Another week, another long list of companies dealing with attacks on their IT security. This week, the victims include several healthcare companies and a nuclear power plant. Here are the mistakes and unfortunate circumstances you can learn from to protect yourself:
Thieves Pulling Teeth at Advantage Dental
An Oregon-based dental service provider, Advantage Dental, faced a major breach of their systems which compromised the personal data of over 150,000 patients. Patients of the dental company – even those that hadn’t been a patient for up to 10 years – were notified that their personal patient protected health information was illegally accessed. This information included name, date of birth, phone number, SSN and home address.
The company was first alerted of the breach by their internal intrusion detection system. Unlike many companies who may go weeks or months unknowingly infiltrated, Advantage can narrow down their potential breach time to a 3 day window. Advantage notified their customers and is offering two years of free credit monitoring through Experian for anyone affected.
Hackers Go Nuclear on Korea Hydro
Investigators in South Korea are looking into the breach of Korea Hydro, the operator of the country’s 23 nuclear reactors. Before you get too concerned, at this point the nuclear-plant management has not been compromised. You should still be concerned about the fact that hackers performed targeted “spear-phishing” attacks and other cyber tactics to gain access to internal information. In December, a Twitter account posted links to Korea Hydro’s internal-data archives and threatened further leaks if demands weren’t met.
In their official statement, South Korea blamed North Korea for the cyber-attack. According to officials the intrusions were traced back to internet addresses registered in North Korea. Also, the virus used in the attack, “kimsuky”, was identified as being of North Korean origin. The last major hack to be attributed to North Korea was the massive Sony breach in November, which North Korea also denied.
No Pay Day for Benecard
Another company in the healthcare industry was hit recently as well. Benecard Prescription Benefit Facilitator confirmed that a data breach to their payroll system compromised the records of current and former employees. The breach was first discovered when several employees went to file their tax returns only to find out that someone had already filed in their names using their W-2s. This is unfortunately one of the most common ways people discover their identity has been stolen. Many of the individuals whose identities have been stolen are involved in a class action lawsuit against Benecard for not notifying them soon enough about the potential breach.
The company has notified law enforcement and is working with an outside firm to perform an internal investigation. Unfortunately, Benecard does not have much more information about how the breach occurred. According to their statement, “Whether the payroll information was compromised against Benecard or at a source outside of our control, in an overabundance of caution, we are doing everything we can to aid our employees who have been affected.”
Read our last breach report about the cyber attacks at Rogers Communications, NEXTEP, and Mandarin Oriental.