There are constantly compromises being published across the
industries, and many more unpublished for a variety of reasons. Many years ago,
the attacks were initiated by people showing their skills and the corporation’s
lack of focus on security allowing these exploits. Times certainly have
changed. Now this endeavor has been operationalized, streamlined, and become a
profit center with an ROI.
Every company is a target for the various attacks. At the
heart of most of these attacks is data. This has many uses for the bad actors,
from selling to being ransomed. There are no geographic boundaries either. A company
in Michigan recently had the opportunity to enjoy this at great length.
HealthEC, LLC, a population health management platform,
coupled with Corewell Health. The focus of the work is to identify high risk
patients, which is great and beneficial for the patients. The company was recently
compromised, leaking confidential data and information on over a million
Michigan residents.
The data leaked included the patient’s name, address, date
of birth, social security number, medical information (e.g., diagnosis,
diagnosis code, mental/physical condition, prescription information, and
provider’s name), and health insurance information. Just the first four data
points being compromised is bad enough (e.g., for identity theft), but add in
the medical information and health insurance information, and the successful
attackers have a field day. This allows more for the potential for ransomware
to come into play.
To accommodate concerns, HealthEC is offering 12 months of
credit monitoring and identity protection services through TransUnion. This may
sound great, and it is for the first 12 months. Think about what happens after
the 12 months. The stolen data, in part, is permanent or could be updated with
a quick and easy internet search.
Thank you.
Services
Enterprise and Embedded System Cybersecurity Engineering & Architecture
Red Team Pentesting | HW & SW BoMs | CBoM |
Vulnerability Management | Tabletop Exercises (TTX) |
Embedded Systems Architecture | Threat Intelligence |
TARA (Threat Assessment and Remediation Analysis)
Disabled Veteran Owned and Operated
No comments:
Post a Comment