Health data security alliance suffers server breach

Tools

The Health Information Trust Alliance (HITRUST)--an organization tasked with promoting data security for health entities--announced this week that it was the victim of a cyber-attack on one of its web servers.

Described by HITRUST as a "non-critical, standalone public web server compromised by an [structured query language] SQL injection that resulted in some test data being leaked," 111 records were breached. Information within the records included names, companies, addresses, phone numbers, email addresses and six encrypted passwords.

HITRUST pointed out that no personal health or sensitive information was contained on the servers, and that all information compromised was only available on the one test server.

"It is our mission to protect information and do so in a manner that is appropriate and practical given the risks," HITRUST officials said in a statement. "We had not deemed this particular web server and test data to require higher assurances."

Cyber War News originally reported that the hackers, using the Twitter handle @TeamBerserk, leaked the server data, which HITRUST later confirmed was the SQL injection culprit.

The alliance added that it will strengthen the security of its testing environments and public general information websites to a "higher assurance level."

"The server in question has been addressed and test information deleted," HITRUST officials said.

To learn more:
- read the announcement from HITRUST
- here's the Cyber War News post (Warning: Post contains harsh language)

Related Articles:
Mobile security a primary concern for docs
Hospital IT director: Focus on securing patient data, not devices
Implanted cardiac devices could be subject to tampering