We just had a press release in from Sontiq, who say that cyber criminals are targeting insurance related websites. Here’s the word;
Cyber criminals have set their sights on the insurance industry’s websites used for generating quick quotes on new policies. Insurers have recently been targeted by cyber criminals who are using the carriers’ automated quoting websites to steal customers’ non-public information (NPI). Efforts to accelerate the quoting process has led to new vulnerabilities. The stolen information has included customers’ addresses, vehicle identification numbers, driver’s license details and household members’ information.
Cybercriminals have exploited legitimate web de-bugging tools to access the data in transit from third-party data providers that populate the carriers’ sites. This consumer data harvesting often leads to fraud events or losses for these individuals once the hackers use the data to build more robust consumer profiles.
In addition, websites designed for agent-only access to the carriers’ information (“agent portals”) have also been compromised by a technique known as ‘credential-stuffing.’ Criminals exploit these portals to gain access to the consumers’ NPI.
• Disable display of third-party NPI data on public-facing sites
• Ensure that APIs (application program interfaces) with third parties are not directly accessible
• Install a Web Application Firewall
• Implement CAPTCHA to limit effectiveness of ‘bot’ attacks
IE magazine did a Google search and found that a Blue Cross hospital in Washington DC reported a cyber breach in mid April. 200K patient records were reportedly compromised in that one.
Commercial insurer CNA reported a breach in march and they have customer info and updates posted in April as they sort that one out. More here on the CNA website.
Back in February Metromile said it had fixed a bug in its site that let hackers access drivers license numbers.