Healthcare

Health Promotion Board’s HealthHub Portal Hacked, US Centers For Medicare & Medicaid Services Suffers Breach

16 - 23 October 2018

The Health Promotion Board’s (HPB) HealthHub portal had been hacked over four days between September and October. The attack was discovered after a user suspected that her account had been accessed without her authorisation.
Cyber_News_Healthcare
The Health Promotion Board’s (HPB) HealthHub portal had been hacked over four days between September and October. The attack was discovered after a user suspected that her account had been accessed without her authorisation. The attack, which involved attempted logins using more than 27,000 unique IDs and emails, had successfully compromised 72 HealthHub accounts. HPB said that the email addresses were likely obtained from external sources, and no evidence of a breach in the Health Hub system was found. HPB has notified the affected account holders of the attack.

Additionally, the US Centers for Medicare & Medicaid Services (CMS) suffered a data breach that exposed the files of approximately 75,000 individuals. Hackers had compromised the Federally Facilitated Exchange’s Direct Enrolment pathway, which is used by agents and brokers to help customers enrol in health insurance. It remains unclear what data had been exposed. Meanwhile, the authorities have deactivated the hackers’ accounts and disabled the Direct Enrolment pathway. 

References:
[1] Multiple unauthorised log-in attempts detected on HealthHub portal: HPB
[2] U.S. CMS says 75,000 individuals' files accessed in data breach

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence