Archive for April, 2017

Accenture survey highlights healthcare data breaches among English consumers – News

More than three-quarters of English consumers think healthcare providers have the greatest responsibility to keep data secure  

One in eight consumers in England (13 percent) have had their personal medical information stolen from technology systems, according to results of a new survey from Accenture.

The survey of 1,000 consumers in England revealed that the vast majority (78 percent) believe healthcare providers have a great deal of responsibility for keeping digital healthcare data secure, compared to only 40 percent who believe it is their personal responsibility. Despite this, the findings show that more than half (56 percent) of those who experienced a breach were victims of medical identity theft and more than three-quarters of those victims (77 percent) had to pay approximately £172 in out-of-pocket costs per incident, on average.

In addition, the survey found that the breaches in England were most likely to occur in pharmacies — the location cited by more than one-third (35 percent) of consumers who experienced a breach — followed by hospitals (29 percent), urgent care clinics (21 percent), physician’s offices (19 percent) and retail clinics (14 percent). More than one-third (36 percent) of English consumers who experienced a breach found out about it themselves or learned about it passively through noting an error on their health records or credit card statement. Only one-fifth (20 percent) were alerted to the breach by the organization where it occurred, and even fewer consumers (14 percent) were alerted by a government agency.

Among those who experienced a breach, the majority (70 percent) were victims of medical information theft with more than a third (39 percent) having personal information stolen. Most often, the stolen identity was used for fraudulent activities (cited by 82 percent of data-breached respondents) including fraudulently filling prescriptions (42 percent) or fraudulently receiving medical care (35 percent). And, a quarter of consumers in England (25 percent) had their health insurance ID number or biometric identifiers (18 percent) compromised. Unlike credit-card identity theft, where the card provider generally has a legal responsibility for significant account holder losses, victims of medical identity theft often have no automatic right to recover their losses.

“Patients must remain more vigilant than ever in keeping track of personal information including credit card statements and health records which could alert them to breaches,” said Aimie Chapple, managing director of Accenture’s UK health practice and client innovation in the UK Ireland. “Similarly, health organizations must monitor patient information more carefully and remain transparent with those affected in the event of a breach to swiftly resolve the issue without losing consumers to competitors.”

Despite the myriad breaches occurring, consumers still trust their healthcare providers (84 percent), labs (80 percent) and hospitals (79 percent) to keep their healthcare data secure more than they trust the government (59 percent) or health technology companies (42 percent) to do so. About two-thirds of consumers in England (65 percent) either maintained or gained trust in the organization from which their data was stolen, following a breach. And, more than half (68 percent) of English consumers said they want to have at least some involvement in keeping their healthcare data secured, whereas only a quarter (28 percent) said that they have such involvement today.

In response to the breach, nearly all (95 percent) of the consumers who were data-breach victims reported that the company holding their data took some type of action. Some organizations explained how they fixed the problem causing the breach (cited by 29 percent), explained how they would prevent future breaches (23 percent) or explained the consequences of the breach (22 percent). Of those that experienced a breach, over half (53 percent) of respondents felt the breach was handled somewhat well while only 15 percent of respondents felt the breach was handled very well, indicating there is potential room to improve.

“The time to assure consumers that their personal data is in secure, capable hands is now,” Chapple said. “When a breach occurs, healthcare payers and providers should be able to swiftly notify those affected, with a plan of action on how to remedy the situation and prevent it from happening again.”

https://www.accenture.com/

Article source: http://www.news-medical.net/news/20170426/Accenture-survey-highlights-healthcare-data-breaches-among-English-consumers.aspx

,

No Comments

What businesses can learn from the Yahoo! data breach

Yahoo! was once best known for being the search engine that lost out to Google in the nineties, but went on to become an internet giant acquiring blogging platform Tumblr in 2013 for $1 billion in cash. Today it’s better known for falling victim to the biggest cyber-security breach in history, also occurring in 2013 and involving a billion user accounts.

In addition, it fell victim to attackers in 2014 with a breach that impacted more than 500 million user accounts, the second largest in internet history. It hardly seems fair to mention the most recent disclosure from Yahoo! that revealed hackers accessed a further 32 million accounts using a forged cookie attack, stretching back two years.

This followed a statement in December 2016 confirming data associated with more than one billion accounts, dating back to August 2013, had been stolen. To compound how bad things have been for the company, just three months earlier it had disclosed an attack involving 500 million compromised accounts from 2014.

That Yahoo! is facing several lawsuits in the United States and abroad, as well as investigation by members of the US Congress, could explain why requests for comments go unanswered by its press office.

In fairness if, as Yahoo! chief information security officer (CISO) Bob Lord claims, state-sponsored actors were behind both the 32 and 500-million account breaches, it’s hard to be too critical. Four people have now been indicted by a US grand jury over the latter attack, two of them officers in the Russian Federal Security Service (FSB) so it looks like Mr Lord was right. And if a state-sponsored attacker wants your data, they are likely to get your data.

I’m hoping Yahoo! is the catalyst that will exact some meaningful change

But that doesn’t mean you should make it easy for them. Among the account data stolen were hashed passwords, yet Yahoo! could have made things harder for the attackers by not using an outdated algorithm called MD5. Hashing is a one-way function, a mathematical operation that is easy to perform but hard to reverse, used to enable verification of passwords without having to store the password itself.

While most stolen passwords used the well-respected bcrypt algorithm, many used the easy-to-crack MD5 algorithm, despite the weakness of this being common security industry knowledge for at least a decade. It was a mistake for Yahoo! not to replace this fully long before the attacks took place, as was being aware of the 2014 attack at the time, but failing to comprehend the seriousness or adequately investigate it.

Although Yahoo! has said that it has “revised” procedures for responding to cyber-security incidents, it is not clear currently what else has been done to beef up the security posture. We know it forced password resets for some, but not all, users. We know it required new security question responses for all one billion accounts caught up in the 2013 breach. We know all the cookies involved in the 32-million account compromise were revoked to prevent that access route. Beyond that we know very little.

LARGEST DATA BREACHES IN HISTORY

LARGEST DATA BREACHES IN HISTORY

So what does the cyber-security industry make of it all?

Simon Edwards, European cyber-security architect at Trend Micro, says: “The first lesson to learn is that companies must invest more in technology and staff training, which allows them to find the breach when it happens, ideally stop it before it causes damage and not months later.”

Nigel Hawthorn, chief European spokesman at Skyhigh Networks, reminds us that data loss has a very long tail. “The company’s value has dropped by around $350 million,” he says, “and that’s ignoring the regulatory fines, and the fact that the CEO will step down upon completion of the Verizon takeover.”

But what should the chief information officer (CIO) of tomorrow take away from the mistakes of yesterday as shown so clearly in the Yahoo! breaches? Chris Pogue, cyber-security instructor to the US Secret Service Electronic Crimes Task Force as well as the CISO at Nuix, says: “Listen to your security teams. They were hired for a reason. In the case of Yahoo!, it appears senior executives did not properly comprehend or investigate what the information security team knew and they failed to act sufficiently upon it.”

To stand the best chance of protecting data, CIOs must harness and grow what they know by adopting a consistent framework for sharing and using intelligence. “I’m hoping Yahoo! is the catalyst that will exact some meaningful change,” Mr Pogue says.

The CIO is a critical cog in the security machinery, and must pull in all relevant resources to prepare for and oversee breach response. Oliver Pinson-Roxburgh, Europe, Middle East and Africa director at Alert Logic, says the worse media coverage he has seen is when the CIO isn’t close enough to the response teams so has no clarity regarding a remediation plan for the incident, the impact and the effect on customers. “Lose confidence early,” Mr Pinson-Roxburgh warns, “and you will find it really hard to recover.” It’s a lesson that Yahoo! is learning the hard way.

Article source: https://www.raconteur.net/technology/what-businesses-can-learn-from-the-yahoo-data-breach

,

No Comments

Bangor Mental Health Provider Details Extent of Hackers’ Data …

More than 4,000 clients of a Bangor mental health provider may have had their personal information stolen through a data breach last month. 

A spokesman for Behavioral Health Center, David Farmer, says the compromised data includes Social Security numbers and notes on services they received. 

“Some of those clients were in files that were vulnerable, but there’s no evidence of access,” Farmer says. “But we are treating them all the same, and providing the same level of protection to everyone just in case.”

Farmer says Behavioral Health Center is providing a credit monitoring service for affected clients for the next 12 months. 

Since the breach in March, Farmer says the practice has also tightened its cyber security, and notified appropriate government agencies about the incident. 

Article source: http://mainepublic.org/post/bangor-mental-health-provider-details-extent-hackers-data-breach

,

No Comments

Chipotle warns customers about data breach – KMBC.com

Fast food chain Chipotle warned customers on its website on Tuesday that the company experienced a data breach.

“We want to make our customers aware that we recently detected unauthorized activity on the network that supports payment processing for purchases made in our restaurants,” the company said in a statement. “We immediately began an investigation with the help of leading cyber security firms, law enforcement, and our payment processor. We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements.”

The company said its investigation is focusing on credit card transactions at its restaurants from March 24th through April 18th 2017.

“Because our investigation is continuing, complete findings are not available and it is too early to provide further details on the investigation,” Chipotle said in a statement. “We anticipate providing notification to any affected customers as we get further clarity about the specific timeframes and restaurant locations that may have been affected.”

Chipotle said if you see unauthorized charges on your credit card, you should contact the bank that issued your card.

Chipotle initially told investors about the breach during an earnings call on Tuesday.

For news updates on the go, download the KMBC 9 News app

Article source: http://www.kmbc.com/article/chipotle-warns-customers-about-data-breach/9561534

,

No Comments

Chipotle investigating data breach

(WFLA) – Popular Mexican food chain Chipotle is warning customers about a data breach.

The company says it recently found unauthorized activity on a network used for payment processing in its restaurants. Chipotle immediately launched an investigation, and believe it has stopped the unauthorized activity. Additional security measures have also been put in place.

Investigators are focusing on payment card transactions made in restaurants between March 24 and April 18 of this year.

Chipotle says the investigation is still ongoing, but it does plan to notify affected customers.

As a reminder, Chipotle says you should always monitor your payment card statements and contact your bank if you see any suspicious charges.

You can read Chipotle’s full statement here.

STORIES THAT OTHERS ARE CLICKING ON-

MORE TOP STORIES

Article source: http://wfla.com/2017/04/26/chipotle-investigating-security-breach/

,

No Comments

Data Breach at Blowout Cards

Tweet about this on Twitter0Share on Facebook0Share on Google+0Share on Reddit0Pin on Pinterest0Share on StumbleUpon0Email this to someone

Blowout Cards Logo

By Ryan Cracknell | Hobby Editor

Last week, Blowout Cards discovered a data breach in which customers’ personal information was compromised. The online retailer was quick to acknowledge the issue and has taken several steps to help potentially affected customers.

According to a post on the Blowout site and emailed to potentially impacted customers, the security breach occurred on April 20. Following an investigation, a rogue file was found in the site’s code. Through it, the perpetrators were able to access such customer information as names, addresses, full credit card info, debit card details and more.

Those who used Paypal for their purchases had no information compromised and are safe.

Also, information from purchases before 2017 appear to be okay.

Blowout is working with an outside security company to help prevent such an occurrence from happening again.

Their post outlines specifics on what customer can do, such as check recent transaction records for suspicious activity and, for additional safety, to call their credit card companies to request replacement cards be issued.

A similar online security breach was discovered late last year by Topps.

Comments? Questions? Contact Ryan Cracknell on Twitter @tradercracks.

Article source: http://www.beckett.com/news/data-breach-at-blowout-cards/

,

No Comments

Iowa veterans warned of possible data breach – SC Magazine

On April 21, the Iowa Veterans Home (IVH) began notifying thousands of residents, former residents and applicants that their personal information may have been compromised.

How many victims? 2,969

What type of information? The possibly compromised information included, but are not limited to: name, mailing address, phone number, medical information and Social Security number.

What happened? In February, three IVH workers fell for a phishing scam and provided an unknown person with their credentials to enter their three email accounts. IVH believes the issue was found and corrected before anyone entered and removed data from these accounts.

What was the response? IVH worked with the state Office of the Chief Information Officer to recover from the incident and put in place the proper protocols to stop a similar event from happening in the future. Although it does not believe any information was taken, as a cautionary maneuver the facility is notifying all those who might be affected and has set up a toll-free number for people to call, 1-800-645-4591.

Quote: “We cannot determine that any records were actually breached, however, in an overabundance of caution, we are including every possible resident and applicant, estimated at 2, 969.”

Sources: Iowa Veterans Home, KCCI

Article source: https://www.scmagazine.com/iowa-veterans-warned-of-possible-data-breach/article/652340/

,

No Comments

Cloned cards from car wash data breach used at Upstate store, deputies say

SPARTANBURG, SC (WSPA) – Deputies in Spartanburg County have released photos of a man they say may be involved in the data breach at local car washes and was using cloned debit cards at area businesses.

Investigators say the man used a cloned debit card at the Ingles on South Pine Street in Spartanburg.

Whatta Wash Car Wash said in a notice last week that malware was placed on its point-of-sale system and that customers who used a payment card at the business between February 20 and March 2 were warned that their card information may be at risk.

The car wash says they were informed of the breach on March 27.

Whatta Wash Car Wash has Spartanburg locations on Reidville Road and E. Main Street.

Deputies say surveillance photos show the suspect in multiple locations.

Anyone with information is asked to call Inv. Baird at 864-503-4570 or Sgt. Brown at 864-503-4578.

More stories you may like on 7News

Michael McClatchy


A Pickens County deputy has been fired after police in Easley say he harassed his estranged wife and her boyfriend Saturday.



The coroner is responding to a crash on Highway 8 in Anderson County.

Tina Renae Hall


The mother of Jacob Hall, the boy killed in the Townville Elementary School shooting, has been arrested on multiple drug charges in Anderson…

Wesley Charles Malmister (top right) - Tabitha Suzanne Roberts (top right) - Brandon Scott Davis (bottom left) - Randall Matthew Simpson (bottom right)


Justin Williams, 32, and Casey Waddell, 25, were both found dead inside a camper from gunshot wounds.



A Hendersonville man is dead following a head-on crash on Highway 11 in northern Greenville County.

Related Posts


Anderson Co. car break-in ATV theft suspects Pelzer



Article source: http://wspa.com/2017/04/25/cloned-cards-from-car-wash-data-breach-used-at-upstate-store-deputies-say/

,

No Comments

Chipotle warns customers about data breach

Fast food chain Chipotle warned customers on its website on Tuesday that the company experienced a data breach.

“We want to make our customers aware that we recently detected unauthorized activity on the network that supports payment processing for purchases made in our restaurants,” the company said in a statement. “We immediately began an investigation with the help of leading cyber security firms, law enforcement, and our payment processor. We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements.”

The company said its investigation is focusing on credit card transactions at its restaurants from March 24th through April 18th 2017.

“Because our investigation is continuing, complete findings are not available and it is too early to provide further details on the investigation,” Chipotle said in a statement. “We anticipate providing notification to any affected customers as we get further clarity about the specific timeframes and restaurant locations that may have been affected.”

Chipotle said if you see unauthorized charges on your credit card, you should contact the bank that issued your card.

Chipotle initially told investors about the breach during an earnings call on Tuesday.

For news updates on the go, download the KMBC 9 News app

Article source: http://www.kmbc.com/article/chipotle-warns-customers-about-data-breach/9561534

,

No Comments

Chipotle data breach overshadows big earnings beat

<!– –>




Chipotle: Our actions have stopped 'unauthorized activity'


Chipotle Mexican Grill shares rose Tuesday as the company reported better-than-expected earnings, as more customers headed to its restaurants and spent more while they were there.

  • EPS: $1.60, versus $1.27 expected by Thomson Reuters estimates
  • Revenue: $1.07 billion, versus $1.05 billion expected by analysts
  • Sames-store sales grew 17.8 percent, versus expected growth of 14.9 percent, according to Street Account.

Shares of the company rose as much as 6.8 percent after the earnings release, but the gains were erased when the company revealed it had experienced a data breach.

The company posted earnings of $1.60 per share on $1.07 billion in revenue. The burrito chain was expected to earn $1.27 per share on $1.05 billion in revenue, according to Thomson Reuters estimates.

The company’s same-store sales grew 17.8 percent in the first quarter, up from the expected 14.9 percent that analysts had forecasted, according to Street Account.

“This is an indication that Chipotle should be through the worst of the fallout from its food safety issues and can now refocus on expansion,” Simon Negri, partner in the Consumer Products Retail Practice at A.T. Kearney, told CNBC.

The company said that sales were boosted by improved consumer traffic, reduced promotional activity and an increase in average check.

“2017 is off to a strong start, as our restaurant managers and teams are energized by our renewed focus on the customer,” Steve Ells, CEO of Chipotle, said in a statement Tuesday. “By simplifying the focus in our restaurants to only those elements that lead to a great guest experience, our operations have improved every single month, which gives us confidence that we are on our way to achieve our mission to ensure that great food made with whole unprocessed ingredients is accessible to everyone.”

Brian Bittner, an analyst at Oppenheimer, wrote in a research note Monday that the first quarter “represents peak comps,” as same-store sales were down almost 30 percent in the same quarter of 2016.

Chipotle reiterated its full-year 2017 outlook for same-store sales to grow in the high-single digits.

    However, these gains were overshadowed by the company telling investors that it had detected “unauthorized activity” on a network that supports payment processing for purchases made at Chipotle restaurants. The company said that it believes it has taken the proper steps to stop the activity.

    Chipotle said that it is focused on transactions that occurred between March 24, 2017 and April 18, 2017.

    Although the stock pulled back slightly from its post-earnings gains, Bret Kenwell, an analyst at InvestorPlace.com, said that “long-term investors have little reason to bail on the stock.”

    Chipotle’s business should gain momentum throughout 2017, which will boost the stock’s price, Kenwell said.

    “Short-term investors need to be more nimble,” he said. “If momentum continues, the 2016 high near $540 could be in play in the near future.”

    Playing

    Share this video…

    Watch Next…

    Article source: http://www.cnbc.com/2017/04/25/chipotle-mexican-grill-earnings-q1-2017.html

    ,

    No Comments