Thursday, June 26, 2014




Complete DHS Report for June 26, 2014

Daily Report

Top Stories

 • Fifteen California medical professionals were charged in a $25 million scheme involving a firm that hired pharmacists to produce a pain-relief cream and gave kickbacks to doctors and chiropractors to prescribe it and submit phony claims from October 2009 to January 2013. – Associated Press

22. June 25, Associated Press – (California) 15 medical professionals indicted for $25M scheme. Fifteen pharmacists, doctors, and other medical professionals in southern California were charged in a $25 million workers’ compensation scheme linked to the death of a baby. The scam involved a workers’ compensation claims management firm that hired pharmacists to produce a pain-relief cream and gave kickbacks to doctors and chiropractors to prescribe it and submit phony claims from October 2009 to January 2013. Source: http://news.msn.com/crime-justice/15-medical-professionals-indicted-for-dollar25m-scheme

 • The Montana Department of Public Health and Human Services reported June 24 that a May data security breach compromised about 1.3 million individuals’ State health records when hackers gained access to the department’s computer server. – Reuters

23. June 25, Reuters – (Montana) Montana health record hackers compromise 1.3 million people. The Montana Department of Public Health and Human Services reported June 24 that a May data security breach compromised about 1.3 million individuals’ State health records including Social Security numbers when hackers gained access to the department’s computer server. Officials continue to investigate the incident and the full extent of damage. Source: http://news.msn.com/science-technology/montana-health-record-hackers-compromise-13-million-people

 • NRAD Medical Associates in Garden City, New York, informed 97,000 patients that a former radiologist accessed and acquired protected health and personal information from its billing system without authorization in April. – Long Island Newsday

24. June 24, Long Island Newsday – (New York) Long Island radiology practice NRAD informs 97,000 patients of data breach. Garden City-based Nassau Radiologic Group Medical Associates (NRAD) informed 97,000 patients that a former employee had unauthorized access to their personal information after learning the former radiologist accessed and acquired protected health and personal information from NRAD’s billing system in April. Source: http://www.newsday.com/news/health/long-island-radiology-practice-nrad-informs-97-000-patients-of-data-breach-1.8553832

 • Federal prosecutors charged a former Iowa State University laboratory manager after he confessed to skewing results of an experimental HIV vaccine after years of work and millions in grants were spent. – Associated Press

25. June 24, Associated Press – (Iowa) Researcher charged in major HIV vaccine fraud case. Federal prosecutors charged a former Iowa State University laboratory manager after he confessed to skewing results of an experimental HIV vaccine by spiking rabbit blood samples with human antibodies to appear more successful. A separate experiment determined the results were bogus after years of work and millions in grants were spent. Source: http://news.msn.com/crime-justice/researcher-charged-in-major-hiv-vaccine-fraud-case

Financial Services Sector

7. June 25, Dark Reading – (International) PayPal two-factor authentication broken. PayPal disabled its two-factor authentication option for mobile users after Duo Security researchers confirmed an independent researcher’s findings showing that it was possible to bypass the feature. The vulnerability exists in a PayPal API and affects mobile users but not PayPal’s Web application. Source: http://www.darkreading.com/mobile/paypal-two-factor-authentication-broken/d/d-id/1278840

8. June 25, Softpedia – (International) GameOver trojan is still in the game. Researchers with Arbor Networks reported that a Citadel campaign that evaded takedown attempts has been retrofitted with the GameOver trojan in order to continue its bank fraud operations as well as to distribute the CryptoLocker ransomware. Source: http://news.softpedia.com/news/GameOver-Trojan-Is-Still-In-the-Game-448305.shtml

9. June 25, Softpedia – (International) Cybercriminals lift over $680,000/500,000 EUR in one week. Researchers with Kaspersky reported finding a command and control (C&C) server for a man-in-the-browser (MitB) campaign that targeted an undisclosed large European bank and stole around $680,000 within 1 week from customers’ accounts. The C&C server was identified in January but the cybercriminals running it took it offline after 2 days, which prevented further analysis. Source: http://news.softpedia.com/news/Cybercriminals-Lift-Over-680-000-500-000-EUR-In-One-Week-448325.shtml

10. June 24, Grand Rapids Press – (Michigan) Man police suspect of statewide credit card fraud pulled over in Grand Haven, arrested. Police in Grand Haven arrested an Illinois man June 21 on suspicion of running a statewide payment card fraud scheme where he would allegedly use cloned credit cards to purchase pre-paid credit cards at Wesco gas stations. Local authorities and the U.S. Secret Service are involved in the investigation. Source: http://www.mlive.com/news/grand-rapids/index.ssf/2014/06/man_police_suspect_of_statewid.html

Information Technology Sector

33. June 24, IDG News Service – (International) Researchers expect large wave of rootkits targeting 64-bit systems. McAfee released a report June 24 that found that the number of new rootkit samples in the first quarter of 2014 increased to the highest levels seen since 2011, with more rootkits designed for 64-bit operating systems expected in the future. Source: http://www.networkworld.com/article/2367401/researchers-expect-large-wave-of-rootkits-targeting-64bit-systems.html

34. June 24, Securityweek – (International) AskMen compromised to distribute financial malware: Report. Researchers at Websense reported June 23 that the AskMen online magazine was compromised and used to redirect visitors to a malicious Web site hosting exploits for Java and Adobe Reader. Source: http://www.securityweek.com/askmen-compromised-distribute-financial-malware-report

35. June 24, Washington Post – (International) Microsoft says it’s resolved Outlook outage for business users across the country. Microsoft reported that it experienced an outage June 24 affecting its Exchange Online service, with users reporting being unable to access the email service for several hours. The issue was resolved later that evening. Source: http://www.washingtonpost.com/blogs/the-switch/wp/2014/06/24/microsoft-outlook-outage-reported-across-much-of-the-country/

For additional stories, see items 7, 8, and 9 above in the Financial Services Sector. Also be sure to review the Top Stories as several are relevant to the Information Technology Sector.

Communications Sector

36. June 24, BartlesvilleRadio.com – (Oklahoma) Fiber optic line damage halts communications. Residents in the Bartlesville area had their cell phone service interrupted June 24 due to a damaged fiber optic line between Bartlesville and Collinsville. No timeframe was given for repairs to be completed. Source: http://bartlesvilleradio.com/pages/news/73062014/fiber-optic-line-damage-haults-communications