There’s been volumes written about data theft in medical facilities, methods, and effects. This is no
wonder given the mountain of data created daily from the patient care and operations. Another viable
target would be auto dealerships. This hold much the same data hospital would generally. When a
person purchases their vehicle, as a course of the process, they provide their name, address, data of
birth, SSN, financial information, and other data. The hospital or medical care facility collects much the
same, with additional data for the patient care.
In this case an automotive dealership was compromised. On or about May 27, 2023, the Jeff Wyler
Automotive Family an unauthorized party compromised their perimeter security and was able to access
the consumer information (e.g., name, date of birth, SSN, driver’s license or state ID #, medical
information, health insurance information, and financial information). This was detected on January 29,
2024.
The method of attack unfortunately was not detailed. Anytime this event occurs, there’s something to
learn and use to build up your defenses. This experience does highlight the need for regular
cybersecurity assessments. This, depending on the environment and budget, may consist of vulnerability
scans, per tests, and threat feeds for your equipment. This also includes working on the vulnerabilities to
remove these and secure your system.