HIPAA Compliance for Medical Practices
61.1K views | +2 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

Hacked in 2014: The Year of the Data Breach

Hacked in 2014: The Year of the Data Breach | HIPAA Compliance for Medical Practices | Scoop.it

2014 will go down as the year of the data breach, from massive hacks at retail chains to the leaking of celebrity nude photos and not to mention dangerous security vulnerabilities like Heartbleed and ShellShock that had security pros panicking.

A slew of industries like banking, retail, and healthcare have all fallen prey to cyber criminals this year. As the year now winds down, the effects of some of 2014’s most notorious hacking incidents are still being felt and will be for some time. Here are five of the year’s worst data breaches and the huge impact they are having on the state of cybersecurity.


Sony Pictures

The hack at Sony Pictures is the latest breach of the year and by the looks of things, will be the biggest, moving far beyond being an IT issue. A hacker group known as Guardians of Peace, or simply GOP, breached Sony’s internal systems in late November, affecting thousands of employees, several executives and celebrities, leaking as-yet-unreleased films, and demanding the cancellation of the Seth Rogen and James Franco comedy film, The Interview. This fueled rumors that North Korea was behind the attack, an allegation that continues to gather more steam. The hermit kingdom would deny involvement but still called the hacking a “righteous deed”.

However a number of large US theater chains have now dropped the film after one of GOP’s latest messages threatened physical attacks on cinemas screening the film. The number of theaters dropping the film eventually pushed Sony to completely cancel the release of the film.

The fallout continues across the board too as more and more details start to emerge courtesy of GOP, including some actors’ movie paydays as well as a heated email exchange between execs over Angelina Jolie. While Sony has hired security firm Mandiant to clean up the mess, there’s no end in sight for the leaks with each one becoming more and more serious. Sony will need a long time to mend its reputation and relationships, especially when several employees are taking legal action against the company.


Home Depot

Back in September Home Depot suffered a major payment system data breach for which it is still feeling the effects of, now facing 44 lawsuits. All in all 56 million credit card details and 53 million email addresses were stolen in the breach spanning April to September of this year with the company spending $43 million in one quarter to try and tame the breach’s effects.

Staring down 44 lawsuits in the US and Canada, Home Depot is looking at several accusations with one of the central claims being that the company was not complying with data protection standards. Meanwhile its recent regulatory filing added that there may very well be more damage discovered in the breach:“It is possible that we will identify additional information that was accessed or stolen.” On the plus side, people haven’t stopped shopping there as Home Depot still managed to boost its revenues in sales.


JP Morgan Chase

Several retail outlets have been rocked by data breaches this year but so too have financial institutions, for obvious reasons. Throughout the summer, hackers breached the bank, stealing names, email addresses, phone numbers, and addresses with the number tallying over 80 million customers and businesses. At the time, the New York Times called it the “most serious computer intrusions into an American corporation” and added that several other banking businesses were targeted too.

The attack was spread out over two months and stoked fears of wider attacks on the financial industry, which if successful, could yield serious rewards for cyber crooks. As for who was responsible for the attack, that remains unclear but original reports pointed the finger at Russian hacking networks, which has now become a recurring theme in many data breach cases and the talk of whodunit.


Community Health Systems

Healthcare data bases are becoming lucrative targets for cyber criminals too and while there have been several data breaches at facilities around the US, the biggest and most devastating was the August data breach at Community Health Systems. More than 4.5 million people were affected in 200 different hospitals, compromising data such as patient names, addresses, birth dates, phone numbers, and Social Security numbers but CHS insisted that no medical information was lost.

FireEye’s Mandiant, the same security firm now hired by Sony, believes that hackers in China going by the name Dynamite Panda are responsible and are allegedly the same group behind the 2011 RSA data breach.


P.F. Chang’s

The data breach at restaurant chain P.F. Chang’s showed that hackers will target any and all businesses. In August the company reported that payments systems at 33 of its locations were compromised and hackers made off with credit card details, names, and possibly expiration dates. However P.F. Chang’s first noticed something was awry back in June, which led to the investigation.

While this breach didn’t cause the same impact as say Target from last year or Home Depot, the incident raises more question marks over the state of retail data security and payment security as a whole, especially when security firms like McAfee predict that in 2015 point of sale attacks will evolve to become even more dangerous.

If a big company or banking institution were to get stolen from fifty years ago, the average customer could really care less. But when these companies have all of your data and credit card information at their fingertips, the potential for it to fall in the wrong hands is a legitimate problem. Whether it is politically or financially motivated, these corporate data breaches are also all part of the overarching conservation of public data, privacy, and government surveillance that we are having as a country—and it’s one that hasn’t completely played out yet.

In the end, 2014 may not be remembered as the year of the data breach, but rather the first of many. As new mobile payment systems like Apple Pay become more common, the chances for further data breaches and cybersecurity hysteria will no doubt increase. Will an increased focus on cybersecurity really prevent attacks in the future? Will the concerns result in a hesitant attitude toward mobile payment systems that will affect the adoption of the technology? We may not know the answers to these questions as of now, but a year from now, I have a feeling we will.



more...
No comment yet.
Scoop.it!

Data breach trends for 2015: Credit cards, healthcare records will be vulnerable

Data breach trends for 2015: Credit cards, healthcare records will be vulnerable | HIPAA Compliance for Medical Practices | Scoop.it

The data breaches of 2014 have yet to fade into memory, and we already have 2015 looming. Experian's 2015 Data Breach Industry Forecast gives us much to anticipate, and I've asked security experts to weigh in with their thoughts for the coming year as well.

Experian highlights a number of key factors that will drive or contribute to data breaches in 2015. A few of them aren't surprising: Organizations are focusing too much on external attacks when insiders are a significantly bigger threat, and attackers are likely to go after cloud-based services and data. A few new factors, however, merit your attention. 

First, there is a looming deadline of October, 2015 for retailers to upgrade to point-of-sale systems capable of processing chip-and-PIN credit cards. As banks and credit card issuers adopt more secure chip-and-PIN cards, and more consumers have them in hand, it will be significantly more difficult to clone cards or perpetrate credit card fraud. That’s why Experian expects cybercriminals to increase the volume of attacks early in 2015, to compromise as much as possible while they still can.

The third thing that stands out in the Experian report is an increased focus on healthcare breaches. Electronic medical records, and the explosion of health or fitness-related wearable devices make sensitive personal health information more vulnerable than ever to being compromised or exposed.

The risk of health related data being breached is also a concern voiced by Ken Westin, security analyst with Tripwire. He pointed out that part of the reason that retail breaches have escalated is because cybercriminals have developed the technologies and market for monetizing that data. “The bad news is that other industries can easily become targets once a market develops for the type of data they have. I am particularly concerned about health insurance fraud—it’s driving increasing demand for health care records and most healthcare organizations are not prepared for the level of sophistication and persistence we have seen from attackers in the retail segment.”

“There will absolutely be more breaches in 2015—possibly even more than we saw in 2014 due to the booming underground market for hackers and cybercriminals around both credit card data and identity theft,” warned Kevin Routhier, founder and CEO of Coretelligent. “This growing market, coupled with readily available and productized rootkits, malware and other tools will continue to drive more data breaches in the coming years as this is a lucrative practice for enterprising criminals.”

The rise in data breach headlines, however, may not necessarily suggest an increase in actual data breaches. It’s possible that organizations are just getting better at discovering that they’ve been breached, so it gets more attention than it would have in previous years.

Tim Erlin, director of IT risk and security strategy for Tripwire, echoed that sentiment. “The plethora of announced breaches in the news this year is, by definition, a trailing indicator of actual breach activity. You can only discover breaches that have happened, and there’s no indication that we’re at the end of the road with existing breach activity. Because we expect organizations to improve their ability to detect the breaches, we’ll see the pattern of announcements continue through 2015.”

The combination of a rise in actual data breach attacks, and an increase in the ability to discover them will make 2015 a busy year for data breaches. Whether we’re defending against new attacks, or just detecting existing breaches that have already compromised organizations, there will be no shortage of data breach headlines in 2015.




more...
Andrew Margolies's curator insight, December 11, 2014 2:47 PM

Make sure your e-commerce site is protected with the latest advances in online e-commerce security. Find out more at creditcardprocessing.gr8.com.