Approximately 39,000 patients received letters about the breach in which hackers accessed protected patient information, including demographic information, medical record numbers, insurance information and Social Security numbers. Seton was notified of the breach on Feb. 26.
The privacy and security of patient information is of utmost importance to Seton Family of Hospitals, a division of Seton Healthcare Family (“Seton”), and Seton has implemented significant security measures to protect such information. Regrettably, despite the efforts to safeguard patient information, an email phishing attack has affected Seton’s patients.
Seton experienced an email phishing attack on December 4, 2014, which targeted the user names and passwords of Seton employees. Upon the determination that an email account had been compromised, the user name and password was immediately shut down. Seton launched an investigation into the matter, and the investigation has required electronic and manual review of affected e-mails to determine the scope of the incident. Seton engaged computer forensics experts to assist with the investigation. Through the ongoing investigation of this matter, we determined on February 26, 2015, that the employee e-mail accounts subject to the phishing attempt contained some personal health information for approximately 39,000 patients.
The personal health information in the e-mail accounts included demographic information (i.e., name, address, gender, date of birth, etc.), medical record numbers, insurance information, limited clinical information and, in some cases, Social Security numbers. The hackers did not gain access to individual medical records or billing records.
No one has been the victim of identity theft in the five months since the cyber attack on Sony Pictures Entertainment exposed reams of sensitive data, so a class-action lawsuit should be dismissed, the studio argues in court documents acquired Friday by Mashable.
The Verifone default password is Z66831 and is loaded on all Verifone devices in the field. The purpose of this default password is to simply initiate terminal installation, and it is not intended to serve as a strong security control. The default password made its way over the years into the public domain and can be found on the Internet, along with instructions on programming terminals. The important fact to point out is that even knowing this password, sensitive payment information or PII cannot be captured. To date, Verifone has not witnessed any attacks on the security of its terminals based on default passwords. What the password allows someone to do is to configure some settings on the terminal; all executables have to be file signed, and it is not possible to enter malware just by knowing passwords. While Verifone has not changed the passwords, clients/partners/merchants are always strongly advised to change the “default” password upon terminal installation and set-up. New Verifone products come with a “pre-expired” password, which will require merchants to change the password during installation and set-up.
A single stolen customer record costs probably somewhere between $0.58 and $201. What’s the best model?
A few weeks ago Fortune visited a law firm where one partner lamented the quality of cost estimates for big companies suffering data breaches—a vital consideration for businesses seeking to manage their risk and score reasonably priced insurance policies. (Who and where are unimportant for the purposes of the story.) Prompted by a recent analysis of 10-k filings which concluded that the impact of breaches to corporate bottom lines is trivial, the conversation stirred the lawyer’s excitement—and vexation. There are no good estimates, the lawyer rued.
Critics say the NYPD’s trawling of social media for gang activity – affecting children as young as 10 – is disproportionate and may amount to racial profiling.