Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure.
Travel company Booking.com was hacked in January 2019, and PII from 4,000 customers was stolen. Because they missed the GDPR’s 72-hour window for disclosing a breach, Booking.com was fined around half a million dollars.
Though this is due to Europe’s GDPR regulations, HIPAA in the US imposes a similar stipulation with their Breach Notification Rule. It’s important to regularly review your Incident Management and Response policy to make sure you’re staying in line with HIPAA, CCPA, and other states’ data privacy regulations.
The Texas-based ACEP alerted regulators about a breach in one of their SQL databases. This breach was traced back to a server that held the SQL database credentials and had been hit with malware. It was detected upon monitoring a suspicious access to the database, and 70,300 individuals were affected.
Monitoring is crucial in keeping infrastructure secure and containing breaches early on. It’s also important to have robust infrastructure security in layers that only allows authorized servers to access databases.
A group of Windows-based machines were recently targeted by attackers in order to access the Brown University’s network. The attack brought down several internal services, and staff were asked to switch to other non-Windows devices.
Since then, the university has taken down the affected system in order to contain the attack. Having a strong monitoring and reporting system can help detect attacks such as this early on.
The FBI got court approval in April to access vulnerable Microsoft Exchange servers in the US that had been hacked. The FBI notified the companies after they removed remote shells that the hackers (supposedly led by a large Chinese hacking group) used to read or modify emails on an affected system.
The vulnerability was discovered months ago, but many companies remained infected because they hadn’t cleaned up and updated their affected servers.
Using a password manager is a great way to keep track of all your passwords, and to avoid re-using them or storing them in insecure places. But password manager tools can also be hacked. Passwordstate was recently the victim of a supply-chain attack, which was similar to the recently infamous SolarWinds hack. Users downloaded and installed a software update that was infected with malware. All of Passwordstate’s clients were asked to change every password in their vaults immediately, because they may have been exposed to the attack.