Cybersecurity and Compromises
Yet Another Compromise
by Charles Parker, II
There are constantly compromises being published across the industries, and many more unpublished
for a variety of reasons. Many years ago, the attacks were initiated by people showing their skills and
the corporation's lack of focus on security allowing these exploits. Times certainly have changed. Now
this endeavor has been operationalized, streamlined, and become a profit center with an ROI.
Every company is a target for the various attacks. At the heart of most of these attacks is data. This has
many uses for the bad actors, from selling to being ransomed. There are no geographic boundaries
either. A company in Michigan recently had the opportunity to enjoy this at great length.
HealthEC, LLC, a population health management platform, coupled with Corewell Health. The focus of
the work is to identify high risk patients, which is great and beneficial for the patients. The company was
recently compromised, leaking confidential data and information on over a million Michigan residents.
The data leaked included the patient’s name, address, date of birth, social security number, medical
information (e.g., diagnosis, diagnosis code, mental/physical condition, prescription information, and
provider’s name), and health insurance information. Just the first four data points being compromised is
bad enough (e.g., for identity theft), but add in the medical information and health insurance
information, and the successful attackers have a field day. This allows more for the potential for
ransomware to come into play.
To accommodate concerns, HealthEC is offering 12 months of credit monitoring and identity protection
services through TransUnion. This may sound great, and it is for the first 12 months. Think about what
happens after the 12 months. The stolen data, in part, is permanent or could be updated with a quick
and easy internet search.
About the Author
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.