The New York Times reported today that a Russian hacking ring has a massive collection of over 1.2 billion unique user names and passwords, with over 500 million being email addresses. The discovery of the database was made by security research firm Hold Security, and the data was independently verified by security experts hired by the New York Times.

Security experts are labeling this discovery as the largest publicly-known collection of it’s kind, though remain unsure as to the currency of the stolen credentials. As of July, the Russian gang was said to have collected 4.5 billion records, but many were duplicates or too similar to discern. Alex Holden, founder of Hold Security, said “Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites.” While no connection was made to the Russian government, Holden explains that “they have not historically pursued accused hackers.”

To protect our customers and colleagues, Solve Healthcare strongly recommends that you change all passwords immediately- particularly for all personal and professional websites. While the list of websites breached isn’t known yet, there is a high likelihood that the hackers targeted the most heavily trafficked sites. This event is further compounded by the fact that most users tend to use the same user names and passwords for all or most of their logins. While the NYT says the credentials have been mostly used by charging fees to send out spam through email and social networks, some were said to have been sold on the black market where credentials are acquired for more nefarious purposes.

Over the last few years, data security breaches have only become “larger, more frequent and more costly,” stressing the importance of IT security. According to a “Cost of Data Breach” study by IBM & the Ponemon Institute published earlier this year, the average total cost of a data breach increased by 15% to $3.5 million per breach from the year prior. Healthcare in particular had the highest per capita cost of $359 per record breach. While some may say the cost of increased IT infrastructure security is too high, the cost of a breach can be much higher, especially in the healthcare industry.

Not only is there a monetary consequence to a breach, there is also a psychological cost that impacts consumer trust and confidence in their service providers resolve to spend the necessary resources to protect patient information. This was widely seen after Target’s now infamous breach reported last year that cost the company almost $150 million. With healthcare and HIPAA, security breaches and violations can be even more severe; the U.S. Department of Justice recently indicted a former employee of an east Texas hospital, who faces up to 10 years in prison if convicted.

Source: New York Times