Hackers Engage in WhatsApp Wi-Fi Scam; N.H. Health Data Breach and SOCOM Staff Leak

Another busy week in Threatwatch, Nextgov's regularly updated index of cyber incidents.

Watch Out for WhatsApp Wi-Fi Scam

A recently identified WhatsApp scam promises free Wi-Fi or 3G connection, packaged in a message that looks like it’s from a friend.

Naked Security reports the message, which has misspellings and a shortened link, offers various freebies depending on the device. It spreads by asking iPhone users to share with eight friends and Android users to share with 15. Eventually, the scam asks users to download apps, followed by a pop-up with an order number for “an application” for the free Wi-Fi device.

Naked Security concludes the apps aren’t malicious and the scam could be a way to get fraudulent affiliate clicks but offers this advice: “Don’t try, don’t buy, don’t reply.”

New Hampshire Health Department Data Breach Attributed to Former Patient

A psychiatric patient used a computer in a hospital library to post the personal information of 15,000 New Hampshire Department of Health and Human Services clients.

The patient posted health information as well as names, addresses, Social Security numbers and Medicaid identification numbers, according to WMUR. Department officials acknowledged the breach Dec. 27.

The breach happened in October 2015, but New Hampshire Hospital staff found indication that the patient may have accessed other materials, such as training records, and posted them on social media sites last August, according to the report. The personal information was posted Nov. 4 and officials said it was removed within 24 hours.

The department has been notifying possible breach victims and set up call centers to share information about preventing identity theft.

Did Pentagon Subcontractor Leak Sensitive Special Operations Command Personnel Data?

A security researcher found 11 gigabytes of personal information and locations about U.S. Special Operations Command health care providers online in alleged database leak of a Defense Department subcontractor.

MacKeeper Security Researcher Chris Vickery wrote on his blog he found an unsecured file repository of the names, Social Security numbers, salaries, assignments and other personally identifiable information of health care professionals deployed with SOCOM, including two data analysts with top-secret clearances.

Vickery wrote he alerted Potomac Healthcare Solutions, a subcontractor of Booz Allen Hamilton, of what he found but the files remained online until he made subsequent calls.

“It’s not hard to imagine a Hollywood plotline in which a situation like this results in someone being kidnapped or blackmailed for information," he wrote. "Let’s hope that I was the only outsider to come across this gem."

Potomac Healthcare Solutions told ZDNet it was aware of the incident but denied any sensitive information was compromised. BBC reported Booz Allen Hamilton was also investigating.