A Phoenix-based health insurance company, Banner Health, was hit with a data breach affecting 3.7 million patients and staff. The information exposed may include patients’ names, birth dates, addresses, doctors’ name, dates of service, clinical information, health insurance information and social security numbers. The attack originated from hackers accessing computer systems that processed payment card information at some of its food and beverage outlets, and days later discovered that the hackers may have also gained access to information stored on some of its computer servers.
The malware, Sphinx, first appeared last August primarily targeting banks in Europe and Australia, and a new version has recently emerged that includes web infect configurations to target web portals of three of Brazil’s top banks, also including Boleto payment services. Zeus Sphinx adapts social engineering injections to manipulate users in each targeted bank. In some cases, the malware will only ask victims to provide PII and passcodes, payment card PIN codes, or home and mobile phone numbers. The timing of this new version targeting Brazil, where the Olympics are currently being held, is not a coincidence, as “Cybercriminals are known to increase their efforts during sporting events” said Limor Kessem, Executive Security Advisor, IBM.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.