Database breaches are becoming more and more common. Some notable ones include University of California, Los Angeles (UCLA) Health System, Community Health Services (CHS), Anthem Inc, OPM, United Airlines and as of yesterday Deloitte. It is quite possible that the perpetrators wanted to gather additional intelligence to select their next targets.
What some people may not know is that information and systems are shared between these organisations. For example, the UCLA Health system has an existing relationship with Anthem in which they exchange patient, financial and testing information. The Anthem, Premera and OPM breaches have been linked to the same (Chinese) hacking group. Based on the relationship of the victims and the data that was taken, we can assume the intelligence was used to further the group’s target value with every next hack.
A thing to consider about database attacks is that infiltrators gather patient information from the breached database servers. Personal information of the medical staff is usually on these servers too. This information often gives access to the other services used by the medical staff and patients. Because humans generally don’t want to have to remember a different password for each service they use, some passwords are used for multiple services. Therefore, getting your hands on one database often opens up the personal access of certain individuals to many different services.
The Transportation Security Administration (TSA), insurance companies and several airlines share data via a Known Traveler Number (KTN) that track travellers in the enrolled program. This shared number is a way for malicious actors to access manifests from United Airlines for the purpose of tracking travellers. A dark question to ask would be how state-sponsored actors would use this data? One answer could be that they are following agents of government intelligence and military personnel abroad and domestically. This gives overseas governments intelligence to utilize in counter intelligence and compromising individuals’ security clearances.
A simple low-level database breach can have far reaching effects. With the breach of regional medical services (UCLA) the infiltrators had access to data from national insurers. The insurance companies (Premera, Anthem) shared information with travel agencies (United Airlines). Now, travel information (United Airlines) about government personnel (CIA, NSA, FBI) is being tracked. This all potentially started from a breach of a regional medical facility.
However, there are several ways to protect your company from database breaches:
- Track suspicious internal data usage and transfer.
- Maintain active intelligence of open and closed source forums in the dark web.
- Get players in your supply chain to uphold high security standards.
- Create a doomsday protocol for your security staff to execute should the need arrive.
- Scan and test all IT systems regularly.
- Provide the necessary people, processes, and technology to protect your organization.
References:
- Premera. (2015). How Anthem Cyber-Attack could impact Premera members. Retrieved from: https://www.premera.com/wa/visitor/healthsource/community/anthem/
- Computerworld. (2015). Premera, Anthem data breaches linked by similar hacking tactics. Retrieved from: https://www.computerworld.com/article/2898419/data-breach/premera-anthem-data-breaches-linked-by-similar-hacking-tactics.html
- ITgovernanceusa (2015). OPM cyber attack linked to Anthem and Premera healthcare breaches. Retrieved from: https://www.itgovernanceusa.com/blog/opm-cyber-attack-linked-to-anthem-and-premera-health-care-breaches/
- Bloomberg. (2015). China-tied hackers that hit U.S. said to breach United Airlines. Retrieved from: https://www.bloomberg.com/news/articles/2015-07-29/china-tied-hackers-that-hit-u-s-said-to-breach-united-airlines
