Mission Health online store hijack went undetected for years

Credit card and payment information was the target of the three-year-long attack.

Understanding the changing role of the CIO in healthcare

A data breach occurring on the Mission Health website managed to go undetected for years, the company has revealed. 

Mission Health, based in Asheville, North Carolina, is a health services provider offering everything from walk-in care to cancer treatment and e-health. 

The company also usually facilitates the purchase of health-related products online, but it is this payment portal that became the target of cyberattackers in 2016. 

See also: This is how hackers make money from your stolen medical data

In a statement mailed to patients, as reported by ABC13 WLOS, Mission Health admitted that between March 2016 and June 2019, the online store was compromised for the purpose of data theft. The portal was subject to what appears to be skimmer malware or scripts. 

If a customer visited store.mission-health.org or shopmissionhealth.org, they may have had their payment card data read and stolen during the three-year timeframe. 

"We conducted a comprehensive review of all transactions made on the site during the timeframe of the incident and have sent letters to consumers whose data may have been impacted," Mission Health said. "The impacted website was not part of our primary missionhealth.org site and has been taken offline and is being completely rebuilt."

Such attacks are now assigned the phrase "Magecart," which has become attributable to cybercriminals that employ card-skimming malware and scripts, usually by exploiting a vulnerability in e-commerce services, to covertly harvest information and whisk it away to a command-and-control (C2) server. 

Recent, high-profile Magecart attacks include British AirwaysTicketmaster, and Feedify. Hotel booking websites, US college campus stores, and countless e-retailers have been targeted over the past few years. 

CNET: Now you can log onto Windows with a hardware security key

Attempts to reach the stores are met with "The server is temporarily unable to service your request due to maintenance downtime or capacity problems" at the time of writing. 

It is not believed that any medical records have been compromised. However, unless medical firms including Mission Health begin to take cybersecurity more seriously and conduct frequent audits of their domains, it is not only payment data that may end up at risk.

TechRepublic: How to add public SSH keys for users in Cockpit

In related news this month, Tū Ora Compass Health revealed a data breach that may have exposed the private medical data of up to one million individuals across New Zealand. 

The primary health organization said, too, that cyberattacks had occurred between 2016 and 2019, leading to the exposure of information including names, National Health Index Numbers, dates of birth, and addresses. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0