An old database that seems to have magically reappeared online more than a decade after it was removed reminds us of an often-overlooked risk. In January, DataBreaches.net reported that a behavior intervention therapist’s database was exposed online due to a misconfigured MongoDB installation. What struck me about the incident was that the therapist likely had no idea that a company she had…
Category: Commentaries and Analyses
Incident response shouldn’t include threatening the media, Saturday edition
As I commented to someone recently, a security incident involving Appalachian Regional Hospital facilities in Beckley and Summers County struck me as a really serious one because it was impacting patient care. While ARH responded promptly and initiated its emergency operations plan after detecting that its system was infected, it seemed clear that shifting to an…
Your Life, Repackaged & Resold: Deep Web Exploitation of Health Sector Breach Victims
A paper by James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology, and Drew Spaniel, Researcher, Institute for Critical Infrastructure Technology provides an overview of what’s going on on the dark web when it comes to patient-related information. You can access it here.
Protenus’ Breach Barometer for August is available
From Protenus, with whom DataBreaches.net collaborates in compiling monthly statistics for health data breaches: The number of breached records reported in August totals an unsettling 8,804,608. While this total does not exceed the staggering 11 million records we reported in June, it once again demonstrates that PHI breaches continue to be a huge problem for a wide…
UK businesses bullish about ransomware, but majority pay up when attacked
An interesting press release from Trend Micro suggests that more UK entities are paying ransom than we might hear about in the media. The survey was conducted in August: London, September 7th, 2016 – The majority (74%) of UK organisations who haven’t experienced a ransomware attack remain bullish about the threat, claiming they would never…
Billion-dollar hack – or not? A new approach to calculating true cost of security breaches
Katie Courage reports on some research by Yashwant Malaiya, professor of computer science in the College of Natural Sciences at Colorado State University and Abdullah Algarni, a doctoral researcher in the same department. Their research is oriented to developing a standard, public – and evolving – model that will permit more rigorous study on the costs of a…