[Security Weekly] Broward Health Data Breach Impacts 1.3 Million Patients

broward health data breach

January 2022, Issue I


1. Broward Health hospital network suffers data breach impacting 1.3 million patients

Broward Health, a Florida hospital network with over 30 locations and 60,000 annual admissions, suffered a cyberattack that led to the compromise of highly sensitive personal data belonging to 1.3 million patients and employees.

Compromised data included names, dates of birth, addresses, phone numbers, email addresses, Social Security Numbers, driver’s licence numbers, bank and insurance account information, as well as medical history.

The attacker gained unauthorized access to Broward Heath’s corporate network on October 15 by exploiting a third-party medical provider. The provider had permission to Broward Health’s network as it needed it to provide services.

Given the sheer scale of the exposed data, victims could be at risk of medical identity thefts, which is when fraudsters use the victims’ identities to receive medical treatments billed on their insurance. As a result, Broward Health is offering all victims two years of identity theft protection service.

Sources: ZDNet, Bleeping Computer


2. Belgian Ministry of Defence suffers cyberattack due to Log4j vulnerability

A week after the initial disclosure of the Log4j vulnerability, Belgium’s Ministry of Defence reportedly suffered a cyberattack where hackers exploited the vulnerability.

In a statement released on December 21, the Ministry confirmed that it detected intrusion on its network on December 16, which later paralyzed many activities and online services that took days to restore. For many days, it struggled to keep the network operational and continuously monitored for any additional threats.

The Ministry believed that the hackers exploited the Log4j vulnerability to gain access to its network. However, it remains unknown who the attackers were.

Sources: Infosecurity, The Strait Times, The Hill


3. T-Mobile suffers second data breach in four months

Multinational mobile service provider T-Mobile suffered yet another data breach caused by a series of SIM swap attacks. Officially confirmed on December 29, 2021, the incident occurred only four months after a previous data breach impacting 50 million customers back in August.

Fortunately, the latest incident had a much smaller impact. T-Mobile said that a “very small number of customers” fell victim to SIM swap attacks. The impacted customers had their customer proprietary network information (CPNI) accessed, which contained call history that includes time, number, and duration. T-Mobile did not disclose the exact number of victims or the attack method.

In a SIM swap attack, the attacker illegally transfers a victim’s phone number to their own SIM card. This allows the attacker to use the phone number to bypass multi-factor authentications (MFA) based on SMS, such as mobile OTP, potentially intruding on a wide range of online accounts. Impacted customers are advised to change all their online account credentials that are related to the compromised phone number.

Sources: CNET, The Verge


4. Photography giant Shutterfly hit by Conti ransomware

US-based digital photography company Shutterfly reported a ransomware attack incident that took place in mid-December of 2021. Initiated by the Conti ransomware group, the attackers encrypted over 4,000 devices and 120 VMware ESXi servers after stealing sensitive corporate data. 

Shutterfly operates a number of websites offering a wide range of photography-related services, including Shutterfly, BorrowLenses, Lifetouch, Snapfish, and Groovebook. The attack disrupted services provided by BorrowLenses and Groovebook, as well as their internal IT systems.

The Conti ransomware gang uploaded screenshots of the stolen files on its leak site, as discovered by sources at Bleeping Computer. The compromised data mostly consisted of corporate files, including legal documents, bank information, and login credentials to internal services. A ransom in the millions was said to be demanded.

Sources: Bleeping Computer, CyberScoop


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security