May 5, the Bay Area Children's Association reported to the California Attorney General that an attacker compromised patient information after planting malware on the systems of its electronic medical record provider.



why is this signficant?

  • It is reported that the cyber criminals broke into the network using stolen credentials back in January 2015 and only in April 2016 they received notice that "patient records were acquired by unauthorized persons".
  • After a month of investigation, Bay Area Children's Association released a "Notice of Data Breach".  In other words, medical records were compromised without any cyber security detection alerts, the notification came from an external source, 15 months later.
  • Is there a new trend with the most vulnerable in life (children) being a new target?  The more recent data exfiltration cases of toy companies such as Mattel, VTech and Hello Kitty compromised thousands of children's personal credentials. 

Read the full story on SCMagazine