[BreachExchange] Motives Other Than Profit May Be Behind Recent Data Breaches

Fri Aug 5 14:28:49 EDT 2016

http://www.information-management.com/news/security/
motives-other-than-profit-may-be-behind-recent-data-breaches-10029457-1.html

Those conducting two recent cyberattacks against healthcare provider
organizations didn’t appear to have a profit motive for gaining access to
documents or systems.

Rather, the attempts seem to take advantage of resulting news stories to
draw attention to other issues, or to just prove that access could be
achieved, not necessarily to access and use the stolen data, says Linn
Freedman, a partner and chair of the data privacy and security team at the
law firm of Robinson+Cole.

Central Ohio Urology Group with 29 physicians and physician assistants had
more than 101,000 Word and PDF documents stolen in a recent incursion, and
the Ukrainian hacker displayed some of the patient data on a web site.

The hacker also created a Twitter feed and used it to document alleged
poisoning of Ukrainians in the city of Odessa via viruses “from secret
laboratories” that received help from the U.S. Pentagon. The hacker warned
labs not to participate in such research, according to Databreaches.net,
which received messages from the hacker.

The web site of Central Ohio Urology Group doesn’t mention the breach.
Patients calling the practice receive a recording informing them that the
practice is “currently investigating possible criminal activity” with law
enforcement, and if the incident is determined to be a breach of actual
data, affected patients will be contacted and given more information.

At 16-physician Jefferson Medical Associates in Laurel, Miss., a server
holding “limited” prescription information was accessed by an unauthorized
individual about June 1.

“At this time, investigators do not believe the individual who accessed the
database has used the information acquired,” according to a statement from
the practice. “Instead, it is believed that the individual accessed the
database only to demonstrate his ability to do so. Through JMA’s
investigation, it also has learned that other remote connections were made
to this database from unknown sources at various times between March 25,
2014, and June 1, 2016. JMA has not been able to determine whether any of
these other connections actually resulted in any acquisition, access, use
or disclosure of patient information, but it is possible.”

Consequently, Jefferson Medical Associates is offering one year of
credit/identity protection services from AllClear ID to patients requesting
the service. Notices of the breach have gone out to about 10,400
individuals, a spokesperson said.

These new attacks are reminiscent of the July 2015 cyberattack on Ashley
Madison, a web site for facilitating extramarital affairs and prostitution,
Freedman says.

In that incident, attackers threatened to release client names if the site
was not shut down. But just because an attacker contends that a hack was
done for a specific reason doesn’t mean the claim is believable, she adds.
Consequently, healthcare will continue to be a primary target of hackers
because many provider organizations do not have the resources of those in
other industries to sufficiently harden their information systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160805/dd7a131a/attachment.html>