Cyber Attackers Prove Themselves to Be Ruthless as They Attack Cancer Treatment Centers of America

You'd think that even cybercriminals have some sensibility and some sense of compassion, but the latest attack on the Cancer Treatment Centers of America has proven us all wrong. The Western Regional Medical Center in Bullhead City, Arizona, warned nearly 42,000 of its patients that their personal data might have been exposed to cyber attackers. Data breaches, unfortunately, are not rare these days, and we have definitely seen an increase in data breaches targeted at healthcare institutions in the past years. Whether cyber attackers are trying to record personal information, which might include social security numbers, home addresses, and full names, or they are trying to steal digital prescriptions, the dangers are real. In this blog post, we discuss the mistakes that allow successful cyber attacks, and we give a few important tips that should help you secure social security numbers and other personal data against attackers. If you are curious, continue reading.

Why attackers targeted the Cancer Treatment Centers of America?

The "why" might be hard to understand or explain because, after all, cyber attackers are humans, and they might have unique incentives and goals behind their crimes. Of course, it is most likely that they attacked the Cancer Treatment Centers of America simply because they detected a security backdoor that could be exploited for their gain. According to Becker's Hospital, the attacker initially gained access to an email account of one of the center's employees using a phishing attack on May 2nd. The report suggests that this allowed the hackers to access patients' names, home addresses, birth dates, email addresses, mobile phone numbers, and even social security numbers. Unfortunately, this isn't the first time something like that has happened. In July, for example, we reported a phishing attack targeted at the Children's Mercy Hospital in Kansas. Using a phishing email, the criminals can try to trick the recipient into opening malicious email attachments or clicking on links that route to malicious sites or that are used in drive-by download attacks.

Although the affected email account was, allegedly, secured within hours – when the employee was prompted to change the password – it is hard to say how much damage could have been made. It is possible that social security numbers and other personal information could have been leaked. The good news is that the company took responsibility and informed all affected patients about the incident.

What to do if my social security number (SSN) was leaked?

Whether you are a patient at the Cancer Treatment Centers of America or another healthcare facility, or you are a customer of any company/service that has your social security number recorded, if you were informed that your personal information was leaked, you need to take action. If you live in the US, the first thing you can do is get the data "recovery plan" from the FTC. Next, you want to enable a credit freeze. If your SSN is in the hands of cybercriminals along with other personal information, they could try to impersonate you and open new accounts, rent homes, or apply for loans. In the US, you can freeze your credit using Equifax, Experian, and TransUnion services. Finally, contact the company (e.g., Cancer Treatment Centers of America) whose data was affected during the data breach. The chances are, they will know the situation best, and they will be able to tell you what you need to do.

If you think hackers are not interested in your social security number, think again

As we mentioned briefly, if hackers obtain a social security number, and they are able to provide other personal information, they can apply for loans and even set up new credit card accounts. Without a doubt, if that happens, the victim can face serious financial security issues. Obviously, you do not want your SSN leaked, do you? If you want to learn more about what hackers can do with your SSN, continue reading here. We also have a guide that explains how to keep your social security number safe. Ultimately, you can do your part by being cautious about how you share your SSN, as well as whom you share it with. It is all out of your hands when it comes to companies leaking such information. That being said, you can be mindful about limiting the information you share with companies from now on.

Be careful about the storage you use to keep personal information

Without a doubt, you want to secure social security numbers and other personal information against data breaches. We are sure about that. But how are you storing this information? As you know, keeping personal information in a physical format – whether it is written down on a piece of paper or stored in a file that is kept on an external drive – is not the best idea. Things get lost and things get stolen. What about digital vaults? Some people choose to store all of their passwords, usernames, pin codes, credit card and social security numbers, and other personal information in one excel or document file. That is not a good idea because if a file is encrypted, you might lose access to your accounts, and if hackers attack, they could steal information without your notice.

It is imperative to keep all personal information safe, but if you want it to be accessible too, you might think that you need to sacrifice security. Luckily, you do not. The Cyclonis Password Manager is a free tool that not only can store passwords but all other kinds of sensitive information too. Whether you keep it in a Wallet or as a Private Note, it will be encrypted and protected against intruders. All you have to do is set up a strong master password, which is a key that unlocks access to your own password manager account. Ultimately, if you want to keep your social security number or patient-related information somewhere safe, you must do it intelligently, and that can be achieved with the right tools on your side.