NEWS THIS WEEK: Is cyber insurance too pricey?; IBM, Cisco are models for sharing intelligence; Hillary ties Donald to Russian election interference

By Byron V. Acohido

In the news this week, Chipotle customers nationwide might have had their credit card information stolen as part of a recent hack, the company said. The company’s investigation revealed that hackers used malware created with the intent to gain access to customer card info at various Chipotle locations from March 24 through April 18. The software specifically searched for “track data,” which can include a customer’s name, card number, expiration date and the internal verification code. It gained the information by reading each card’s magnetic strip. Chipotle said that “there is no indication that other customer information was affected.” A complete list of Chipotle locations that the hack affected can be viewed in the online database, which includes the times and locations of suspected incidents. Source: WTVJ, Miami

National Medicaid insurer Molina closes online portal amid breach fears

Molina Healthcare, a major insurer in Medicaid and state exchanges across the country, shut down its online patient portal as it investigates a potential data breach that may have exposed sensitive medical information. The company said that it closed the online portal for medical claims and other customer information while it examined a “security vulnerability.” It’s not clear how many patient records might have been exposed and for how long. The company has more than 4.8 million customers in 12 states and Puerto Rico. Source: The Long Beach, Calif., Press Telegram

Safer Medicare cards on the way starting next year

The government is on track to meet a 2019 deadline for replacing Social Security numbers on Medicare cards with randomly generated digits and letters to protect seniors against identity theft. Beneficiaries and their families should start seeing changes next April when the agency will mail new cards to more than 57 million elderly and disabled beneficiaries. Source: The Associated Press via WMAR, Baltimore

University of Alaska gets a hard lesson in phishing risks

Approximately 25,000 students, staff and faculty members associated with the University of Alaska were affected following a phishing scam and subsequent data breach late last year. The university sent letters to those people who had their names and accompanying Social Security numbers exposed to “an individual or individuals unknown to [the university]” due to an email scam. Source: KTUU, Anchorage

Price concerns prevent some businesses from buying cyber insurance

A full 50 percent of U.S. firms do not have cyber risk insurance and 27 percent of U.S. executives say their firms have no plans to take out cyber insurance, even though 61 percent of them expect cyber breaches to increase in the next year, according to a survey by research firm Ovum for FICO. Among those that have insurance, only 16 percent said they have cybersecurity insurance that covers all risks. Mistrust about pricing is one reason some firms aren’t buying. Source: Insurance Journal

China cybersecurity law proves worrisome to some nations

China’s top cyber authority said it is not targeting foreign firms with a controversial national cyber law that took effect this week. More than 50 overseas companies and business groups have lobbied against the law, which includes stringent data storage and surveillance requirements. Source: Reuters via Insurance Journal

IBM, Cisco to work closely on security, share intelligence

IBM and Cisco announced an agreement that will see the two tech giants collaborate more closely on security threat intelligence, products and services. The companies will share threat intelligence and work on product integration. Source: eWeek

Clinton says Trump might have had a hand in Russian cyber attacks

Hillary Clinton went a step further Wednesday in blaming her election loss to Donald Trump on cyber attacks by Russia, saying Americans including associates of the Republican president, and even Trump himself, likely had a hand in the effort. The Democratic nominee spoke of “disinformation” against her that she said was led by Moscow and influenced the outcome of the campaign. Source: Times of Israel

Medical employee pleads guilty to selling patients’ information

A medical employee in North Carolina pleaded guilty to providing the personal information of more than 150 patients to a co-conspirator, who used the information to make fraudulent purchases and obtain fake driver’s licenses. Christopher Roach, who was previously sentenced, paid Keniona Thomas $10 per patient, court documents say, before opening new credit accounts to defraud victims and banks of at least $97,000. Thomas faces up to 15 years in prison. Source: WBTV, Charlotte, N.C.

Britain’s sub fleet might be at risk from cyber attackers

The U.K.’s Trident submarine fleet is vulnerable to a “catastrophic” cyber attack that could render Britain’s nuclear weapons useless, according to “Hacking UK Trident: A Growing Threat,” a report that warns that a successful cyber attack could “neutralize operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly).” Source: The Guardian

Health company to improve training after worker accesses patient data

Trios Health is stepping up privacy training for staff, updating policies and procedures, and installing additional security software after a large-scale electronic health records breach. A Trios employee improperly accessing the electronic health records of about 570 patients from October 2013 through March 2017. The employee could have seen demographic information such as the patient addresses, phone numbers, driver’s license numbers and Social Security numbers, as well as limited medical information. Source: The Kennewick, Wash., Tri-City Herald

Plastic surgery clinic hacked, patient photos, information exposed

Personal data, including nude photographs, were made public in Lithuania by a hacking group that broke into the servers of a chain of Lithuanian plastic surgery clinics and targeted high-profile clientele. Police said victims of the hack received text messages demanding they pay a ransom equivalent of $2,238 for the safety of their data. In addition to photos, other data collected in the hack included copies of their passports and other forms of personal identification. Source: Vocativ

This article originally appeared on

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone