Although 2017 has not yet hit the halfway mark, there has been headline after headline about jaw-dropping data breaches. In many cases, businesses had their reputations ruined and suffered huge financial losses as they tried to recover from the public relations nightmare. Here is a sampling of the worst 2017 data breaches so far and what we can learn from them.
National Health Service
The United Kingdom’s public health system was brought to its knees on May 12 when the WannaCry ransomware penetrated thousands of its computers at 16 of its countrywide facilities. Patient data was kept hostage and many hospitals were only accepting emergent cases. Imaging studies and non-emergent surgeries were halted as hackers locked out the National Health Service. Since the cause of the hack was a vulnerability found on older Microsoft operating systems, there’s been a call for large federal organizations to update networks with the required firewalls and patches in place.
Bronx Lebanon Hospital Center
Any type of data breach at a medical facility is a cause for alarm. There’s a patient expectation that your health records are under lock and key. Not to mention all the HIPAA privacy laws related to the protection of medical data. On May 10, the Bronx Lebanon Hospital Center admitted that upwards of 7,000 patients who visited the facility between 2014 and 2017 had their records compromised. Details from the leaks included mental health histories, drug addiction records, HIV diagnoses, and reports of sexual assaults. The cause of the breach: an improperly configured server on the backup network.
Zest Dental Solutions
Although medical information should never be compromised, neither should your financial details. Hackers are eager to gain access to your credit card details and rack up astronomical charges. On February 16, Zest Dental Solutions confirmed a breach of their e-commerce site with hackers able to view credit card information. Anyone who made a purchase on the site between December 2013 and September 2014 and November 2016 and February 2017 is affected by the breach. In response, Zest Dental Solutions tightened security on their e-commerce site and started using an alternative credit card processing system.
After a thorough investigation, Harris Gastroenterology announced on March 17 that their patient records had been breached and an astounding 93,000 records were potentially made vulnerable. Within the records, there were patient contact details, social security numbers, medical information and insurance data. The group promised to take stringent measures to prevent unauthorized access again in the future.
InterContinental Hotels Group
In February when InterContinental Hotels Group first announced a data breach, it was believed to only affect 12 of its thousands of properties. A couple months later that number jumped to 1,200. Properties managed by the branch include the Holiday Inn and Crowne Plaza chains. Front desk computers were affected with malware and credit card details accessed. Credit card transactions between September 29, 2016 and December 29, 2016 were vulnerable to the attack. The malware installed unknowingly had the capacity to read data stored in a credit card’s magnetic strip.
In April, the IRS had to grudgingly admit that potentially over 100,000 people had their information stolen. Cybercriminals were able to use the IRS Data Retrieval Tool to unlawfully collect personal details. Due to the breach, the IRS currently estimates over 8,000 fraudulent returns were accepted with refunds topping $30 million sent out. To prevent future breaches, the IRS has removed the Data Retrieval tool indefinitely from the FAFSA.