[BreachExchange] Insurer Dominion National Reports Server Hack That Began August 2010

Tue Jun 25 03:56:10 EDT 2019

https://healthitsecurity.com/news/insurer-dominion-national-reports-server-hack-that-began-august-2010

Virginia-based Dominion National is notifying patients that their
personal and medical data was potentially breached during a nearly
nine-year hack on its servers. Dominion is an insurer and
administrator of dental and vision benefits and also serves as a
health plan administrator.

Officials received an internal alert about unauthorized access and
launched an investigation. They discovered an unauthorized party
accessed some of Dominion National’s computer servers, beginning as
early as August 25, 2010 – nearly nine years before the investigation
concluded on April 24, 2019.

The notice did not explain what spurred the internal alert, nor when
they first discovered the hack. However, the notice was sent about 60
days after the investigation concluded. It's important to note that
under HIPAA, covered entities are required to report breaches within
60 days of discovery.

Upon discovery, officials said they took steps to quickly clean the
impacted servers and launched a review. Dominion National determined
the hackers were potentially able to access enrollment and demographic
data of current and former members of the insurer’s vision plan, and
data of individuals of dental and vision benefits. The servers also
contained the data of plan producers and health providers.

The compromised data varied by individual, which could include names,
Social Security numbers, taxpayer identification numbers, bank account
and routing numbers, member ID numbers, group numbers, subscriber
numbers, addresses, and email addresses.

According to officials, the insurer has since enhanced its monitoring
and alerting software. Dominion National also reported the security
incident to the FBI. All patients will receive two years of credit and
fraud protection services.

“We recognize the frustration and concern that this news may cause,
and rest assured we are doing everything we can to protect your
information moving forward,” Dominion National President Mike Davis,
said in a statement. “We are committed to making sure you get the
tools and assistance you need to help protect your information.”

The breach has not yet been added to the Department of Health and
Human Services breach reporting tool, so its currently unclear how
many patients were impacted by the security incident. This story will
be updated if more information becomes available.

The healthcare sector continues to be plagued with server-related
breaches. A recent Clearwater report found that the majority of
breaches in 2018 were in some way caused by a server, with about 63
percent of all critical and high risks caused by an inadequately
addressed security flaw in servers.

To better detect unauthorized access, Clearwater researchers
recommended organizations use security controls to automatically
disable or remove dormant accounts, or frequently review user
permissions. Larger organizations, such as insurers, can utilize a log
analyzer to automatically aggregate and analyze activity logs.

“A program with this functionality can more likely readily identify
potential malicious activity caused by multiple system weaknesses,”
the researchers wrote, at the time. “The frequency of such reviews
will be dictated by the number of system users and the frequency of
user turnover. However, for those systems with 100 or more users, user
permission reviews conducted at least quarterly are recommended.”