Security Round Up: T-Mobile, Hospital Downtime & Lost Police Records

There have been several new data breaches, exposures and other issues affecting both businesses and individuals the last few weeks. This post discusses several of these issues, what we know about what happened, and what you need to know to protect yourself.

This post discusses a T-Mobile data breach, how ransomware caused a hospital to cancel important procedures, and how a data migration caused the loss of 8TB of police records centered on criminal investigations.

T-Mobile recently suffered a data breach that may impact 30 million users.

Security Round Up: T-Mobile, Hospital Downtime & Lost Police Records

Below are specific details about recent security incidents and what you can do to protect yourself. A breach of personally identifiable information typically happens in one of two ways:

  1. Through the victim directly - when someone gains access to an account because of a poorly chosen password, reused account credentials, notes in plain site with credentials, shared passwords, or other such instances, OR
  2. Indirectly through an outside source the victim does business with - where a breach can happen through no fault of their own as they have no control over the security measures in place or lack thereof.

The examples below are all indirect breaches, but it is always good to be aware of data breaches that occur within companies you do business with.

T-Mobile data breach

You may remember we discussed a T-Mobile breach earlier this year in another security round up. Unfortunately, T-Mobile has suffered another data breach and are currently looking into what happened. Unfortunately, this breach purportedly included personally identifiable information of 30 million people offered for sale. Information suspected to be part of this breach includes user's social security and driver's license numbers though this has not yet been confirmed by T-Mobile. Luckily, T-Mobile has stated that the way hackers gained unauthorized access has since been closed.

UPDATE: T-Mobile has since confirmed attackers accessed personal information from 54 million people, a little less than eight million are current customers while the remainder are former and prospective customers.

The takeaway: If you are or have been a T-Mobile customer, some of your personal data might be at risk. T-Mobile is conducting an internal investigation in cooperation with law enforcement about this breach. Once the results of the investigation are determined, it is likely any individual whose data was put at risk will be given access to free credit reporting or some other compensation as is common with these sorts of data breaches.

Update: T-Mobile has stated they will provide a 2-year subscription for identity protection services to those people put at risk.

In the meantime, keep a close look on any accounts and credit cards associated with them. Also, change any account credentials associated with a T-Mobile account. If you reused those credentials with any other business or online account, be sure to update those as well, preferably to something that is unique. This is the risk of reusing credentials - once one place exposes the credentials, hackers or anyone who gets ahold of the data, can then try those credentials elsewhere hoping to gain access to additional accounts.

Hospital ransomware attack

Three hospitals owned by Memorial Health System were hit with a ransomware attack and were forced to cancel surgeries and redirect emergency patients to other hospitals as a result. While the hospitals are still open, the attack caused the hospitals to operate under electronic health record (EHR) downtime procedures.

At this point, the three affected hospitals - Marietta Memorial, Selby General and Sistersville General in West Virginia and Ohio, are still dealing with the ransomware attack. There has been no report of patient data being breached due to the ransomware attack, but it is still too early to know what systems and information were affected or put at risk.

The takeaway if you are a patient of any of the three hospitals: Be on the lookout for updates about the status of this attack. At some point there should be updates to all patients about the attack and if any of your personal information was breached. Also, if you have a digital account with them be sure to change the credentials there, as well as with any other online accounts if you reused the same credentials, in the event that user account credentials were leaked.

The takeaway if you had an appointment at one of the three hospitals: You were likely contacted already if the appointment needed to be cancelled. Most urgent surgeries and radiology appointments have been cancelled. However, the hospitals are recommending patients call to verify appointments before arriving if they have not heard anything yet.

Lost police records

The Dallas Police Department revealed that it was unable to recover 8TB of the 22TB of data lost during a data migration earlier in the year. The 22TB of data was deleted from a network drive, but with time, 14TB was recovered. The remaining missing data is not believed to ever be recoverable.

The types of files deleted were related to criminal cases so this will likely have a prolonged and lasting affect for the local community. In the meantime, anyone who thinks their case may have been affected by this data loss is being encouraged to contact the trial prosecutor in writing. Additionally, per the memo from the department, "Prosecutors have been instructed to verify with the filing detective that all evidence/files were shared with our office via TechShare before disposing of the case". This is part of the process for detectives to determine if there are any missing files that Dallas PD had not already shared.

The takeaway: This is an absolutely tragic instance of data loss. So much time and effort put into developing a criminal case, only to have it wiped out with a single accidental delete command. The amount of time it might take to recover some of the missing files and information is unthinkable. In a situation like this, there are probably some forms of evidence that cannot be recreated while others are irreplaceable.

When someone accidentally deletes a bunch of data and they do not have backups, the best thing they can do is scour their sent items for attachments sent to clients and to contact clients and ask if they have any of their documents.

However, the only long term prevention for data loss is backups: offsite, cloud-based, runs-every-day, has retention, is-checked-regularly kind of data backups! It is important for backups to be offsite so that they are not affected when a local issue happens - like natural disaster or ransomware. Cloud-based is important so that you can have access at any time from any device in case something catastrophic happens as this helps reduce downtime.

Data breaches, ransomware attacks and data loss are happening every day and almost always affect some people's lives. Sometimes you may know a victim, or perhaps you are one of the victims, but either way most of the time someone's data is put at risk. The most important things you can do to protect yourself is to use unique credentials for each user account, refrain from sharing account information, create long and complex passwords and take the time to be aware of data breaches.

As always, putting in a little extra time upfront (like creating unique user accounts and complex passwords) can really save you in the long run!