05:24 PM
Dark Reading
Dark Reading
Quick Hits

Computer Theft Adds Up To $7 Million For Blue Cross Of Tennessee

October break-in nets 57 computers for thieves -- and major headaches for healthcare firm

The theft of 57 computers -- most of them destined to be scrapped -- doesn't sound like big news. But according to a news report, Blue Cross Blue Shield of Tennessee is learning just how costly a single break-in can be.

In a story that appeared yesterday in the Chattanooga Times Free Press, officials at Blue Cross of Tennessee offered details on the aftermath of a computer theft -- and a glimpse of the internal costs associated with the cleanup effort.

The break-in, which occurred in October, netted criminals some 57 computers stored in a vacated office building. Most of the computers were no longer in use, awaiting return to the vendor for their ultimate disposal, the report says.

But because the lost hard drives had not yet been erased, Blue Cross of Tennessee is now tasked with finding out what data was contained on them so that employees and customers can be notified of the loss of any personal information. Altogether, the theft might have compromised the records of more than 500,000 Americans, officials told the Times Free Press.

So far, Blue Cross of Tennessee has spent some $7 million on the breach, bringing in as many as 700 employees and contractors to analyze backup files and determine what data might have been lost, according to the report. The company might have to spend "millions more" to finish the job, it says.

"It was like water torture last fall," Blue Cross vice president Ron Harr told the Times Free Press. "Every piece of information that came in was worse."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.