HIPAA Compliance for Medical Practices
59.3K views | +1 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

Anthem data breach triggers phishing email scam

The Nevada attorney general’s office has issued a warning Nevadans who may have been impacted by the recent Anthem Inc. data breach of a potential phishing e-mail scam targeting current and former members.

Anthem Inc. representatives are not currently calling or e-mailing present or former members about the data breach and do not ask for credit card information or social security numbers by phone or e-mail. The phishing e-mail messages are designed to obtain the recipient’s personal information, and appear to be sent from Anthem Inc.

The body of the email contains a link that purports to offer free credit monitoring services; however, the email has no affiliation with Anthem Inc.

“I urge consumers to be wary of potential e-mail phishing scams, regardless of the source,” said Attorney General Adam Paul Laxalt. “This office will continue to investigate potential scams in an effort to protect Nevada’s consumers.”

Anthem Inc. representatives will only contact current and former members via U.S. Postal Service mail with specific information about how to enroll in credit monitoring.

Anthem Inc. launched a website for current and former members who may have been affected by the breach. It will allow consumers to enroll in two years of free credit reporting and identity theft repair services.

If you receive an email from a sender claiming to be Anthem Inc.:

• Do not click on any links in the e-mail.

• Do not reply to the email or reach out to the sender in any way.

• If you mistakenly click on the link provided, do not supply any information on the website.

• Do not open any attachments to the email.

Before responding to any email requesting personal information, always verify the source by calling a known and trusted phone number for the sender. Most legitimate businesses will not ask for personal information, such as account numbers, Social Security numbers, addresses, mother’s maiden name, PINs or other personal information via email or on a website.

In order to avoid falling victim to phishing scams, only transmit payment or other information through a secure website, which is denoted by the address https:// and a lock icon in the address bar.

more...
No comment yet.
Scoop.it!

Hacked in 2014: The Year of the Data Breach

Hacked in 2014: The Year of the Data Breach | HIPAA Compliance for Medical Practices | Scoop.it

2014 will go down as the year of the data breach, from massive hacks at retail chains to the leaking of celebrity nude photos and not to mention dangerous security vulnerabilities like Heartbleed and ShellShock that had security pros panicking.

A slew of industries like banking, retail, and healthcare have all fallen prey to cyber criminals this year. As the year now winds down, the effects of some of 2014’s most notorious hacking incidents are still being felt and will be for some time. Here are five of the year’s worst data breaches and the huge impact they are having on the state of cybersecurity.


Sony Pictures

The hack at Sony Pictures is the latest breach of the year and by the looks of things, will be the biggest, moving far beyond being an IT issue. A hacker group known as Guardians of Peace, or simply GOP, breached Sony’s internal systems in late November, affecting thousands of employees, several executives and celebrities, leaking as-yet-unreleased films, and demanding the cancellation of the Seth Rogen and James Franco comedy film, The Interview. This fueled rumors that North Korea was behind the attack, an allegation that continues to gather more steam. The hermit kingdom would deny involvement but still called the hacking a “righteous deed”.

However a number of large US theater chains have now dropped the film after one of GOP’s latest messages threatened physical attacks on cinemas screening the film. The number of theaters dropping the film eventually pushed Sony to completely cancel the release of the film.

The fallout continues across the board too as more and more details start to emerge courtesy of GOP, including some actors’ movie paydays as well as a heated email exchange between execs over Angelina Jolie. While Sony has hired security firm Mandiant to clean up the mess, there’s no end in sight for the leaks with each one becoming more and more serious. Sony will need a long time to mend its reputation and relationships, especially when several employees are taking legal action against the company.


Home Depot

Back in September Home Depot suffered a major payment system data breach for which it is still feeling the effects of, now facing 44 lawsuits. All in all 56 million credit card details and 53 million email addresses were stolen in the breach spanning April to September of this year with the company spending $43 million in one quarter to try and tame the breach’s effects.

Staring down 44 lawsuits in the US and Canada, Home Depot is looking at several accusations with one of the central claims being that the company was not complying with data protection standards. Meanwhile its recent regulatory filing added that there may very well be more damage discovered in the breach:“It is possible that we will identify additional information that was accessed or stolen.” On the plus side, people haven’t stopped shopping there as Home Depot still managed to boost its revenues in sales.


JP Morgan Chase

Several retail outlets have been rocked by data breaches this year but so too have financial institutions, for obvious reasons. Throughout the summer, hackers breached the bank, stealing names, email addresses, phone numbers, and addresses with the number tallying over 80 million customers and businesses. At the time, the New York Times called it the “most serious computer intrusions into an American corporation” and added that several other banking businesses were targeted too.

The attack was spread out over two months and stoked fears of wider attacks on the financial industry, which if successful, could yield serious rewards for cyber crooks. As for who was responsible for the attack, that remains unclear but original reports pointed the finger at Russian hacking networks, which has now become a recurring theme in many data breach cases and the talk of whodunit.


Community Health Systems

Healthcare data bases are becoming lucrative targets for cyber criminals too and while there have been several data breaches at facilities around the US, the biggest and most devastating was the August data breach at Community Health Systems. More than 4.5 million people were affected in 200 different hospitals, compromising data such as patient names, addresses, birth dates, phone numbers, and Social Security numbers but CHS insisted that no medical information was lost.

FireEye’s Mandiant, the same security firm now hired by Sony, believes that hackers in China going by the name Dynamite Panda are responsible and are allegedly the same group behind the 2011 RSA data breach.


P.F. Chang’s

The data breach at restaurant chain P.F. Chang’s showed that hackers will target any and all businesses. In August the company reported that payments systems at 33 of its locations were compromised and hackers made off with credit card details, names, and possibly expiration dates. However P.F. Chang’s first noticed something was awry back in June, which led to the investigation.

While this breach didn’t cause the same impact as say Target from last year or Home Depot, the incident raises more question marks over the state of retail data security and payment security as a whole, especially when security firms like McAfee predict that in 2015 point of sale attacks will evolve to become even more dangerous.

If a big company or banking institution were to get stolen from fifty years ago, the average customer could really care less. But when these companies have all of your data and credit card information at their fingertips, the potential for it to fall in the wrong hands is a legitimate problem. Whether it is politically or financially motivated, these corporate data breaches are also all part of the overarching conservation of public data, privacy, and government surveillance that we are having as a country—and it’s one that hasn’t completely played out yet.

In the end, 2014 may not be remembered as the year of the data breach, but rather the first of many. As new mobile payment systems like Apple Pay become more common, the chances for further data breaches and cybersecurity hysteria will no doubt increase. Will an increased focus on cybersecurity really prevent attacks in the future? Will the concerns result in a hesitant attitude toward mobile payment systems that will affect the adoption of the technology? We may not know the answers to these questions as of now, but a year from now, I have a feeling we will.



more...
No comment yet.