This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
Information Security Risk
“A breach of the Unique Identification Authority of India’s Aadhaar biometric system is putting personally identifiable information (PII) of more than 1 billion Indian residents at risk. Attackers created a gateway to the biometric database, in which any Aadhaar user’s ID number can be entered into a portal. Once the number is entered, it will pull up the resident’s name, address, postal code, photo, phone number, and email address. Cyberthieves are selling access to the portal for 500 rupees and are charging an additional 300 rupees for software that allows a victim’s Aadhaar card to be printed, according to the report.”
Insurance + Healthcare
“Healthcare ransomware attacks increased by 89 percent from 2016 to 2017, according to recent research from Cryptonite. Furthermore, one-quarter of all IT/hacking events reported to OCR in 2017 were attributed to ransomware incidents. Gathering data from OCR, Cryptonite also determined that there was an overall drop in compromised records. Researchers explained though that this was likely due to attackers going after a wider array of healthcare organizations.”
Legal, Litigation, + Regulatory Risk
“Two Democratic senators introduced a bill that would provide the Federal Trade Commission (FTC) with punitive powers over the credit reporting industry for poor cybersecurity practices. The bill is in response to a huge breach disclosed in September 2017. If the bill succeeds, it will become the Data Breach Prevention and Compensation Act of 2018. It will create an Office of Cybersecurity at the FTC, “headed”, says the bill (PDF), “by a Director, who shall be a career appointee.” This Office would be responsible for ensuring that the CRAs conform to the requirements of the legislation, and would have the power to establish new security standards going forwards. The punitive power of the Act comes in the level of the potential fines, beginning with a base penalty of $100 for each consumer who had one piece of personal identifying information (PII) compromised and another $50 for each additional PII compromised per consumer.”