Hack Notice

Hack Notice: MolinaHealthcare.com


Earlier this month, KrebsOnSecurity featured a narrative about a basic surety flaw in the web site of medical diagnostics firm True Health radical that let anyone who was logged in to the site aspect all other patient records. in that floor I mentioned True health was one of leash major healthcare providers with similar website problems, and that the other two providers didnt even require a login to view all patient records. Today well examine a flaw that was just fixed by Molina Healthcare, a Fortune 500 companion that until recently was exposing countless patient medical claims to the entire internet without requiring any authentication.In April 2017 i received an anonymous wind from a reader who said hed figured out that just by changing a single number in the web speech when accessing his recent medical claim at MolinaHealthcare.com he could then vista any and all other patient claims.More alarmingly, the linkup he was given to access his claim with Molina was accessible to anyone who had the link; no authentication was required to survey it. Nor was any authentication required to survey any other records that could be accessed by fiddling with the numbers after the fleck at the last of Molinahealthcare.com destination (e.g., claimID=123456789).In other words, having access to a single hyperlink to a patient tape would reserve an attacker to enumerate and download all other claims. The source showed me screenshots of his medical records at Molina, and how when he changed a single number in the URL it happily displayed another patients records.The records did not appear to include social certificate numbers, but they fare include patient names, addresses and dates of birth, as well as potentially sensitive information that may head to specific diseases, such as medical procedure codes and any prescribed medications.I contacted Molina about the issue, and the company released a brief statement saying it had fixed the problem. Molina also said it was trying to figure out how such a misunderstanding was made, and if there was any evidence to suggest the web site bug had been widely abused.The previously identified surety issue has been remediated, the fellowship said. Because protecting our members information is of uttermost importance to Molina and out of an abundance of caution, we are taking our ePortal temporarily offline to perform additional testing of our system security. Molina has also engaged Mandiant to assist the troupe in continuing to strengthen our system security.

About HackNotice and MolinaHealthcare.com

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and MolinaHealthcare.com was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of MolinaHealthcare.com their products, services, websites, or applications and you were a client of HackNotice, monitoring for MolinaHealthcare.com you may have been alerted to this report about MolinaHealthcare.com . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If MolinaHealthcare.com had a breach of consumer data or a data leak, then there may be additional actions that our clients should take to protect their digital identity. data breaches, hacks, and leaks often track to and reason identity theft, account take overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer info through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice workings to monitor for hacks that leading to lower client security and digital identities that have been exposed and should live considered vulnerable to attack. HackNotice works with clients to describe the extent that digital identities have been exposed and provides remediation suggestions for how to handle each typecast of exposure.

HackNotice monitors the hacker community, which is a network of individuals that share data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account take overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that hurt consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to share hack notices with their friend, family, and collogues to help increase cognizance around alleged hacks, breaches, or data leaks. HackNotice works to provide clients with sharable reports to help increment the certificate of our clients personal network. The certificate of the people that our clients interact with directly impacts the raze of surety of our clients. Increased exposure to accounts that have been taken over by hackers leads to further account make overs through phishing, malware, and other attach techniques.

If you found this jade observation to be helpful, then you may be interested in reading some additional drudge notices such as:

departure of a trusted staff penis with access to sensitive information can become a data breach ifovernments to careless disposal of used computer equipment or data storage media and unhackable sourble information (PII), trade secrets of corporations or intellectual property. Most data breaches in


Horizon Media, Inc.