Blame as a Service | TechSNAP 213

Posted on: May 7, 2015

Posted in: Featured, TechSNAP, Video

Comment on This Video

Share This Video

Embed This Video

Blame as a Service | TechSNAP 213

Why a stolen healthcare record is harder to track than you might think, Security pros name their must have tools & blame as a service, the new Cybersecurity hot product.

Plus great questions, a huge Round Up & much, much more!

Thanks to:


DigitalOcean

Ting

iXsystems

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Foo

— Show Notes: —

A day in the life of a stolen healthcare record

  • “When your credit card gets stolen because a merchant you did business with got hacked, it’s often quite easy for investigators to figure out which company was victimized. The process of divining the provenance of stolen healthcare records, however, is far trickier because these records typically are processed or handled by a gauntlet of third party firms, most of which have no direct relationship with the patient or customer ultimately harmed by the breach.”
  • “I was reminded of this last month, after receiving a tip from a source at a cyber intelligence firm based in California who asked to remain anonymous. My source had discovered a seller on the darknet marketplace AlphaBay who was posting stolen healthcare data into a subsection of the market called “Random DB ripoffs,”
  • “Eventually, this same fraudster leaked a large text file titled, “Tenet Health Hilton Medical Center,” which contained the name, address, Social Security number and other sensitive information on dozens of physicians across the country.”
  • “Contacted by KrebsOnSecurity, Tenet Health officials said the data was not stolen from its databases, but rather from a company called InCompass Healthcare. Turns out, InCompass disclosed a breach in August 2014, which reportedly occurred after a subcontractor of one of the company’s service providers failed to secure a computer server containing account information. The affected company was 24 ON Physicians, an affiliate of InCompass Healthcare.”
  • “The breach affected approximately 10,000 patients treated at 29 facilities throughout the U.S. and approximately 40 employed physicians,” wrote Rebecca Kirkham, a spokeswoman for InCompass.
  • So who was the subcontractor that leaked the data? According to PHIprivacy.net (and now confirmed by InCompass), the subcontractor responsible was PST Services, a McKesson subsidiary providing medical billing services, which left more than 10,000 patients’ information exposed via Google search for over four months.
  • Think about that for a minute. The information must have just been laying around on their website for it to be able to be found by Google search
  • “Still, not all breaches involving health information are difficult to backtrack to the source. In September 2014, I discovered a fraudster on the now-defunct Evolution Market dark web community who was selling life insurance records for less than $7 apiece. That breach was fairly easily tied back to Torchmark Corp., an insurance holding company based in Texas; the name of the company’s subsidiary was plastered all over stolen records listing applicants’ medical histories.”
  • “Health records are huge targets for fraudsters because they typically contain all of the information thieves would need to conduct mischief in the victim’s name — from fraudulently opening new lines of credit to filing phony tax refund requests with the Internal Revenue Service. Last year, a great many physicians in multiple states came forward to say they’d been apparently targeted by tax refund fraudsters, but could not figure out the source of the leaked data. Chances are, the scammers stole it from hacked medical providers like PST Services and others.”
  • As we have previously discussed, a stolen credit card may be worth a few dollars, even high end corporate cards rarely fetch more than $10 or $15 each. Health care records are worth upwards of $100 each.
  • “Sensitive stolen data posted to cybercrime forums can rapidly spread to miscreants and ne’er-do-wells around the globe. In an experiment conducted earlier this month, security firm Bitglass synthesized 1,568 fake names, Social Security numbers, credit card numbers, addresses and phone numbers that were saved in an Excel spreadsheet. The spreadsheet was then transmitted through the company’s proxy, which automatically watermarked the file. The researchers set it up so that each time the file was opened, the persistent watermark (which Bitglass says survives copy, paste and other file manipulations), “called home” to record view information such as IP address, geographic location and device type.”
  • “The company posted the spreadsheet of manufactured identities anonymously to cyber-crime marketplaces on the Dark Web. The result was that in less than two weeks, the file had traveled to 22 countries on five continents, was accessed more than 1,100 times. “Additionally, time, location, and IP address analysis uncovered a high rate of activity amongst two groups of similar viewers, indicating the possibility of two cyber crime syndicates, one operating within Nigeria and the other in Russia,” the report concluded.“

Security pros name their must have tools

  • Network World asked some “security pros” from around the industry to name their must have tools
  • Lawyers Without Borders uses Intralinks VIA to securely share files
  • Yell.com (a yellow pages site) uses Distil Networks’ bot detection and mitigation service to prevent content theft and avoid excess load from web scraper bots
  • SureScripts.com (online perscription service) uses Invincea FreeSpace Enterprise for endpoint security. “stops advanced end user attacks (spear phishing, drive-by downloads, etc.) via containment, and stops our machines from getting infected
  • a biotechnology company uses EMC Syncplicity to secure and distribute content to mobile devices. “It is an amazing mobile app that offers a great user experience and also offers the security and control we need as a therapeutics company with lots of sensitive information”
  • A private health insurance software application provider uses Forum Sentry API gateway to protect its API from malactors. “Forum Sentry enabled us to securely expose our APIs to our private health insurance funds, third parties and internal clients and has provided a policy-based platform that is easy to maintain and extend – all while reducing development time and resources”
  • Firehouse Subs, a large restaurant chain uses Netsurion’s Managed PCI to manage their Payment Card Industry Data Security Standard compliance. “Netsurion simplifies PCI for myself, and our franchisees, allowing us to maintain focus on other portions of our business”
    • A software vendor that makes heavy uses of Software as a Service (SaaS) relies on Adallom for SaaS to monitor, provides visibility into, and protection of SaaS applications.
    • Iowa Vocational Rehabilitation Services, raved about the configurability and reliability of NCP’s enterprise VPN solution
  • I am sorry, when I started writing this news item for TechSNAP, I thought the list was going to be useful
  • These were not the kinds of tools I was expecting
  • Instead it just shows a random reporter who knows nothing about Cyber Security, asking a bunch of random businesses who know nothing about Cyber Security and just buy magic software and services what they think
  • If your approach to cyber security is: buy some magic software, then you’re in trouble
  • Cyber Security is a mindset, and requires defense in depth. It is about doing as much as can be done, and more importantly, planning for when that turns out to not be enough.
  • What you really need is a cyber security disaster kit, like the one you have in your house in the event of a nature disaster. All of the things you need to survive until the mess is cleaned up.
  • What companies really need, is to do cyber security fire drills, and have better fire alarms
  • Software can’t solve everything, but it can help automate the task of getting the attention of a human at the right time

Intel launches new line of E7 v3 Haswell-EX processors

  • Intel has announced its new E7-8800 and E7-4800 line of processors, featuring:
  • 20% more cores/threads
  • 20% more Last-Level Cache
  • Benchmarks show actual 15-20% gains over the E7-4890 v2
  • Support for DDR3 or DDR4 memory (not at the same time). “Support for the two differing memory types comes by way of Intel’s C112 and C114 scalable memory buffers.”
  • 1.5 TB of ram per socket, quad channel, 102 GB/s memory bandwidth
  • This means a 4 socket motherboard can have 6TB of ram, and an 8 socket board can have 12TB of ram
  • 32 PCI-E 3.0 lanes per socket
  • The highest end versions also feature QPI links at 9.6 GT/s (the previous maximum was 8.0 GT/s)
  • E7-4xxx models are designed for 4 socket motherboards, while the E7-8xxx models are for 8 socket motherboards
  • Models include:
    • E7-4809 v3 – 8x 2.00 GHz + HT, 20MB LLC
    • E7-4820 v3 – 10x 1.90 GHz + HT, 25MB LLC
    • E7-4830 v3 – 12x 2.10 GHz (Turbo: 2.70 GHz) + HT, 30MB LLC
    • E7-4850 v3 – 14x 2.20 GHz (Turbo: 2.80 GHz) + HT, 35MB LLC
    • E7-8860 v3 – 16x 2.20 GHz (Turbo: 3.20 GHz) + HT, 40MB LLC
    • E7-8880 v3 – 18x 2.30 GHz (Turbo: 3.10 GHz) + HT, 45MB LLC
    • E7-8890 v3 – 18x 2.50 GHz (Turbo: 3.30 GHz) + HT, 45MB LLC
    • E7-8891 v3 – 10x 2.80 GHz (Turbo: 3.50 GHz) + HT, 45MB LLC
    • E7-8893 v3 – 4x 3.20 GHz (Turbo: 3.50 GHz) + HT, 45MB LLC
  • “Want!”

Feedback:

Round Up:

Question? Comments? Contact us here!