Shipping Crates with cranes on a wharf

Gaining access to a company that provides products or services for other organizations is an effective way for hackers to attack many targets at once. As a result, businesses that are part of a supply chain are becoming an increasingly attractive target for cyber attackers, especially those acting under the direction of foreign governments.

Large-scale Attacks

Several major cyber security incidents during the past year demonstrate the large-scale effect of an attack on an entire supply chain. The attack against IT services provider SolarWinds was one of the largest and most effective, as it was conducted by hackers working for the Russian intelligence service. This attack compromised Solar Winds’ updates, which 18,000 customers subsequently downloaded. The attackers then targeted about 100 of those customers, some of which were US government agencies.

Another recent major attack against US supply chains exploited a vulnerability in Kaseya’s software, which attackers used to conduct a ransomware attack affecting thousands of this company’s customers throughout the world. This attack included threats of future attacks if the victims disclosed the attack to law enforcement agencies or other third parties. These threats are a recent development in ransomware that demonstrate the attackers’ strong desire for secrecy.

Small-scale Attacks

Other attacks against supply chains are much less likely to draw attention than these major incidents, but they can still be very effective. Furthermore, an attack that’s tightly focused on a limited number of targets can also be harder to detect. These factors create a trade-off between casting a wider net to compromise more systems and minimizing the risk of detection. As a result, malicious actors are using more care in designing their campaigns, often choosing a more targeted strategy.

Bigger attacks certainly get more attention, but some supply chain compromises warrant closer examination due to their potential impact on the supply chain. These small-scale attacks can be just as effective in creating discrete pathways into a network, especially through developer and mobile environments. Many supply chain compromises are currently focusing on developer environments due to the high privileges these users often have. Mobile environments also provide attractive attack vectors due to the difficulty in tracing the source of these attacks. The high probability of success for these attacks make it likely that they’ll remain a threat to supply chains for the foreseeable future.


The expected growth in the frequency and sophistication of supply chain attacks increases the need to detect these attractive vectors. Rapid advances in the technology that supply chains use will increase their complexity, thus making it more difficult to defeat these attacks. Organizations should therefore examine strategies from protecting themselves from the likelihood that one of their suppliers will eventually fall victim to a cyber attack.

The first step in this process is to establish a clear security pathway between an organization and its suppliers, ensuring strong defenses at all links in the supply chain. These defenses largely consist of managing access control, which is relatively straightforward in modern security systems. The next step is use a design that offers resiliency in the event a supplier is compromised, meaning that the effects of an attack tend to be limited to the initial target.

Information security teams can also increase their network protection by understanding what’s on their networks and how they connect to the internet. For example, the SolarWinds attacks succeeded only because those installations had direct access to the internet. Ensuring that supply chain systems don’t have direct internet access creates a major barrier to ransomware and similar attacks.

Horizon flickr photo by Tristan Taussac shared under a Creative Commons (BY-ND) license

Neon Green closeup of QR code

Businesses use Quick Response (QR) codes to provide a variety of services for their customers, such as locating apps for ordering a product and tracking shipments. They aren’t human readable, which allows scammers to easily embed malicious links in QR codes. This type of scam is becoming more common as the use of QR codes increases, according to the Better Business Bureau (BBB).

A QR code is a two-dimensional barcode that the Japanese automotive manufacturer Denso Wave invented in 1994. It’s a machine-readable label that contains information about a specific product such as identification, location and a pointer to an application or website. A QR code can use any of four encoding modes, including alphanumeric, binary, numeric and kanji. They may also use extensions for these modes.

Scam Examples

QR scams differ greatly in their execution, but they generally rely on the victim scanning the code without thinking about what they’re doing. In particular, scammers hope that the victim won’t consider the QR’s source before scanning it.

The most common QR scam of this type involves distributing content that contains a QR code, which could be a piece of mail, flyer, text message or social media post. The code typically opens a web page when victims scan the QR code with their camera. This website is usually a phishing website controlled by the scammer that resembles a legitimate website. In this case, the website prompts the victim for personal information, especially login credentials.

For example, a victim may receive a letter claiming to offer a consolidation for student loans. The letter also contains a QR code that appears to link to an official government website that deals with student loans. This scam can be highly effective when it’s sent to someone who is currently paying off a student loan. Another approach is to use QR codes to launch a payment app or follow a social media account that the scammer controls.

Scammers can also embed a Bitcoin address in QR codes, which is a common form of cryptocurrency scam. In this scam, consumers may receive a message on a social media platform purporting to be from a forex trader offering an investment opportunity. The victim is expected to pay a withdrawal fee through a Bitcoin machine and send it to the provided QR code. Next, the victim receives an email requesting a transfer fee, which should tell the victim that the message is a scam.


The most effective method of avoiding scams involving QR codes is to confirm that the code came from the party you think it did. Contact that party directly and ask if they sent the QR code before scanning it. You can also make QR scanning more secure by adding an app. Antivirus (AV) companies frequently offer apps that check a QR code before opening it, allowing it to detect links that perform malicious actions such as forced downloads and phishing scams.

Look for signs of tampering in advertising materials. Scammers may alter legitimate business ads by placing a sticker with their QR code over the ad’s original QR code. Use extreme caution when a QR code uses a TinyURL, which is an abbreviation of the complete URL. In this case, you don’t know where the URL will direct you, so it could be a scam.

Call us at DirectOne for complete computer and network protection. Over 20 years in business with only you in mind.

QR code flickr photo by Christiaan Colen shared under a Creative Commons (BY-SA) license

Taking photo with an iphone

iOS 15.0 is the current major version of the iOS mobile operating system (OS) that Apple uses for its iPhone and iPod Touch products. The firm announced this release at its Worldwide Developers Conference on June 7 and released it to the public on September 20, 2021. Apple also released the beta version of 15.1 the following day. Both versions contain their own set of new features, fixes, enhancements and bugs.


The official version of iOS 15.0 is publicly available, but general users can also install the beta version of iOS 15.1. In addition, Apple has pushed a pre-release version of iOS 15.1 beta to developers enrolled in its developer program as well as users in its Beta Software Program . A developer account requires an annual fee, but the Beta Software Program only requires an iOS device and a valid Apple ID. Apple is currently on the second beta version of iOS 15.1 and will probably continue testing it for several weeks. The best guess for the official release of iOS 15.1 is late October or early November.


iOS 15.0

The most significant updates in iOS 15.0 include its many security patches, which Apple describes in detail on its security website. Users who have skipped over iOS 14.8 and earlier versions will also receive the security patches from those versions when they install iOS 15.0. In addition to those patches, iOS 15 also makes improvements to Siri, Apple’s virtual assistant for iOS. iOS 15.0 now processes user requests to Siri on the device’s Neural Engine, which is more secure than the previous method of delegating this task to various internet services.

iOS 15.0 users who have an Apple Card will also receive a security code that changes regularly, making their online transactions more secure. In addition, this version of iOS has its own authenticator that’s similar to Google Authenticator, allowing the user to generate verification codes for greater security when signing in. Other changes that are new in iOS 15.0 include a Mail feature that hides the user’s IP address and an App Privacy report that alerts the user when an app accesses sensitive information.

iOS 15.1

iOS 15.1 fixes a bug in iOS 15.0 that prevents some AirPods Pro users from controlling Active Noise Cancellation and Transparency features with Siri. It also fixes a bug that keeps iPhone 13 owners from using Apple Watch’s Unlock feature while wearing a mask. Additional fixes include the restoration of SharePlay, which was dropped from iOS 15 during beta testing. iOS 15.1 will also allow iPhone users to add their COVID-19 vaccination card to their Wallet app.


One of the most noticeable bugs in iOS 15 is that it doesn’t estimate storage usage very well. In particular, this OS may report that the device’s storage is nearly full when it still has plenty of room. There isn’t much users can do about this bug except to check their storage usage manually while waiting for a patch.

Many users are also reporting that their battery life is greatly reduced after installing iOS 15, although this may not be an actual bug. iOS is about 2.3GB in size, which requires a lot of power for a mobile device to download. As a result, Apple recommends that the device have at least 50 percent power and be connected to an external power source before upgrading to iOS 15. Installing a new OS also requires a mobile device to perform tasks such as reading permissions, indexing data and recalibrating components, all of which requires substantial battery power.

Call us at DirectOne for complete computer and network protection. Over 20 years in business with only you in mind.

Best Camera Phones to Buy In 2019 flickr photo by houghtonmarquis shared under a Creative Commons (BY) licenseTaking photo with an iphone

People in business suits in a big building

The semiconductor chip shortage is real and not simply scarcity marketing. Find out why there is a chip shortage, the problems it is causing, and how businesses can cope with the situation.

Reports about semiconductor chips being in short supply are common. Although marketers are fond of saying that something is scarce in order to get people to buy products and services, this time the shortage is real. Here’s look at why there is a chip shortage, the problems it is causing, and how businesses can cope with the situation.

Reasons for the Chip Shortage

The Coronavirus Disease 2019 (COVID-19) pandemic is often blamed for the semiconductor chip shortage. However, it is not the only cause. There are other reasons why supply has not kept pace with demand recently. The pandemic was the match that made the existing powder keg of supply and demand issues explode into a full-blown shortage.

Here are the main reasons why the demand for chips is high while the supply is low:

High demand. For the past two decades, the demand for semiconductor chips has been steadily increasing. Worldwide sales grew from $204.4 billion in 2000 to $440.4 billion in 2020 — a compound annual growth rate of 3.91% per year. One reason for the steady increase is that chips are being incorporated into more types of products. Besides being an integral part of traditional electronic computing devices such as desktop computers, tablets, and smartphones, chips are now being integrated into goods that historically did not have them, including automobiles, appliances, televisions, and even toilets and toothbrushes. Plus, new types of electronic computing devices are being continually being developed for emerging markets such as Internet of Things (IoT) and artificial intelligence (AI).

In addition to the expected increase in demand for chips, there has also been an unexpected surge in demand due to the COVID-19 pandemic. When governments started issuing stay-at-home orders to slow the spread of the coronavirus, desktop computers, laptops, webcams, and other electronic devices started flying off the shelves. Businesses and consumers alike were purchasing them so that people could work, attend classes, communicate, and collaborate remotely. The empty shelves have, in turn, prompted electronic device manufacturers to order more chips than anticipated.

Low supply. The supply of semiconductor chips has not kept up with the high demand for a variety of reasons. The most notable ones include:

  • Recent disasters have been impacting the production of semiconductor chips. For example, a misbehaving piece of equipment caused a fire in a building at Renesas Electronics’ Naka Factory in March 2021. The building’s chip operations were completely shut down for a month. And once it reopened, it had only limited production capacity for another two months. Natural disasters have also impacted chip production. When winter storm Uri hit Texas in mid-February 2021, three chipmakers — Samsung Foundry, Infineon Technologies, and NXP Semiconductors — had to shut down their operations due to rolling power outages. Even though the power was restored by the beginning of March, it took more than a month for them to return to full capacity due to the complexities of chipmaking.
  • The US-China trade war. The trade war between the United States and China began in July 2018 and continues to this day. Primarily focused on technology, it has resulted in both countries levying tariffs on imported products and issuing company sanctions. As part of the trade war, the United States imposed restrictions on several Chinese tech companies. In anticipation, some of those companies stockpiled semiconductor chips and chipmaking equipment before the restrictions took effect. This stockpiling has drained the supply of chips and chipmaking equipment.
  • Difficulty in ramping up production. Fabricating chips is a complex, time-consuming process. It takes about 12 weeks to fabricate standard chips and up to 20 weeks to produce highly advanced ones — and that does not include the additional 6 weeks needed for back-end assembly, testing, and packaging. Fabricating chips is also resource-intensive. Besides requiring large amounts of power and ultrapure water (up to 8 million gallons per day), it must take place in specially designed cleanrooms that are up to 10,000 times cleaner than operating rooms. As a result, there is no quick and easy way to ramp up the production of chips.
  • The COVID-19 pandemic. In the United States, employees involved in fabricating chips are considered essential workers so they have worked throughout the pandemic, even if their state governments issued stay-at-home orders. Nevertheless, chip production has diminished due to coronavirus outbreaks at the fabrication facilities. Outbreaks at suppliers’ facilities are also resulting in reduced production since the chipmakers must put their operations on hold until the needed equipment and materials arrive.

Problems Caused by the Chip Shortage

Virtually all companies will be affected by the semiconductor chip shortage. Manufacturers of chip-infused products are already feeling the effects. For example, AppleMicrosoft, and other electronics manufacturers are having problems getting the chips they need to build their devices. The same holds true for automakers and appliance manufacturers.

When manufacturers do not have the necessary semiconductor chips, they have to delay or slash production. For example, Toyota will be cutting production 40% percent in September 2021 because of the chip shortage. Manufacturers also tend to raise prices on the products that they do produce.

This new reality affects other companies big and small, no matter their industry or location. Businesses will likely have to spend more time searching for chip-infused products, as their first or second choice might not be available. And when they do find a suitable product that is in stock, they will likely have to pay more for it than in the past.

Considering that companies typically use many different types of chip-infused products — laptops, printers, routers, air conditioners, refrigerators, coffeemakers, and LED light bulbs, just to name a few — the impact of the chip shortage on their budgets could be significant, especially for small businesses. In addition, if they want a specific brand and model of a product, they might have to wait a long time for it to become available.

What Businesses Can Do to Cope

Industry experts have not reached a consensus about how long the semiconductor chip shortage will last. For example, Gartner expects the shortage to end by the second quarter of 2022. Forrester is more pessimistic, predicting it will last into 2023.

While these predictions differ, they both indicate that the shortage will not end for quite a while. Thus, companies might need to change the way they approach purchasing chip-infused goods. Here are some strategies you might consider trying when shopping for chip-infused products for your business:

  • Postpone any “nice to have” purchases. Before shopping for a chip-infused product, you might want to take a step back to determine whether it is falls into the “Need” or “Nice to have” category. Consider delaying any “nice to have” purchases until after the chip shortage has ended.
  • Maintain your existing chip-infused products. It is a good idea to make sure that your existing products are being well maintained. That way, they will last longer.
  • Try a different seller. There will be times when you need to purchase a new or replacement product for your business. If the product you want is not available or is too expensive at your preferred brick-and-mortar or online retailer, try a different seller. Another retailer might have what you want in stock at a reasonable price.
  • Check out other models or configurations. If the chip-infused product you were looking for is out of stock, check out other models or configurations offered by the manufacturer. It might not be exactly what you were looking for, but at least it is in stock.
  • Research different manufacturers’ products. If the chip-infused product you want to buy is not available or is too expensive, research similar products offered by different manufacturers. You might find that the quality of their goods is comparable to the product you initially wanted.
  • Think outside the box. When shopping for chip-infused products, don’t be afraid to think outside the box. For example, buying a refurbished product or using a cloud service instead might be a viable alternative.
  • Order chip-infused products well in advance. If you need to order a product, be sure to order it well in advance of when it will be needed. A chip shortfall at the manufacturing facility might significantly delay its delivery.
  • Adjust your 2022 budget. You will likely be paying more for chip-infused products, so it is a good idea to make sure your company’s 2022 budget reflects those increases. This is especially important if your business needs to purchase big-ticket items.

You Can’t End Chip Shortage But You Can Minimize Its Impact

The semiconductor chip shortage is real. Although you can’t end the shortage, you can minimize its impact on your business by planning ahead and being sensible and flexible when purchasing chip-infused products. It also is important to keep your existing chip-infused products maintained to reduce the chance that they will need to be replaced. We can help keep your company’s computers, printers, routers, and other IT electronics well maintained and operating smoothly.

Business Photographers flickr photo by Rui de Matos shared under a Creative Commons (BY-SA) license

You may have been the victim of an SMS-based phishing, or smishing, attack if you’ve ever received a text message that claimed there was a problem with one of your accounts and asked you to click on a link to resolve the issue. Smishing is one of the easiest ways for hackers to steal your data because you’re literally giving it to them.

Many people now spend most of their waking hours on their phones, which is one of the main reasons for the dramatic rise in these attacks over the last few years. As a result, law enforcement agencies and telecommunications companies are actively developing countermeasures against smishing.

Phishing is a type of cyber attack in which the attacker sends an email message designed to trick the victim into disclosing sensitive information or deploying malware on the victim’s computer. They often use fraudulent, or spoofed, websites to make it appear as if the email came from someone the victim has reason to trust, typically a bank or online retailer. Phishing attacks have become increasingly sophisticated, often allowing the attacker to observe the victims’ actions on the spoofed website and further compromise their security. Phishing is by far the most common type of cyber attack as of 2020, with more than twice as many attacks as any other type of computer crime, according to the FBI’s Internet Crime Complaint Centre (IC3).

Other cyber attacks are conceptually similar to phishing, although they may differ in their implementation. For example, smishing uses SMS rather than email to deliver a fraudulent message that invites the victim to perform some action such as clicking a link, sending an email reply or calling a phone number. The message also asks the victim to disclose personal information such as the security credentials for a website or online service that the victim is currently receiving. It can be particularly difficult to identify spoofed logon pages on a mobile phone since its small display size can prevent you from seeing the entire URL.

Current Trends

The term “smishing” was coined in 2006, but it remained a fairly obscure form of attack compared to phishing until 2020. Proofpoint reports that smishing attacks increased by 328 percent in mid-2020, largely as a result of the COVID-19 pandemic. Government agencies began sending SMS messages on a large scale to provide COVID-related information such as contact tracing, lockdowns and vaccination options. This response to the pandemic created an ideal environment for smishing, since many people now had a strong incentive to read SMS messages and follow their instructions. NextCaller reports that 44 percent of Americans experienced an increase in the scam text messages during the first two weeks of the nationwide quarantine.

Financial Losses

The IC3 reports that over 240,000 people were victims of phishing and related attacks in 2020. The reported losses from these attacks over $54 million, as compared only $7 million in losses from malware such as viruses. The European Payments Council reports that the total losses from phishing type attacks in the European Union (EU) were $26 billion between June 2016 and July 2019.


Government agencies and private businesses are currently scrambling to keep up with the millions of smishing messages that hackers send on a daily basis. However, mobile users have many options for protecting themselves from these attacks.

The effectiveness of smishing attacks is largely due to the fact that mobile users are accustomed to receiving legitimate text messages, many of which inform the recipient of suspicious account activity. It’s therefore critical to verify the sender of these messages before taking any action through SMS. For example, if you receive a message purporting to be from your bank, you should always contact your bank directly to ensure they sent you the message before following any of its instructions.

Text Messaging flickr photo by wuestenigel shared under a Creative Commons (BY) license

T-Mobile sign on side of building

The T-Mobile data breach in August 2021 was massive. Find out what data was stolen, what T-Mobile is doing to help customers affected by the breach, and how to protect yourself even if you are not a breach victim.

On August 15, 2021, the world first learned about the massive T-Mobile data breach. The disclosure came from a most unusual source — the hackers who pulled off the data heist. The cybercriminals told BleepingComputer that they hacked into T-Mobile’s production, staging, and development servers and stole the personal data of millions of T-Mobile customers. A day later, T-Mobile confirmed that its systems had indeed been attacked and some of its data stolen. Later updates revealed that the stolen data included personal information about T-Mobile and Metro by T-Mobile customers.

What Was Stolen

In the August 2021 data breach, hackers stole the personal data of more than 54 million past, present, and prospective T-Mobile customers. In addition, data about 52,000 current Metro by T-Mobile customers was taken.

The types of data stolen is a good news/bad news situation. First, the good news: No financial information was included. “We have no indication that personal financial or payment information, credit or debit card information, account numbers, or account passwords were accessed,” stated T-Mobile.

Now, the bad news: Highly sensitive ID numbers were taken, including Social Security and driver license numbers. “The exact personal information accessed varies by individual,” according to T-Mobile. “We have determined that the types of impacted information include: names, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, T-Mobile prepaid PINs (which have already been reset to protect you), addresses and phone number(s).”

In addition, International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI) numbers were stolen. IMSI numbers are used to identify the users of a cellular network, whereas IMEI numbers are used to identify the devices on a cellular network.

Hackers have put all the stolen data up for sale on the dark web.

What T-Mobile Is Doing to Help Customers

T-Mobile has already sent notifications to current customers involved in the data breach. Current customers who were not affected by the breach will see a banner on their account login page telling them so. At the time of this writing, T-Mobile is in the process of notifying former and prospective customers affected by the breach.

Besides letting customers know whether or not their data has been stolen, T-Mobile is:

  • Offering data breach victims a two-year subscription to McAfee’s ID Theft Protection Service free of charge
  • Recommending that all customers install and use T-Mobile’s free Scam Shield app
  • Encouraging all customers to take advantage of T-Mobile’s free Account Takeover Protection service
  • Suggesting other ways customers can protect themselves against identity theft and fraud (e.g., resetting their PINs and passwords)

T-Mobile set up a web page that provides links to these and other resources.

What Is Being Done to Prevent Another Attack

To prevent a similar attack in the future, T-Mobile conducted a forensic investigation of the data breach, with assistance from the cybersecurity firm Mandiant. The telecom giant has not disclosed too many details about the data breach since there is a criminal investigation underway. However, it did divulge that the cybercriminals gained access to the company’s IT network through the testing environment. They then used brute force attacks and other techniques to access the servers containing the customer data.

T-Mobile has closed the entry points that the hackers used to gain access to the various servers. It has also entered into long-term partnerships with Mandiant and KPMG, a cybersecurity consulting firm. “I am confident in these partnerships and optimistic about the opportunity they present to help us come out of this terrible event in a much stronger place with improved security measures,” said T-Mobile CEO Mike Sievert.

This help is sorely needed. The August 2021 incident is the fifth major data breach at T-Mobile in the last three years. Hackers stole the personal data of 2 million customers in November 2018A year later an undisclosed number of customers using the company’s prepaid services had their personal information pilfered. Then, in March 2020, both customers and employees had their names, addresses, account numbers, and other data stolen. Nine months later roughly 200,000 customers had their phone numbers, call records, and other Customer Proprietary Network Information (CPNI) breached.

This disturbing trend coupled with the fact that T-Mobile violated the California Consumer Privacy Act is helping fuel lawsuits against the company. Two class-action lawsuits have already been filed, with many more likely to come.

Ways Everyone Can Protect Themselves

There is little you can personally do to stop cybercriminals from hacking into companies’ databases and stealing your personal data. However, there are measures you can take to minimize the damage if you find out you are a data breach victim:

  • Monitor your accounts regularly for suspicious activity. Besides checking your monthly credit card and bank account statements, review your online service accounts (e.g., PayPal).
  • Monitor your credit reports periodically. US citizens have the right to obtain free copies of their credit reports from Equifax, Experian, and TransUnion once a year. However, all three credit reporting bureaus have been offering free weekly online reports during the Coronavirus Disease 2019 (COVID-19) pandemic. To request them, go to com, the official website sanctioned by the US government’s Consumer Financial Protection Bureau.
  • Place a fraud alert on your credit reports if you find out you are a data breach victim or you notice suspicious activity in one of your accounts. The fraud alert makes it harder for identity thieves to open accounts in your name, according to the US Federal Trade Commission. There is no fee for this service, which lasts a year. To place a fraud alert, you just need to contact one of the three credit reporting bureaus (Equifax, Experian, or TransUnion). That company must then tell the other two bureaus about the alert.
  • Use a strong password or passphrase for each online service account you have. Do not use that password or passphrase for any other account.
  • Use two-step verification (aka two-factor authentication) to protect your online service accounts if they offer this capability. Two-step verification provides an extra layer of protection against unauthorized access to those accounts.

T-Mobile flickr photo by JeepersMedia shared under a Creative Commons (BY) license

The growing value of information is increasing the incentive of hackers to obtain data from both individuals and organizations. These incidents include ransomware attacks in which the perpetrator encrypts the victim’s data or threatens to publish that data unless the victim pays a ransom. Another tactic is to simply sell the information, either to a specific party or the highest bidder.

The data breach at UC San Diego Health (UCSDH) is one of the most recent of these attacks and is especially significant due to the large number of protected health information (PHI) records involved.


The investigation is still ongoing, but the most current information shows that the breach began as early as December 2, 2020. UCSDH received a preliminary report of the attack on March 12, 2021 and launched an investigation that verified the attack on April 8, 2021, at which point the attacker’s access to UCSDH systems was terminated. UCSDH announced the breach on July 27, 2021, which was being widely reported by major media outlets by July 30, 2021.


As is normally the case, the UCSDH didn’t immediately disclose the data breach to the public. Instead, it reported the matter to the FBI and continued its internal investigation. Once the breach was publicly disclosed, the UCSDH also began directly informing affected individuals of the breach. In addition, UCSDH has promised to provide free credit monitoring and identity theft prevention services to affected individuals one it has completed its investigations. UCSDH has also urged all users to changed their passwords and begin using multi-factor authentication (MFA) to access their accounts.

Method of Attack

The method of attack for the UCSDH data breach was a phishing scheme against the email accounts of UCSDH employees. Details of the attack haven’t been released yet, but it generally involves sending emails to the target addresses purporting to be sent by someone the victim has reason to trust. It usually informs the victim that one of their accounts may have been compromised and requests the victim to log on to that account to verify their information via a link in the email.

However, this link leads to a login page that the hacker controls, although it resembles the actual login page as closely as possible. If the victim attempts to log in to the false page, the hacker will then have the victim’s login information. From there, the hacker can use that information to login to the real account.

Information Disclosed

This data breach resulted in the disclosure of personal information of UCSDH patients, employees and students including the following:

  • Full name
  • Address
  • Date of birth
  • Email
  • Fax number
  • Social Security number
  • Student ID number
  • Username and password

In addition, the breach also compromised the PHI of affected UCSDH members, including claims information such as the date and cost of health care services received. It also disclosed Medical Record Numbers (MRNs), along with medical conditions, laboratory results, diagnoses, treatments and prescriptions. Financial information was another type of data involved in the breach, including payment card number, financial account numbers, security codes and other payment information.

The UCSDH breach illustrates the need to remain alert to the possibility of identity theft. The best defense against this type of activity is to monitor your health and financial accounts regularly for signs of unexpected activity. You should also contact the company maintaining that account as soon as possible when you suspect your account has been compromised.

Data Breach flickr photo by shared under a Creative Commons (BY) license