The biggest news in security this week is surprisingly several years old. Recently, the stolen login credentials and passwords for 360 million Myspace users, 65 million Tumblr users, and 40 million Fling users has been put up for sale on the dark web by a hacker named “Peace”, the same individual who is selling 167 million LinkedIn users’ data, according to Fortune.
Consumers understand that they are the ultimate victims of security breaches. Although it was a company or organization that was hacked, consumers often pay the final price. It is usually their private information that falls into the hands of hackers. Whether it’s payment information, social security numbers, addresses, or medical data, consumers are fully aware of the devastating effects of a company’s data breach.
FireEye Security firm released a new report in which they studied the devastating effects of security breaches on customer trust. We recently wrote a blog about their findings and the following infographic summarizes the results of our blog:
Nearly all healthcare organizations use mobile devices such as phones, laptops, and tablets in their practice. While mobile devices can increase efficiency and help you better serve patients, they also open your practice up to some serious vulnerabilities. If these devices aren’t properly secured, patched, and updated, private patient information could be put at risk. Unsecure devices also mean that you are not HIPAA compliant, which can lead to hefty fines if you are audited.
We all know the story: hospital gets hacked, their files are encrypted, they must pay a ransom to get the files back, so they pay the ransom, and everything turns out alright (except for the loss of thousands of dollars). Well, everything didn’t turn out alright for one hospital in Wichita, Kansas. Despite paying the required ransom, the hackers did not decrypt Kansas Heart Hospital’s files. Instead, they only got partial access to files and the hackers asked for more money, according to Extreme Tech.
2016 has already been called “The Year of Ransomware” by many IT security professionals. The FBI’s Internet Crime Complaint Center has released their annual survey of cybercrime. They found that the 2,453 ransomware complaints they received last year cost individuals and businesses $1.6 million - and this is only reported instances. Thousands of ransomware attacks go unreported each year.
We’ve all heard of tech support scammers who pretend to be from Microsoft or Dell. They call unsuspecting PC users and trick them into giving up payment information or installing malware on their device. Now, the scammers have come up with a brand new way to trick users: by using screen lockers that display fake Windows alerts telling users that their copy of Windows is corrupted or expired.
The number of data breaches in the financial, credit, and banking industries nearly doubled from 2014 to 2015, according to Identity Theft Resource Center’s 2015 Breach List. Despite this massive increase, most financial firms have been found to be overconfident in their ability to detect and stop data breaches.
Last week, we reported the results of a new study by the Ponemon Institute. In their 6th annual study, they concluded that almost all healthcare organization have had data stolen in one form or another. Many healthcare organizations have been breached multiple times, leaving their patients open to medical identity theft. While criminal attacks are the leading cause of data breaches in the healthcare industry, employee negligence remains a common occurrence. The healthcare industry is in dire need of IT solutions that protect their data from the prying eyes of criminal hackers.
In 2012, 6.5 million login credentials were stolen for LinkedIn accounts and leaked online. However, the data breach was found to be much worse than originally thought when a hacker named “Peace” decided to sell the credentials of 117 million LinkedIn users for $2,200 on the dark web. Peace told tech site Motherboard that the credentials were stolen during the 2012 breach.
All businesses - large and small - need a firewall to protect their internal network from outside threats. These threats could include malware, viruses, or criminal hackers. While antivirus software is also important to have, it is not enough. Antivirus takes care of threats that are already in the system, while firewalls stop threats from getting in at all (both security measures are important to implement). A firewall is known as a perimeter defense, kind of like the walled fortress of a castle. It can be breached but it makes it much more difficult for the enemy. However, no wall means the enemy can walk right up to your front door.