of answers has angered township leaders who accused the new mayor and police of keeping them out of the loop.

The investigation is ongoing, said Police Chief Martin McParland, but added he could not release more information as to not hinder the investigation. He did say the department “retained third party experts to assist them with remediation and data restoration.”

Read more on Daily Record

Dec 082018

Dustin Volz reports:

Federal prosecutors are expected to unseal criminal charges as soon as next week against hackers linked to the Chinese government who have allegedly engaged in a sophisticated multiyear scheme to break into U.S. technology service providers in order to compromise the networks of their clients, according to people familiar with the matter.

U.S. officials have described the hacking campaign as one of the most audacious and damaging orchestrated by China to date, intended to steal intellectual property and support Beijing’s espionage goals. 

Read more on The Wall Street Journal.

Dec 062018

Thomas Brewster reports:

The Syrian Electronic Army was causing carnage half a decade ago. Outside of attacking the U.S. government and major publications like Forbes, two of the hacker crew’s chief operators even made it onto the FBI’s Most Wanted list.

But the SEA hasn’t made headlines in some time, largely because it’s turned its focus away from Western targets and gone after people closer to home as it continues to support the Bashar Al-Assad regime. And, as research released at the Black Hat conference in London this week shows, the group is putting significant resources into an Android spyware tool that can keep constant tabs on a target’s mobile life.

Read more on Forbes.