BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Health data security alliance suffers server breach

From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 31 May 2013 11:28:03 -0500
http://www.fiercehealthit.com/story/health-data-security-alliance-suffers-server-breach/2013-05-30

The Health Information Trust Alliance (HITRUST)--an organization
tasked with promoting data security for health entities--announced
this week that it was the victim of a cyber-attack on one of its web
servers.

Described by HITRUST as a "non-critical, standalone public web server
compromised by an [structured query language] SQL injection that
resulted in some test data being leaked," 111 records were breached.
Information within the records included names, companies, addresses,
phone numbers, email addresses and six encrypted passwords.

HITRUST pointed out that no personal health or sensitive information
was contained on the servers, and that all information compromised was
only available on the one test server.

"It is our mission to protect information and do so in a manner that
is appropriate and practical given the risks," HITRUST officials said
in a statement. "We had not deemed this particular web server and test
data to require higher assurances."

Cyber War News originally reported that the hackers, using the Twitter
handle @TeamBerserk, leaked the server data, which HITRUST later
confirmed was the SQL injection culprit.

The alliance added that it will strengthen the security of its testing
environments and public general information websites to a "higher
assurance level."

"The server in question has been addressed and test information
deleted," HITRUST officials said.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: