The U.S. saw an increase in data breaches in March, exposing consumer records across a wide array of companies, universities, and government agencies. Healthcare companies remain a lucrative target for hackers looking to sell peoples’ personally identifiable information on the dark web.
Here are the recent data breaches and settlements that made headlines in March 2018:
A major healthcare provider with locations in Missouri and St. Louis exposed the patient data of more than 33,420 individuals. BJC Healthcare was breached when one of its servers was left unsecured from May 2017 through January of this year. The information on the server included patients’ driver’s licenses, insurance cards, addresses, Social Security numbers, telephone numbers, and treatment records.
St. Peter’s Surgery & Endoscopy Center
This New York hospital discovered a data breach from a third party accessing its servers. The patient names, dates of birth, addresses, diagnosis codes, procedure codes, insurance information, and Social Security numbers of 134,512 may have been compromised. St. Peter’s has notified its patients and has offered one free year of credit monitoring to those whose SSN’s were exposed.
ATI Physical Therapy
In yet another healthcare breach, several employees of ATI Physical Therapy had their emails compromised after falling for a phishing scam. Over 35,000 patients’ personally identifiable information may have been exposed as a result of the scam, exposing Social Security numbers, driver’s license numbers, financial account numbers, Medicare or Medicaid ID numbers, and medical records.
Travel company and subsidiary of Expedia, Orbitz discovered a data breach potentially affecting 880,000 customers and business partners. A hacker gained access to personal information including birthdays, addresses, full names, phone numbers, email addresses, and gender, by way of a legacy website. In addition, customers’ payment card information was exposed.
Iranian Cyberattack on U.S.
Just last week, the U.S. Justice Department indicted 9 Iranian hackers in a massive, state-sponsored cyberattack targeting universities, private companies, and government agencies. This hacking ring stole $3.4 billion worth of academic research by performing a phishing scam on university professors. They then went after 36 private companies and several government entities by using what’s known as “password spraying”. This is one of the largest and most-public cases of cyberespionage that we have seen.
On March 25th, Under Armour learned that an unauthorized party had acquired data from it’s popular app, MyFitnessPal. The company has said that this data breach affected about 150 million user accounts, placing it among the largest cyberattacks ever recorded. The information exposed included usernames, email addresses, and hashed passwords. Fortunately, payment card information was not affected. Under Armour is notifying MyFitnessPal users and is investigating the breach with data security firms.
Be sure to check back next month for the latest major data breaches in 2018.