top of page

Cybersecurity and Compromises

Yet Another Compromise

by Charles Parker, II

There are constantly compromises being published across the industries, and many more unpublished for a variety of reasons. Many years ago, the attacks were initiated by people showing their skills and the corporation's lack of focus on security allowing these exploits. Times certainly have changed. Now this endeavor has been operationalized, streamlined, and become a profit center with an ROI. Every company is a target for the various attacks. At the heart of most of these attacks is data.

This has many uses for the bad actors, from selling to being ransomed. There are no geographic boundaries either. A company in Michigan recently had the opportunity to enjoy this at great length. HealthEC, LLC, a population health management platform, coupled with Corewell Health. The focus of the work is to identify high risk patients, which is great and beneficial for the patients. The company was recently compromised, leaking confidential data and information on over a million Michigan residents.

The data leaked included the patient’s name, address, date of birth, social security number, medical information (e.g., diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name), and health insurance information. Just the first four data points being compromised is bad enough (e.g., for identity theft), but add in the medical information and health insurance information, and the successful attackers have a field day. This allows more for the potential for ransomware to come into play.

To accommodate concerns, HealthEC is offering 12 months of credit monitoring and identity protection services through TransUnion. This may sound great, and it is for the first 12 months. Think about what happens after the 12 months. The stolen data, in part, is permanent or could be updated with a quick and easy internet search.

About the Author- Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries


Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page