Another day, another cyberattack, with health insurer Dominion National now taking its turn in the crosshairs. For almost nine years, hackers had access to addresses, social security numbers, and bank details of Dominion National’s members, though the company wasn’t made aware of this unauthorized access until April 24, 2019.
According to a message posted on the company’s website, “Through our investigation of an internal alert, with the assistance of a leading cyber security firm, we determined that an unauthorized party may have accessed some of our computer servers. The unauthorized access may have occurred as early as August 25, 2010. After learning of this, we moved quickly to clean the affected servers and implement enhanced monitoring and alerting software. We also contacted the FBI and will continue to work with them during their investigation.”
After undertaking a comprehensive review of the incident, and the data that was stored on the exposed computer servers, Dominion National determined that the data might include enrollment and demographic information for current and former members of Dominion National and Avalon vision, and current and former members of plans the company provides administrative services for.
It might also include personal information for producers who placed Dominion National and Avalon vision policies, and healthcare providers participating in the insurance programs of Dominion National.
The member information exposed might meanwhile include names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, group numbers, and subscriber numbers. Those members that enrolled online through Dominion National’s website might have had their bank account and routing numbers included in the data. The provider information may have included names, dates of birth, Social Security numbers, and/or taxpayer identification numbers, while the producer information may have included names and Social Security numbers.
“With highly sensitive data from home addresses, social security numbers and bank details exposed through the breached servers, the length of time this information was open to unauthorized access gives cause for great concern,” said Fraser Kyne, EMEA CTO at security firm Bromium. “Nine years is an incredibly long time for a hacker to remain undetected with this kind of access. The longer the ‘dwell time’ (i.e. the time a potential hacker has unauthorised access to systems), the more damage can be caused; hackers will have had ample opportunity to move through systems, potentially insert backdoors, exfiltrate data and spy on communications.”
Kyne added that while it’s unclear how the original breach occurred, the most common ways in are emails and browsers, which are accessed through the endpoint.
“From there, hackers can make their way through systems to get to their target – in this case the company’s servers,” he commented. “Trying to detect an attack like that in real-time is a fallible approach, and once a hacker has made its way in they can deploy all manner of disguises to stay under the radar. This is why it’s important to adopt layered defences that utilize application isolation to contain malicious threats; preventing hackers from gaining a foothold in the network. That way, if a user does visit an infected site or open a malicious attachment then the malware is rendered harmless; the hacker has nowhere to go, nothing to steal and won’t be able to reach company servers.”