April 5, 2016

Share Everywhere

Recent Data Breach Roundup: March 2016

As spring rolled in, so did data breaches. Much like we’ve seen in previous months, companies of all sizes across many industries were affected.

Here are the recent data breaches that were making headlines in March 2016:

Verizon Enterprise Solutions

A division of Verizon that provides IT services to businesses and government agencies, Verizon Enterprise Solutions got hit by a major breach that exposed information for about 1.5 million customers. Ironically, the provider helps many Fortune 500 companies respond to data breaches.

The security issue became known when cybersecurity journalist Brian Krebs of KrebsOnSecurity noticed customer data for sale on an underground cybercrime forum. The company responded with a statement that it had remediated a security vulnerability on its client portal and that an investigation was underway. In his post about the breach, Krebs noted that if thieves do purchase the customer data, it could lead to future phishing attacks.

MedStar Health

Unfortunately, attacks on health insurers and healthcare systems are becoming commonplace, especially as medical information is seen as increasingly valuable for identity theft. But for several hospitals, there’s a new wrinkle in data security: the rise of ransomware.

A cyberattack at 10-hospital system MedStar Health in Maryland and Washington, D.C., involved thieves holding data “hostage” and demanding a ransom to free it. The hospitals were forced to shut down their systems temporarily to keep the malware from spreading. Rather than pay the attackers, MedStar had to painstakingly restore its data through backup systems and paper documentation.

Other hospitals that have been struck, however, are choosing to pay up. In February, California’s Hollywood Presbyterian Medical Center gave extortionists $17,000 to unlock its data. Since then, several other hospitals have been targeted in Kentucky, California and Ottawa.

21st Century Oncology

In addition to ransomware, attackers continue to target medical facilities in order to gain personal information that could lead to identity theft.

In a recent example, Florida-based 21st Century Oncology just reported that a data breach has compromised the medical records of 2.2 million people. The stolen information includes Social Security numbers and insurance information.

Two Respected Law Firms

Although data breaches are hitting healthcare and education particularly hard these days, they’re certainly not the only industries at risk. Recently, hackers broke into the networks of some of the country’s most prestigious law firms, including Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP. Those firms represent major Wall Street banks and Fortune 500 companies, and have data about multibillion-dollar mergers stored in their systems.

According to The Wall Street Journal, other law firms were also breached, with hackers threatening to attack even more. At this point, it isn’t clear what’s been stolen or whether the intention was gathering data for insider trading, but the newspaper noted that it’s becoming easier for criminals to breach networks like these for illegal activities, including identity theft.

Check back next month to stay up to date on the most recent data breaches.

Follow Me

Heidi Daitch

Director, Strategic Programs at IdentityForce
Heidi is a busy working mom who juggles many of the same responsibilities and challenges at home and at work - a long list of things to do and not enough time to do everything. With so little time, Heidi tries hard to find simple, but effective strategies to save time for what’s really important – spending time with her family.
Follow Me

Join The Discussion

Your email address will never be published.