Security News

Triple breach week

Avast Security News Team, 22 February 2019

Not one, not two, but three data breaches this week...plus some real bad ads.

Presidents’ Day malvertising blitz

Cybersecurity researchers observed a swell of malicious ads flooding the internet over Presidents’ Day weekend, striking at a time when ad network employees were enjoying the three days off. With tech support slower to respond, cybercriminals took the opportunity to inject bad ads into regular ad rotation. Researchers tracked as many as 800 million ads over the three-day weekend. Instead of infecting the user’s system with malware, the ads led to phishing screens that tried to coax login credentials from the users.

Experts recognize the cybergang behind the Presidents’ Day bad ad blitz as “eGobbler,” a name given to the gang for trying something similar over the long Thanksgiving weekend last year.

Data breach affects 42,000 health patients

Florida-based primary care providers AdventHealth Medical Group has warned 42,000 of their Pulmonary and Sleep Medicine patients that a data breach caused by a malware infection compromised their system from August 2017 through December 27, 2018. Patient data able to be accessed by the breach includes names, addresses, emails, phone numbers, birthdates, health insurance info, medical info, and social security numbers. The medical group has not commented on why the malware infection went undetected for so long, nor how the malware was installed in the first place. The group is offering credit monitoring and fraud consultation to the victims.

“What’s most disturbing about this incident is that the infection was there for more than a year before the company realized they had been compromised,” comments Luis Corrons, Avast security evangelist. “Of course anyone can be a target and suffer a compromise, but the fact that they were unable to identify a malware infection for 16 months shows that data security was not on their priority list.”

Data breach affects 1,000,000 more health patients

Meanwhile, across the country in Washington state, another health-related data breach has struck, only this one is not attributed to malware. In their official statement on the matter, the University of Washington Medicine — a network of medical centers — attributes their data breach to “internal human error.”

A user searching their own name found their private UW Medicine medical record online for all the world to see. The patient contacted the medical group, which then launched an investigation and learned that almost one million patient medical files had been left accessible online for a period of roughly three weeks in December. It’s unclear at present if any of the medical records had been accessed, but none of the records contained financial info. The information at risk involved the state of the user’s mental and physical health.

“This is a common phenomenon, unfortunately. A number of data breaches happen because someone makes a seemingly ‘minor’ mistake that publishes information online that shouldn't be accessible,” comments Corrons. “This is similar to what happened to some Republican contractors, when they inadvertently made public the information of around 200 million registered voters for a period of 12 days.”

Point-of-sale data breach hits midwest US

North Country Business Products, point-of-sale technology provider to businesses across the midwest, divulged this week that some of its payment systems suffered a data breach, putting customers at 137 of its associated restaurants at risk. Much like the 2013 Target data breach and the 2016 Home Depot data breach, this one was caused by malware that collects sensitive payment info straight off the customer’s card — specifically, name, card number, expiration date, and security code. If the card is a debit card, then the malware also collects the pin.

North Country, in their official announcement, state the breach occurred between January 3rd and January 24th this year. They provide even more specific dates and a list of all the affected restaurants in the public statement.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.