25 February 19, 08:05
(This post was last modified: 25 February 19, 08:13 by harlan4096.)
Quote:Full Reading
Not one, not two, but three data breaches this week...plus some real bad ads.
Presidents’ Day malvertising blitz
Cybersecurity researchers observed a swell of malicious ads flooding the internet over Presidents’ Day weekend, striking at a time when ad network employees were enjoying the three days off. With tech support slower to respond, cybercriminals took the opportunity to inject bad ads into regular ad rotation. Researchers tracked as many as 800 million ads over the three-day weekend. Instead of infecting the user’s system with malware, the ads led to phishing screens that tried to coax login credentials from the users.
Experts recognize the cybergang behind the Presidents’ Day bad ad blitz as “eGobbler,” a name given to the gang for trying something similar over the long Thanksgiving weekend last year.
Data breach affects 42,000 health patients
Florida-based primary care providers AdventHealth Medical Group has warned 42,000 of their Pulmonary and Sleep Medicine patients that a data breach caused by a malware infection compromised their system from August 2017 through December 27, 2018. Patient data able to be accessed by the breach includes names, addresses, emails, phone numbers, birthdates, health insurance info, medical info, and social security numbers. The medical group has not commented on why the malware infection went undetected for so long, nor how the malware was installed in the first place. The group is offering credit monitoring and fraud consultation to the victims.
“What’s most disturbing about this incident is that the infection was there for more than a year before the company realized they had been compromised,” comments Luis Corrons, Avast security evangelist. “Of course anyone can be a target and suffer a compromise, but the fact that they were unable to identify a malware infection for 16 months shows that data security was not on their priority list.”
Data breach affects 1,000,000 more health patients
Meanwhile, across the country in Washington state, another health-related data breach has struck, only this one is not attributed to malware. In their official statement on the matter, the University of Washington Medicine — a network of medical centers — attributes their data breach to “internal human error.”
A user searching their own name found their private UW Medicine medical record online for all the world to see. The patient contacted the medical group, which then launched an investigation and learned that almost one million patient medical files had been left accessible online for a period of roughly three weeks in December. It’s unclear at present if any of the medical records had been accessed, but none of the records contained financial info. The information at risk involved the state of the user’s mental and physical health.
“This is a common phenomenon, unfortunately. A number of data breaches happen because someone makes a seemingly ‘minor’ mistake that publishes information online that shouldn't be accessible,” comments Corrons. “This is similar to what happened to some Republican contractors, when they inadvertently made public the information of around 200 million registered voters for a period of 12 days.”