A security incident affected more than 100k persons in the Boys Town National Research Hospital on 20 July. The hospital promptly published a “Security Incident Notice” on its website.
According to this statement, the Omaha-based medical organization notices that abnormal behaviors related to employees’ accounts became detected on 23 May.
An investigation was launched and the conclusion shows that someone unknown to the hospital had infiltrated that employee’s account.
They then set about to figure out what types of information that person might have viewed as a result of their unauthorized access.
According to the findings, 105.309 patients and employees were affected by this incident. Violated data include victims’ names, date of birth, Social Security Numbers, treatment information, health insurance items, login credentials and even some financial data.
Rebecca Herold, president of Simbus, said HealthcareInfoSecurity that the great quantity of information potentially stolen in the incident represents a significant threat to all victims, particularly children who were patients at the hospital:
This could ultimately result in incorrect data being incorporated into children’s health files, which could have long-lasting safety and health impacts on these already vulnerable children. Just imagine if someone who committed medical identity theft incorporated incorrect information into the child’s health records, and a child was subsequently given medicine or treatments that could bring them harm, or even result in their death. Misuse of children’s medical data has not only financial impacts, but also very significant social and true life-and-death safety impacts.
The Boys Town National Research Hospital is currently notifying the victims of the incident. Notice that, affected persons should monitoring their accounts for fraudulent transactions and to consider placing a security freeze on their credit reports.
Victims must be aware of potential spear-phishing attacks especially targeted by hackers.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.