Data Breaches, Prevent Hacks, Thursday Threats

Healthcare data breach affects 2 million; Malware allows cybercriminals to steal payment card numbers

Threat Blog 6/16

A new study by Surfshark discovered that the average American has been affected by at least seven data breaches since 2004. The IT company added “every U.S. internet user has lost 27 data points on average to online breaches, most of them emails, passwords and usernames,” by far the most out of any country around the world.

While the outcome of this study is ominous, you don’t have to fall into despair when your data is exposed. Taking the proper measures to protect yourself after a data breach requires a proactivity. It also means taking steps before the breach occurs to limit your risk radius.

In this week’s BlackCloak Thursday Threat Update, we explore a healthcare data breach affecting millions of patients, and  malware that allows cybercriminals to steal payment card numbers from one particular browser.

Shields Health Care Group data breach affects two million

What we know: Shields Health Care Group experienced a data breach that has impacted at least two million people. In its data breach notice, Shields said unknown actors accessed its systems from March 7 to March 21, and that compromised data included names, dates of birth, home addresses, Social Security numbers, and an assortment of other patient-related information. Shields added that it has not seen evidence to indicate that any information has been used to commit identity theft or fraud, at least not yet.

Recommendations: If you’re a Shields patient, monitor your account closely for fraudulent activity. If you have received a data breach notification from Shields, or if you want to play it extra safe, you should strongly consider placing a credit freeze and a fraud alert on your accounts. Additionally, you can report any suspected or confirmed incidents of identity theft with the Federal Trade Commission through its designated website.

Malware steals payment card info stored in Chrome

What we know: A form of malware, known as Emotet, has been discovered to steal payment card information stored in the Google Chrome browser. The malware specifically targets the Chrome browser, and can transfer payment card numbers, expiration dates, and names to a malicious server once it compromises the target’s computer.

Recommendations: First, you should never save your payment card information to your browser. While it may seem convenient, you open yourself  up to malware attacks similar to this one. To avoid exposing your payment card information, consider using a virtual payment card instead. Virtual cards come with randomized card numbers and expiration dates, and are the best way to shop without compromising your bank and credit card accounts. Additionally, never click on any links or download any attachments from senders you don’t recognize. This is the primary way you can prevent the malware from infecting your computer in the first place.

Action today can help reduce headaches tomorrow

Do not wait until you receive a data breach notification letter to reduce your level of risk. By practicing proper cyber hygiene, you can keep your sensitive information safe and take quick measures to remedy any data points that may fall into the wrong hands.

To help get started, consult BlackCloak’s previously published materials on how to protect yourself from identity fraud and 5 ways to prevent yourself from being hacked.