mailing list archives
Health data security alliance suffers server breach
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 31 May 2013 11:28:03 -0500
The Health Information Trust Alliance (HITRUST)--an organization
tasked with promoting data security for health entities--announced
this week that it was the victim of a cyber-attack on one of its web
Described by HITRUST as a "non-critical, standalone public web server
compromised by an [structured query language] SQL injection that
resulted in some test data being leaked," 111 records were breached.
Information within the records included names, companies, addresses,
phone numbers, email addresses and six encrypted passwords.
HITRUST pointed out that no personal health or sensitive information
was contained on the servers, and that all information compromised was
only available on the one test server.
"It is our mission to protect information and do so in a manner that
is appropriate and practical given the risks," HITRUST officials said
in a statement. "We had not deemed this particular web server and test
data to require higher assurances."
Cyber War News originally reported that the hackers, using the Twitter
handle @TeamBerserk, leaked the server data, which HITRUST later
confirmed was the SQL injection culprit.
The alliance added that it will strengthen the security of its testing
environments and public general information websites to a "higher
"The server in question has been addressed and test information
deleted," HITRUST officials said.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list
Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
- Health data security alliance suffers server breach Erica Absetz (May 31)