Search This Blog

Showing posts with label Third party file. Show all posts

The Medical Review Institute of America Alerts Patients of a Privacy Breach

 

On November 9, 2021, MRIoA discovered that it had been the victim of a sophisticated cyber-attack that affected over 134,000 people, according to a data breach notification filed by the Maine Attorney General's Office. Following the realization of the security incident, the institution set forth to protect and restore the organization's systems and operations. MRIoA also promptly enlisted the assistance of third-party forensic and incident response experts to conduct a thorough investigation into the nature and scope of the problem, as well as sought assistance with remediation efforts. The incident was further reported to the FBI as well. 

According to MRIoA, which discovered the incident on November 12, 2021, the security incident primarily involved the unauthorized gathering of information; MRIoA retrieved and validated the deletion of the received information to the best of its abilities and knowledge on November 16, 2021. 

The HITRUST Common Security Framework (CSF) and associated standards/regulations, such as HIPAA, HITECH, and state data and privacy legislation, are incorporated into MRIoA's privacy and security program, according to the company's conditions. MRIoA enforces tight access controls, including privileged access, file integrity monitoring, input validation, and complete audit logging, and protects data confidentiality by encrypting data at rest with AES-256 and data in transit using TLS1.2. 

"We place a high importance on the security and privacy of the information stored on our systems, and we were astonished and disheartened to learn that we were one of the thousands of victims of this type of cyberattack," MRIoA's CEO, Ron Sullivan said. 

Meanwhile, as iterated below, additional cybersecurity precautions were installed and are being deployed to MRIoA's existing infrastructure to better limit the possibility of this type of event occurring again. 

  • Continuous threat hunting and detection software monitoring of their systems.
  • When attempting to access the systems, add extra multifactor authentication protections.
  • To ensure that all threat remains were eradicated, new servers were constructed from the ground up. Working with outside cybersecurity specialists to help them with their security initiatives.
  • Creating a new and hardened backup environment; enhancing their cybersecurity training for employees.

As MRIoA reviews, rewrites, and amends their existing cybersecurity rules in the wake of the attack, they suggest individuals report any fraudulent conduct to the appropriate law enforcement agencies, such as their state attorney general and the Federal Trade Commission (FTC).
 
Affected individuals are being offered free credit monitoring and identity protection services by the MRIoA. Further, individuals who want to sign up for the free credit monitoring service must do so within 90 days of getting their MRIoA notice letter. 

Threat Actor Targets New Zealand Reserve Bank to Acquire Sensitive Information

 

New Zealand’s Reserve Bank data systems were hacked by an anonymous hacker who potentially secured access to sensitive and personal information. The hacker managed to get his hands on a third-party file sharing service, the one used by Central Bank of New Zealand to share and reserve sensitive information. 

The Reserve Bank of New Zealand based in Wellington, commonly named as Te Putea Matua is accountable for generating monetary policy to stabilize prices in the nation. The Governor of Reserve Bank of New Zealand Adrian Orr assured the public that the data breach has been restrained and the bank’s core functions “remain sound and operational”. 

Threat actors have targeted a number of major organizations in New Zealand in the past year. New Zealand Stock Exchange was one of the prominent victims of the cyber attack and its servers were knocked out for nearly a week in August 2020. In a conversation with Radio New Zealand, Dave Parry the professor of computer science at Auckland University told that there might be a possibility of another government’s influence behind the Reserve Bank data leak. 

Adrian Orr stated that “we are working closely with domestic and international security experts and other relevant authorities as part of our investigation and response to this malicious attack. The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information. The system has been secured and taken offline until we have completed our initial investigations”.

Till further investigations, the Reserve Bank of New Zealand is currently considering alternative techniques to secure data and has taken its systems offline.