At a glance.
- US Justice Department operation shuts down dark web marketplace.
- Two million patients impacted in healthcare breach.
- Hacker infiltrates Prothena employee email account.
- Pennsylvania’s proposed incident reporting bill.
US Justice Department operation shuts down dark web marketplace.
A press release issued yesterday from the US Department of Justice (DoJ) confirmed the seizure of SSNDOB Marketplace, a series of underground websites where cybercriminals bought and sold the personal data of approximately 24 million individuals in the US. The marketplace shutdown was a collaborative effort from the DoJ, the Internal Revenue Service, and the Federal Bureau of Investigation in coordination with law enforcement agencies in Cyprus and Latvia. SSNDOB peddled private data including names, dates of birth, and Social Security numbers, as well as email addresses, passwords, and credit card numbers, according to blockchain analysis firm Chainalysis. Marketplace operators advertised the site’s services on dark web forums, using servers in various countries and conducting payments in cryptocurrency in order to conceal their identities. The Record by Recorded Future reports SSNDOB received nearly $22 million in Bitcoin over 100,000 transactions since 2015. “Taking down the SSNDOB website disrupted ID theft criminals and helped millions of Americans whose personal information was compromised,” said FBI Special Agent in Charge Darrell Waldon.
Two million patients impacted in healthcare breach.
US healthcare organization Shields Health Care Group has disclosed a cyberattack that exposed the data of two million individuals. Shields, based in Massachusetts, provides MRI, radiology, and ambulance services to over fifty medical facilities across the state. The company’s IT team says it first discovered the breach on March 28, and an investigation revealed that unauthorized parties were present in the organization’s systems from March 7 to March 21. The compromised data include patient names, Social Security numbers, dates of birth, home addresses, medical record details, billing information, and insurance numbers and information. “Upon discovery, we took steps to secure our systems, including rebuilding certain systems, and conducted a thorough investigation to confirm the nature and scope of the activity and to determine who may be affected,” Shields stated. The Record by Recorded Future notes that the incident has been reported to the US Department of Health and Human Services Office for Civil Rights as well as federal law enforcement agencies and state regulators.
Erich Kron, security awareness advocate at KnowBe4, commented on the implications of the incident for organizations that collect a great deal of personal data:
“Medical facilities continue to be a hot target for cybercriminals as the same information collected by medical facilities can also be used to steal identities, making the information very valuable.
"In this case, although admittedly sensitive information was stolen from their system for up to two million patients, and although security events were triggered during the time the cybercriminals had access, the healthcare group is offering no credit monitoring services. Instead, they are instructing the victims on steps they should take to protect themselves after having their data exposed. Unfortunately, this is a case of shifting the onus of protection to the victim, a trend we will hopefully avoid in the future.
"Organizations that process and store sensitive information about customers or patients should ensure they have strong Data Loss Prevention (DLP) controls in place and that security alerts are investigated fully. In addition, because many network intrusions begin with a phishing email, employees should be educated on spotting and reporting these attacks.”
Hacker infiltrates Prothena employee email account.
Irish pharmaceutical company Prothena Corporation, PLC suffered a data breach after a hacker gained unauthorized access to an employee's email account over the course of four months from December 2021 to April 2022. Prothena’s investigation revealed that the intrusion was likely an attempt to commit wire fraud against the company. Though the attempt was unsuccessful, the intruder gained access to files containing sensitive customer data including names, addresses, and Social Security or tax identification numbers. JDSupra adds that it is unclear how the hacker gained access to the email account. Prothena, which develops new therapies to treat rare peripheral amyloid and neurodegenerative diseases, filed official notice of the breach and sent out data breach letters to all affected parties on June 2.
Pennsylvania’s proposed incident reporting bill.
ABC27 reports that lawmakers in the US state of Pennsylvania are considering an incident disclosure requirement for data breaches occurring within state government. Senator Kristin Phillips, who is also chairperson of the Senate technology committee, held a hearing yesterday to review the proposal, emphasizing the need for government agencies who fall victim to breaches to report them in a timely fashion. “Citizens are tired of data breaches. They don’t trust us. They don’t trust giving out their information. So we need to do everything we can to protect citizens from data breaches,” Phillips stated. The bill is currently working its way through the state legislature.