Medical Records Of Norfolk Southern And UPS Employees Leaked By Hackers

Posted on January 18, 2021 at 10:49 AM

Medical Records Of Norfolk Southern And UPS Employees Leaked By Hackers

A recent report has revealed that a suspected ransomware attack has left the data of a UPS and Norfolk Southern employee exposed.

The two companies pointed out that they have inquired into the incident that led to the compromise f employee health data after threat actors exposed medical records of rail workers and truck drivers online.

The data exposure was from occupational health provider Taylor Made Diagnostics on January 8, but it’s unclear how many Norfolk Southern and UPS employees’ data were actually affected by the breach.

However, the exposed data include multiple health records from both companies as well as several other smaller firms, U.S. defense contractors, and U.S. government agencies as recently December last.

Hacking incidences have increased in the healthcare sector

The exposed data include alcohol and drug testing reports for rail workers and truckers at multiple companies. It also includes completed U.S. Department of Transportation (DOT)-mandated medical exams.

There are also many documents containing personal information such as scans of the employees’ driver’s license, their full names, social security numbers, as well as their addresses.

Since last year, Ransomware groups have intensified their efforts in the health care sector, especially on logistics and transportation.

Only last month, 1.5 million patient records were compromised from hacking incidents of 37 U.S. healthcare providers.

However, the data breach from Taylor Made shows that transport and logistics companies face serious security issues that can transcend beyond their systems. As a result, the need for these companies to secure their employees’ data has not been more important than now when the threat levels are high.

Both firms are looking into the issue

Parcel Delivery Company UPS has commented on the issue. The firm’s spokesperson Mathew O’Connor said UPS was looking into the breach but refuses to discuss how many of the company’s drivers are affected by the breach.

 “The security of employees’ personal information is of the utmost importance,” he said.

Norfolk Southern spokesperson Jeff DeGraff also commented on the incident and reiterated that the security of its employees’ data is still the company’s priority.

 “The security of our employees’ data is a priority for Norfolk Southern and a requirement for our vendors,” he stated.

DeGraff further stated that the company has no additional information about the breach, but says the company is looking into the issue.

The railway company presently operates in 22 states in the U.S. and currently has about 25,000 employees on its payroll.

Third parties increase the risk of a data breach

Also, these companies face the risk o vulnerability exposures from third parties. They usually contract the random alcoholic and drug testing of their employees to third parties. As a result, the employees’ data is needed by these third parties, which increases the risk of a data breach.

Chief Executive Officer and President of Scopelitis Transportation Consulting Dave Osiecki opined that trucking firms have the responsibility of ensuring their data is safe in the hands of third parties.

He pointed out that as an employer, it’s the responsibility of the firm to make sure employee data is handled with ultimate care. Since they are the ones that tender the data to the third parties, the employers are also responsible for the data. So, in his opinion, the employer of a CDL driver has to take measures to secure employees’ data, including those sent to third parties.

Same hackers also breached OmniTRAX

The Chief Executive Officer of Taylor Made Diagnostics Caroline Taylor didn’t reply when an email was sent to her for comment about the incident.

The hackers who are probably responsible for the hacking incident were also involved in a recent ransomware attack on short-line rail operator OmniTRAX. The gang has also attacked some other health care providers since the beginning of the year.

Norfolk Southern has its headquarters in the Hampton Roads region of Virginia, where Taylor Made Diagnostics has two clinics.

Taylor Made Diagnostics has customers and clients in a wide range of U.S. organizations. These include the Special Naval Warfare Development Group and the U.S. Secret Service. The former is also widely called the SEAL Team Six, which was responsible for the search, capture, and executive of Osama Bin Laden.

Summary
Medical Records Of Norfolk Southern And UPS Employees Leaked By Hackers
Article Name
Medical Records Of Norfolk Southern And UPS Employees Leaked By Hackers
Description
A recent report has revealed that a suspected ransomware attack has left the data of a UPS and Norfolk Southern employee exposed.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading