Cyber Week in Review: Cosmetic Surgery Clinics, Pacemakers & Chipotle

Media Division | June 9, 2017

Each week we bring you some of the top stories making headlines (and waves) around the cyber security water cooler.  Some weeks those conversations get a little heavy and serious, but other weeks they just make us giggle and snicker.

This week falls somewhere in the middle, generating a little heartburn and visits to doctors’ offices…for some, anyway.

Here are some of the top security breaches recently bubbling to the surface on the interweb.

Cosmetic Infiltration

The healthcare industry suffers disproportionate numbers of security breaches for many reasons: money, volume, accessibility, and patient data, such as addresses and social security numbers—all among the top reasons.

This week news broke of data breaches at some cosmetic surgery clinics in the European Union, in places like Germany, Britain, Denmark, and Norway.

Beyond all of the “typical” healthcare information stored at any doctor’s office, plastic surgery clinics may have other cause for concern, namely nude pics and extra concerns about privacy.

The group apparently responsible for the breach, Tsar Team, were identified by Lithuanian police.  They say more than 25,000 photos and pieces of personal information were leaked as a result of the hacks.

Pacemaker Irregularity

Patients may have gotten more than they bargained for in the heart department as well.  Recent information confirms what cyber security experts have suspected: pacemakers and other cardiac devices are incredibly vulnerable to hacking.

So hackable, in fact, that thousands of bugs can be exploited in pacemaker programs, and that the tools necessary to hack a device can be ordered off of auction sites on the internet.

Currently, such devices do not require authentication from doctor’s offices, such as login names and passwords, to connect directly to the devices.  What’s more, the devices themselves may contain patient information such as medical conditions, name, address, phone number, and even the patient’s social security number.

So why not just utilize password protection and cyber security software to protect heartbeats?  For one, doctors and manufacturers express concern over limiting access: at a critical moment, what if a hospital could not connect to the device?  For two, no incident of a hack of a pacemaker or other cardiac device has ever been reported.

Cards at Chipotle

Your heart may be safe after all this week (unless Mexican food gives you heartburn). Chipotle, the naturally-minded burrito chain, suffered a major malware attack this year.  (This may become known as one of the biggest security breaches of 2017. But then, the year is only half way done).

Chipotle announced via their blog that a major security breach compromised customer credit card information in March and April of this year.  Unfortunately, the malware responsible may have breached card numbers but also additional stored card data, such as the internal verification code.  That information could make it possible for stolen cards numbers to be replicated and used fraudulently.

Of course, customers can check the site to see if their favorite Chipotle location was hit by the bug.  Beyond that, checking monthly statements for any unauthorized charges is always important.  Another thing to remember: stolen credit card information is often just sold in batches on the cyber black market.  It could be months or even a year or two before those fraudulent charges would appear.

So stay vigilant.  Delete unwanted doctor’s office nude photos.  Protect your pacemaker or other medical device.  Check your card statements each month.  Better yet, utilize cyber security software tools to cover your digital assets, both at home and around town.

And as always, enjoy the headlines…but stay out of them.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.