Medical Data is such a significant target for the attackers. The data is able to be bundled
together or separated to be sold, dependent on the type of data and the potential markets
on the dark web.
together or separated to be sold, dependent on the type of data and the potential markets
on the dark web.
Yet another example of this was reported in May 2018. LifeBridge Health appears to
have been targeted and compromised. It appears the compromise of 500k patient
records occurred on September 27, 2016. This was detected in March 2018. Thus it
took approximately 1.5 years for the business to realize they had been targeted, recon
had occurred, and the system was compromised. This was not noted by the business
or its InfoSec Department, but after a forensic firm had been hired. The data probably
exfiltrated was patient names, addresses, birth dates, insurance information, and the
gemstone of the patient’s social security number.
have been targeted and compromised. It appears the compromise of 500k patient
records occurred on September 27, 2016. This was detected in March 2018. Thus it
took approximately 1.5 years for the business to realize they had been targeted, recon
had occurred, and the system was compromised. This was not noted by the business
or its InfoSec Department, but after a forensic firm had been hired. The data probably
exfiltrated was patient names, addresses, birth dates, insurance information, and the
gemstone of the patient’s social security number.
Although the press release states the business takes protecting the patient’s data
very seriously, as these all do, the breach and also compromise timeline is problematic.
The patient’s data was exposed on the dark web for sale and abuse for up to 1.5 years.
The InfoSec team should have been able to notice the traffic moving the data from the business.
very seriously, as these all do, the breach and also compromise timeline is problematic.
The patient’s data was exposed on the dark web for sale and abuse for up to 1.5 years.
The InfoSec team should have been able to notice the traffic moving the data from the business.
No comments:
Post a Comment