Weekly Threat Report - 22nd February 2019
Patient calls to Swedish healthcare hotline left unprotected online
A server that was used to store recordings of phone calls made to a Swedish “healthcare hotline” has reportedly been found exposed online without password protection. The service provided medical advice via a national health service telephone line.
170,000 hours of calls containing highly personal information were reportedly stored on an open web server without any encryption or authentication. The server contained recordings of conversations going back to 2013.
The calls included sensitive information about patients’ diseases and ailments, medication, and medical history, and many of the calls were stored alongside telephone numbers.
The Swedish Data Protection Authority told the BBC: "If the reports in the media are correct, we view this incident as very serious since it involves sensitive personal data about many people for a long time. We intend to do a supervision of this incident. We have not formally initiated the supervision yet, though."
Any organisation that deals with sensitive personal information is at a higher risk of being targeted by malicious actors.
The NCSC has published 15 good practice measures for the protection of bulk personal data. Organisations handling sensitive information should also ensure they are adhering to the General Data Protection Regulation (GDPR). The NCSC has published GDPR security outcomes which was developed in partnership with the Information Commissioner’s Office (ICO).
Payment data being targeted by cyber criminals
Cyber criminals are continuing to target and attack thousands of websites by implanting code designed to steal payment card numbers.
Symantec’s Internet Security Threat Report suggests that attackers were inserting "attack code", which can have an impact with websites that fail to update core software or even take advantage of insecure third-party apps. They also found that more than 4,800 websites were affected including high profile companies such as British Airways and Ticketmaster.
Symantec described the attacks as a “tiny line of code” which is “enough for attackers to monitor payment card info being entered and they siphon it off”.
If you think you have been affected by incidents such as these as a member of the public then you can use Action Fraud’s online fraud reporting tool anytime of the day or night or call 0300 123 2040. For further information visit www.actionfraud.police.uk.
The report also suggested that ransomware was still widely being used by criminals although infections were down by 20% over the past year. The NCSC has published guidance for organisations looking to defend themselves against ransomware.