Cybersecurity and Compromises

Yet Another Compromise

by Charles Parker, II

There are constantly compromises being published across the industries, and many more unpublished for a variety of reasons. Many years ago, the attacks were initiated by people showing their skills and the corporation's lack of focus on security allowing these exploits. Times certainly have changed. Now this endeavor has been operationalized, streamlined, and become a profit center with an ROI. Every company is a target for the various attacks. At the heart of most of these attacks is data.

This has many uses for the bad actors, from selling to being ransomed. There are no geographic boundaries either. A company in Michigan recently had the opportunity to enjoy this at great length. HealthEC, LLC, a population health management platform, coupled with Corewell Health. The focus of the work is to identify high risk patients, which is great and beneficial for the patients. The company was recently compromised, leaking confidential data and information on over a million Michigan residents.

The data leaked included the patient’s name, address, date of birth, social security number, medical information (e.g., diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name), and health insurance information. Just the first four data points being compromised is bad enough (e.g., for identity theft), but add in the medical information and health insurance information, and the successful attackers have a field day. This allows more for the potential for ransomware to come into play.

To accommodate concerns, HealthEC is offering 12 months of credit monitoring and identity protection services through TransUnion. This may sound great, and it is for the first 12 months. Think about what happens after the 12 months. The stolen data, in part, is permanent or could be updated with a quick and easy internet search.

About the Author- Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries

Check back soon

Once posts are published, you’ll see them here.

Cybersecurity and the Value of Verification

Cybersecurity and ICS Ransomware

Cybersecurity and World-Wide Ransomware

Cybersecurity and Ransomware

Cybersecurity and Repositories

Cybersecurity and Children's Hospitals

Cybersecurity and International Standards for Medical Devices

Cybersecurity and Standards

Cybersecurity and IoT devices

Cybersecurity and Medical Device Connectivity

No tags yet.

Cybersecurity and Compromises

Featured Posts

Recent Posts

Archive

Search By Tags

Follow Us