Another victim in medical billing recovery firm breach, healthcare industry attacks increasing, and look up and smile.
Welcome to Cyber Security Today. It’s Friday June 7th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
The fallout continues from the data breach at American Medical Collection Agency, also known as AMCA. It’s a company that specializes in collecting medical-related bills owed to doctors, hospitals, labs and others. So far three companies that deal with AMCA have been notified they may be affected. The news site Bleeping Computer says the latest is BioReference Laboratories, which says personal information including credit card data and dates of birth of over 422,000 people was accessed between March of this year and last August. The other companies who say their customer data was hacked were the labs Quest Diagnostics and Laboratory Corporation of America. It isn’t clear how many people from all three companies were affected, with some news reports putting it at over 19 million people. AMCA has issued statements suggesting the number is lower.
News of the attack on AMCA coincides with a report from security vendor Carbon Black suggesting the healthcare industry is increasingly being targeted by hackers. One reason is medical and related information is valuable. So infecting hospitals with ransomware and demanding money or data will be destroyed is a common tactic. Two-thirds of the healthcare organizations that responded to a survey said they were targeted by ransomware in the past year. Not only can thieves get patient data from healthcare firms, they can also get documents needed to pose as doctors. These are being sold on underground online markets for $800.
Unless you have an uncensored copy of the Mueller report into Russian interference in the 2016 U.S. election, you don’t have the full picture of what happened. However, you can read for free a report issued this week from security vendor Symantec, which analyzed the 3,836 Twitter accounts set up by the Russian-based Internet Research Agency and the nearly 10 million tweets that resulted. The Twitter propaganda campaign — just part of the social media effort — was planned months in advance and the operators had the resources to create and manage a vast disinformation network. It makes interesting reading. I have a link to the report here.
Users and administrators of Microsoft’s Office365 subscriber-based suite of products may not be happy with the amount of spam the email system allows. One option is to bypass the spam filter. Don’t, says Microsoft in a warning issued this week. It may make things worse. Instead, if you have a problem report it to Microsoft and it will look into adjusting the filter. You can also check this notice.
Finally, those who worry about drones looking down and affecting your privacy have another airborne vehicle to think about: High altitude surveillance balloons. A U.S. company called World View seems a step closer to commercializing its Stratolite balloon that recently stayed aloft for 16 days drifting over the Western U.S. These balloons would be hovering about 10 miles above you, but the company says they can carry high resolution cameras. Potential customers are mines and pipelines, which need to watch property for safety problems. But Bloomberg News says the resolution would be good enough to read licence plates. What worries some privacy experts is World View believes its technology drives down the cost of aerial surveillance.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon