CyberInsecure.com

Archive for the ‘Offline’ Category

The University of Utah Hospitals & Clinics announced today about the recent theft of billing records. A metal box containing backup tapes, which contained billing records for approximately 2.2 million patients and guarantors, was stolen on Monday, June 2, from a car belonging to a driver who worked for an independent storage company contracted by the health-care system.

The driver discovered that someone had broken into his Ford Explorer outside his Kearns home and taken the box. The driver, who worked for Perpetual Storage Inc. for 18 years, was fired due to violation of protocols his company established to ensure secure data transportation. The company contracted by the university to transport and store the tapes, Perpetual Storage Inc., said this is the first and only such incident in its 40-year history.

The Salt Lake County Sheriff’s Department, the FBI and the U.S. Postal Service are investigating the theft. The investigation indicates that the theft was probably a random car burglary, and there is no evidence that the information on the tapes has been accessed or used for identity theft. The billing records included patient names, related demographic information and diagnostic codes.  None of the records contained credit card information. Records for a subset of 1.3 million patients also contained Social Security numbers.

The University of Utah Hospitals & Clinics has suspended deliveries of backup tapes to Perpetual Storage pending the review of all procedures and protocols for transporting and storing backup data. Additionally, the health-care system mailed notification letters to all 2.2 million patients and guarantors. Free credit monitoring and restoration service to be provided to patients whose records included Social Security numbers. Toll-free information line number for questions is 1-866-581-3599

The University of Utah Hospitals & Clinics is offering a $1,000 reward for the return of the tapes, no questions asked.  Those wishing to claim the reward may call the Sheriff’s Department at (801) 743-7000.

More information and resources can be found at http://healthcare.utah.edu/billingrecordstheft.

A server problem at the U.S. National Security Agency (NSA) has knocked the secretive intelligence agency off the Internet. The website nsa.gov was unreachable because of a problem with the NSA’s DNS servers which are used to translate things like the Web addresses typed into machine-readable IP addresses that computers use to find each other on the Internet. The website was unresponsive at 10 a.m. EDT Thursday and continued to be unavailable throughout the day for Internet users. The agency’s two authoritative DNS servers were unreachable also this morning.

Because this DNS information is sometimes cached by Internet service providers, the NSA would still be temporarily reachable by some users, but unless the problem is fixed, NSA servers will be knocked completely offline. That means that e-mail sent to the agency will not be delivered, and in some cases, e-mail being sent by the NSA would not get through.

It seems NSA has made some basic security mistakes with its DNS servers. The NSA should have hosted its two authoritative DNS servers on different machines, so that if a technical glitch knocked one of the servers offline, the other would still be reachable. Compounding the problem is the fact that the DNS servers are hosted on a machine that is also being used as a Web server for the NSA’s National Computer Security Center.

The NSA is responsible for analysis of foreign communications, but it is also charged with helping protect the U.S. government against cyberattacks, so the outage is an embarrassment for the agency. If there was some Apache or Windows vulnerability and hackers controlled that server, they would also owned the DNS server for nsa.gov.

According to an NSA spokeswoman, they are aware of the situation and the techs are working on it.

Two independent research teams have demonstrated hacks of the Mifare Classic RFID chip algorithm. The technology is used by transit operators in London, Boston, and the Netherlands. It is also used in access cards in numerous other organizations around the world. Dutch government has already issued a public warning about the security of access keys based on it. The minister of interior affairs, in a letter to parliament, wrote that there are plans for government institutions to take additional security measures to safeguard security.

NXP developed the Mifare Classic RFID (radio frequency identification) chip, which is used in 2 million Dutch building access passes. One billion passes with the technology have been distributed worldwide, making the security risk a global problem and it had not yet notified other countries.

The manufacturer, NXP Semiconductors, has quickly announced that there is a new version of the Mifare chip called the Mifare Plus with enhanced security 128-bit encryption over the original 48-bit. The strange thing about this is why wasn’t the Mifare Plus introduced earlier? It is unknown how much this enhanced card will eventually cost, but reports say that the original Mifare Classic sold for less than a single dollar. Hence, the low cost of the Mifare Classic might have been a factor here.

German researchers Karsten Nohl and Henryk Plötz have published a paper on how to crack the chip’s encryption and Bart Jacobs, an information security professor, have released the video which can be seen here. The video demonstrates how cryptography could be retrieved from readers attached to access control infrastructure or even sniffed simply by walking pass a Mifare RFID card holder. Duplicate cards are then cloned to gain unauthorized entry. What is really scary is the ease with which the attacks are successfully executed.

Thousands of sensitive medical documents fell out of a truck bed and ended up scattered across the road for just about anyone to see and take. Patient records belonged to LabCorp (Laboratory Corporation of America), one of the world’s largest companies that analyzes blood work, and included medical records, lab results, and possibly billing information.

A spokesperson said a courier left the tailgate of his truck open and several boxes slid out, smashing onto Fredericksburg Road. LabCorp believes the information that scattered all over the road was old documents from 1993 and later and possibly billing information which wouldn’t include people’s Social Security numbers.

It is unclear what kind of sensitive information LabCorp collects and stores and so far LabCorp did not notify the people that were affected. LabCorp responded very quickly to the site of the incident with employees “picking up these documents in between cars, in the bushes, on their hands and knees and all of this was happening while SAPD was detouring traffic.” In an August, 2006 accident LabCorp facility break-in exposed patient data (a computer with sensitive personal information was stolen from its Prospect Plains Road sample-collection center in Monroe Township, NJ), so LabCorp (and probably their patients) are used to such incidents.