• HOME

  • ABOUT

  • SOLUTIONS

  • PAPERS AND PUBLICATIONS

  • CONTACT

  • Blog

  • More

    washingtoncybercenter.com

    © 2023 by Marketing Solutions. Proudly created with Wix.com

    Cybersecurity and Connected Vehicles

    December 11, 2019

    Cybersecurity, the Holiday Season and the Grinch

    December 6, 2019

    Cybersecurity, Vendors and Stolen Laptops

    December 2, 2019

    Cybersecurity and Dental Services

    November 29, 2019

    Cybersecurity and IT Firms

    November 25, 2019

    Cybersecurity and Small Town Attacks

    November 22, 2019

    Cybersecurity and Online Gaming

    November 18, 2019

    Cybersecurity, Backup Services and Ransomware

    November 15, 2019

    Cybersecurity, PLCs and DoS

    November 4, 2019

    Cybersecurity and Student Loans

    November 1, 2019

    Please reload

    Recent Posts

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Featured Posts

    Cybersecurity and Health Care Centers

    July 19, 2019

    |

    Charles Parker II

    People tend to visit their doctor every now and again for the annual check-ups, scrapes, and other issues. As the patients visit their respective doctor, the office requires certain information and the doctor have their notes from the visit. This information is important to us and have value. Most of the time, securing this is not an issue. This was not the case for Navicent Health. Navicent Health is based in Macon, GA. This is one of middle Georgia’s largest employers and healthcare providers. This is also the second largest hospital.

     

    The attackers focused on the hosted staff email system. This, fortunately, did not include the EHR system or network. The staff email system did however contain the patient’s private personal information. This included the patient's name, data of birth, address, limited medical information, and a portion of the patient also had their social security number exposed. To top off the list, there was also billing and appointment scheduling data.

     

    The successful attack occurred in July 2018. Curiously, this was detected on January 24, 2019. Navicent did notify law enforcement of the attack and breach. The breach affected 278,016 patient’s PHI and PII. The patient’s data was located on the compromised email server. Navicent was not completely sure I the attackers viewed or downloaded the patient’s data. To be conservative, it is presumed the attackers had.

     

    The company contracted with a third party forensics firm to investigate the issue. They also notified the affected parties. They were offering, in response to the breach, free ID theft protection. This was limited to the patients with their social security number exposed. The patient recommendation is for them to monitor their credit report and account statements. To alleviate the potential for this to happen again, the management is reviewing additional staff education and adding other technology.

     

    There were a number of issues with this successful attack. First, there needed to be additional training for the staff. Also as a significant issue, there was a rather significant time lag from the attack date to the detection date. The successful attack was in July 2018. The detection occurred on January 24, 2019. This was a rather long time to detect a rather significant issue. There has been no comment as to why this took so long.

     

     

    Resources

     

    Abrams, L. (2019, April 17). Navicent health data breach exposes patient’s personal info. Retrieved from https://www.bleepingcomputer.com/news/security/navicent-health-data-breach-exposes-patients-personal-info/ 

     

    Corley, L. (2019, March 22). Navicent health announces cyber attack targeting its email system. Retrieved from https://www.macon.com/news/local/crime/article228281814.html

     

    Davis, J. (2019, March 25). Navicent health reports data breach from july 2018 cyberattack. Retrieved from https://healthitsecurity.com/news/navicent-health-reports-data-breach-from-july-2018-cyberattack

     

    Dissent. (2019, March 22). Navicent health announces cyber attack targeting its email system. Retrieved from https://www.databreaches.net/navicent-health-announces-cyberattack-targeting-its-email-system/ 

     

    Drees, J. (2019, April 16). Update: Data breach exposes 278,000 navicent health patients’ information. Retrieved from https://www.beckershospitalreview.com/cybersecurity/update-data-breach-exposes-278-000-navicent-health-patients-information.html

     

    HIPAA Journal. (2019, March 25). PHI exposed in three recent email security incidents. Retrieved from https://www.hipaajournal.com/phi-exposed-in-three-recent-email-security-incidents/

     

    Inforisktoday. (2019). Cyberattack exposes PHI in email attacks. Retrieved from https://www.inforisktoday.com/cyberattack-exposes-phi-in-email-accounts-a-12349/  

     

    Marlin, L. (2019, March 26). Email breaches in three states expose protected health information. Retrieved from https://privaplan.com/blog/email-breaches-in-three-states-expose-protected-health-information/

     

    McGee, M.K. (2019, April 5). Cyberattack exposes phi in email accounts. Retrieved from https://www.careersinfosecurity.com/cyberattack-exposes-phi-in-email-accounts-a-12349

     

    Navicent Health. 92019). Notice of data security incident. Retrieved from https://www.navicenthealth.org/notice-of-data-security-incident.html

     

    Spamfighter. (2019). Navicent health reported data breach due to a cyberattack. Retrieved from https://www.spamfighter.com/news-22140-Navicent-Health-reported-Data-Breach-due-to-a-cyberattack.htm

     

    About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

    Share on Facebook
    Share on Twitter
    Please reload

    Follow Us

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Search By Tags

    December 2019 (3)

    November 2019 (7)

    October 2019 (7)

    September 2019 (9)

    August 2019 (10)

    July 2019 (8)

    June 2019 (9)

    May 2019 (10)

    April 2019 (9)

    March 2019 (10)

    February 2019 (8)

    January 2019 (9)

    December 2018 (8)

    November 2018 (9)

    October 2018 (9)

    September 2018 (7)

    August 2018 (9)

    July 2018 (9)

    June 2018 (11)

    May 2018 (6)

    April 2018 (9)

    March 2018 (9)

    February 2018 (8)

    January 2018 (6)

    December 2017 (8)

    November 2017 (7)

    October 2017 (10)

    September 2017 (9)

    August 2017 (10)

    July 2017 (8)

    June 2017 (10)

    May 2017 (8)

    April 2017 (7)

    March 2017 (8)

    February 2017 (7)

    January 2017 (8)

    December 2016 (11)

    November 2016 (14)

    October 2016 (14)