All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth.
Generally, people in the Meadow are healthy. We enjoy the outdoors, hiking, and sitting downtown on the benches watching people walk by. At times, though, our residents may need to go to the clinic for various chronic or acute problems. At times Jerry claims Margie is trying to poison him. When we attend the doctor’s, we are required to provide a bit of private and health information. Tandigm Health had an issue with a vulnerability and their patient’s data recently.
Tandigm Health is a value-based healthcare company. Their service offers to support health plans by working with primary care physicians to provide better healthcare. The attack causing the issue involved their web application. The vulnerability allowing this was a rather serious vulnerability with one of their websites. This allowed for an unauthorized person to gain access to their system. This attack and vulnerability were open from April 24, 2017, to December 31, 2017, or over eight months.
Tandigm detected the “potential” vulnerability on September 25, 2018. They noted this was with one of their websites, and affected approximately 7k patients. The attackers could have accessed the patient’s name, date of birth, medical information, and health insurance data during the open window. On the brighter side, this did not include any patient financial or credit data.
Once Tandigm learned of the vulnerability, the management sent letters to the potentially affected patients. This was done as an abundance of caution. The company did launch an investigation. They contracted with a 3rd party for the forensic work. Their goal was to detail the nature and scope of the issue. The direct question was whether the vulnerability could enable an unauthorized person to bypass the security in place. If this were found to be the case, the next question involved what data could be accessed.
For the affected parties, the business is offering a credit monitoring service for two years. As a proactive measure, improving staff training was a significant focus. They are also reviewing their security policies.
This was a rather significant issue for a long period of time. It is curious why this took so long to detect this vulnerability.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Davis, J. (2018, November 29). Data of 7,000 tandigm health patients exposed by site vulnerability. Retrieved from https://healthitsecurity.com/news/data-of-7000-tandigm-health-patients-exposed-by-site-vulnerability
Dissent. (2018, November 23). Tandigm health notifying 7,000 patients after discovering vulnerability that might have exposed patient data in 2017. Retrieved from https://www.databreaches.net/tandigm-health-notifying-7000-patients-after-discovering-vulnerability-that-might-have-exposed-patient-data-in-2017/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!