Skip to content

Houston’s Memorial Hermann health system breach of all 10,604 patient records

2014 August 30
by Todd Plesco

A clinical employee of Houston Texas Memorial Hermann Health System accessed all 10,604 patients' electronic medical records outside of the employee's normal job duties for over six years from December 2007 to July 2014.  Outside e-Forensic experts were brought in to assess the breadth of the damage while the employee's privileges to the medical record system was disabled.

The data involved in the breach varies from medical records and insurance information all the way to financials such as credit cards or bank account information.  A spokesperson for Memorial Herman emphasizes that they do not believe malice was involved.  As required, the incident has been reported both to U.S. Department of Health and Human Services and the Texas Attorney General's office.  They have also setup a call center through a credit monitoring service.

Extensive Cyber attack on 50 of Norway’s Oil & Energy companies

2014 August 29
by Todd Plesco

Orjan Haraldstveit, head of Norway’s largest oil company Statoil, has confirmed that Nasjonal Sikkerhetsmyndighet, Norway’s National Security Authority (NSM), has warned the oil company of a breach.  Apparently 50 companies in Norway’s oil sector have already been breached and another 250 are at risk.

statoil

Hans Christian Pretorius, director of operations at NSM, told Norwegian newspaper Dagens Naeringsliv:

They (the hackers) have done research beforehand and gone after key functions and key personnel in the various companies. Emails that appear to be legitimate are sent to persons in important roles at the companies with attachments. If the targeted employees open the attachments, a destructive program will be unleashed that checks the target's system for various holes in its security system. If a hole is found, the program will open a communications channel with the hackers and then the "really serious attack programs" can infect the targeted company’s computer system.

The goal is to plant a Trojan or a virus on the machine. The first program just sets up contact. Then the attacker can sit outside and download damaging code.

The attack is apparently a well orchestrated phishing attack on the oil sector to collect passwords via keyloggers on target computers.  NSM is not forthcoming in whom it suspects of perpetrating the cyber attacks but claims to have a strong lead.



List Price: $49.99 USD
New From: $28.79 USD In Stock
Used from: $28.49 USD In Stock

AAFES and Navy joust over VOSB online store credentials

2014 August 25
by Todd Plesco

Thomas C Shull, the CEO of Army and Air Force Exchange Service (AAFES) has presented a business case to the DoD's Executive Resale board this month to allow over 18 million honorably discharged veterans to use military exchange services.  This creates a $100M increase in revenue possibilityfor AAFES and is currently referred to as the Veterans Online shopping Benefit (VOSB.)

Unfortunately, despite the lack of any increase cost to taxpayers, the Navy & Marine Corps exchange's senior policy officials are challenging an on-line availability of the VOSB.

"{Navy Officials}….believe hurdles to implementing online shopping for all veterans will be higher than AAFES predicts, particularly in finding a foolproof way to verify veteran status and the character of their discharges…"

http://militaryadvantage.military.com/2014/08/aafes-makes-business-case-for-all-vets-to-shop-online/

As an information assurance professional, don't you love a challenge?  Why could there not be a simple gateway to include the already used DS Logon to the AAFES online shop? The Department of Defense Self-Service Logon (DS Logon) is a secure, self-service logon credential which allows individuals affiliated with the DoD or VA to access multiple websites using a single username and password.  The vetting process is proven and the security is quite extensive.
 



List Price: $109.00 USD
New From: $66.69 USD In Stock
Used from: $78.07 USD In Stock