The LinkedIn Malware Attack

Over the past few weeks, LinkedIn has been making the news in the cyber circles and not in a good way. A few healthcare facilities had staff who reported they had received malware from legitimate LinkedIn connections. Specifically, within the LinkedIn website itself, users received messages with malicious attachments from people they are connected with. Basically, the people sending the malware had their accounts hacked, and the perpetrators simply sent messages to their contact list.

Curiously, Troy Hunt, creator of the fabulous website (a free resource all of you should be using), announced findings by two cyber researchers who discovered exposed (not breached) data of 622 million email addresses and additional information apparently extracted from LinkedIn, among other sources. The data was exposed through an open Elasticsearch index tied to a data aggregation company called PDL – People Data Labs. PDL claims one of their customers is responsible for the exposure, but whoever is to blame, it appears our LinkedIn data, tied to much more personal information, is out there and being used against us on LinkedIn itself.

So along with all of the holiday scams that are prevalent this time of year, be cautious on LinkedIn also.

It’s just a mess out there for our data. At the very least be protecting your financial access information with complex passwords and two-factor authentication. And maybe as a rule don’t open attachments unless you’ve verbally spoken to the person who sent it.

Be smart. Be safe.

Jeff Mongelli

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.

For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.