top of page

Cybersecurity and Compromises

Yet Another Compromise

by Charles Parker, II


There are constantly compromises being published across the industries, and many more unpublished

for a variety of reasons. Many years ago, the attacks were initiated by people showing their skills and

the corporation's lack of focus on security allowing these exploits. Times certainly have changed. Now

this endeavor has been operationalized, streamlined, and become a profit center with an ROI.

Every company is a target for the various attacks. At the heart of most of these attacks is data. This has

many uses for the bad actors, from selling to being ransomed. There are no geographic boundaries

either. A company in Michigan recently had the opportunity to enjoy this at great length.

HealthEC, LLC, a population health management platform, coupled with Corewell Health. The focus of

the work is to identify high risk patients, which is great and beneficial for the patients. The company was

recently compromised, leaking confidential data and information on over a million Michigan residents.

The data leaked included the patient’s name, address, date of birth, social security number, medical

information (e.g., diagnosis, diagnosis code, mental/physical condition, prescription information, and

provider’s name), and health insurance information. Just the first four data points being compromised is

bad enough (e.g., for identity theft), but add in the medical information and health insurance

information, and the successful attackers have a field day. This allows more for the potential for

ransomware to come into play.

To accommodate concerns, HealthEC is offering 12 months of credit monitoring and identity protection

services through TransUnion. This may sound great, and it is for the first 12 months. Think about what

happens after the 12 months. The stolen data, in part, is permanent or could be updated with a quick

and easy internet search.


About the Author

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.


Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Archive
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page