February was a tough month for healthcare networks and medical providers. Nearly half of the major breaches we tracked involved patient information, including two prominent university hospitals. Medical identity theft is a growing problem that is extremely lucrative for hackers and cybercriminals, but many more businesses (including a dating app on Valentine’s Day) experienced security incidents.
Here are the recent data breaches that made headlines in February 2019:
A startup home improvement platform valued at $4 billion, Houzz admitted to a data breach to kick things off in February. Third parties gained access to a file that contained publicly visible user data in addition to private account information, including user IDs, email addresses, encrypted passwords, IP addresses, and Facebook information.
Catawba Valley Medical Center
Approximately 20,000 patients of North Carolina-based Catawba Valley Medical Center have been notified of a data breach involving their personal information. Names, birth dates, Social Security numbers, and health information were compromised after a hospital employee fell for a phishing scam.
Hackers deployed malware and took control of Huddle House’s point of sale systems, capturing full payment card information of customers dating back to August 2017.
The names, health insurance information, and account balances of more than 24,000 patients of EyeSouth Partners was breached after an employee’s email account was compromised.
DD Perks members have been alerted to the second breach in two months of popular coffee chain, Dunkin’ Donuts. Hackers are conducting credential stuffing attacks to infiltrate customer accounts and extract personal information, which they then sell on the Dark Web.
Coffee Meets Bagel
Users of dating app Coffee Meets Bagel received an unexpected Valentine’s Day present – a data breach notification. User names and email addresses registered before May 2018 were acquired by an unauthorized third party.
Photo sharing website 500px announced a data breach after cybercriminals hacked its servers. The names, usernames, email addresses, birth dates, locations, and gender of 14.8 million users was compromised.
A hacker breached the patient information of Advent Health and went undetected for 16 months. The data of 42,000 individuals was stolen, which included medical information, insurance carriers, Social Security numbers, names, phone numbers, and email addresses.
A list of 450,000 email addresses and hashed passwords for Coinmama users was found posted on a Dark Web registry. Coinmama is a cryptocurrency brokerage that allows users to purchase Bitcoin and Ethereum using a credit card.
Nearly 1 million patients of Washington’s UW Medicine have been notified of a data breach caused by a server vulnerability. Names and medical record numbers were among the information exposed.
The personal information of 326,000 patients was compromised in a UConn Health data breach. This security incident occurred after several employee email accounts were taken over by an unauthorized third party. Names, dates of birth, addresses, Social Security numbers and some medical information were exposed.