So you have a security policy in place, and everyone has best practices training for avoiding cybercriminals' attempts to gain access to data. You should be fine, right? Well, here are some examples of large companies and organizations that had a data breach recently.
ID Agent recently compiled the most significant data breaches for the week of October 9, 2019.
UAB Medicine
A Phishing Attack exploited several employees at UAB Medicine and obtained their credentials, allowing the hackers access to protected health information for thousands of patients. The phishing attack started with an email that was posed as an hospital executive asking employees to take a survey. In the process, the hackers acquired sensitive login information that allowed them access to Patient Health Information (PMI). Investigators think that the hackers were attempting to access UAB Medicine’s payroll system but were blocked from access. This phishing scheme impacted more than 19,000 customers, which the company is offering free credit monitoring.
This breach could have been prevented with properly administered internal security training and a robust security monitoring system.
Magnolia Pediatrics
A Ransomware Attack on this healthcare practice targeted their IT company and gained access to their network. When the hackers gained access, they immediately encrypted the network requiring a payment for the decryption codes. Magnolia Pediatrics paid the ransom and recovered their data. Next, they had to reset their network and install a more robust security system. These kinds of attacks can be very expensive, not just because of the ransom, but from the fall out afterward. The negative publicity and bad press encourage patients to take their business elsewhere when they hear of these kinds of attacks. This attack put upwards of 2,400 individuals at risk and the pediatrics office is encouraging their patients to monitor their credit for unusual activity.
Any IT company worth your tie will have systems in place to prevent these types of ransomware attacks. One of the many reasons it’s so important to really investigate your IT options when shopping for a Managed Service Provider (MSP).
Methodist Hospitals
A successful Phishing Attack on just two employees provided hackers with access to thousands of patients data within the Methodist Hospitals system. It took the hospital two months to investigate this breach that exposed more than 2,000 patients health insurance information, Social Security Numbers, government ID information, electronic signatures, usernames, and payment information. This was a huge breach and the number of customers impacted was almost 70,000.
This kind of breach just goes to show that no matter how large or well established your healthcare organization is, you still need to be up to date on modern cyber criminal methods.
This has been your breach update and we hope that this makes you really think about your cybersecurity. If you have questions or concerns, don’t hesitate to reach our to Medicus IT. Let us perform a Free Network Assessment to reveal any gaps you have in security and compliance.