Another massive healthcare breach has occurred this week, and it supports research and intelligence we are seeing as described in our Q2 Threat Roundup. Community Health Systems, Inc. reported that they have been the victim of a massive cyber attack. An astonishing 4.5 million records containing names, addresses, social security numbers and even dates of birth of their patients were siphoned out of their systems. The scope of the breach spans 206 facilities and 29 states. Data breach notification laws in those states are being exercised as the company looks to move swiftly into their incident response plan. Only time will tell if the plan is effective in managing this massive hemorrhage of data and restoring of patient faith in CHS.
I was quoted in our threat report stating the following: “As information assault continues on businesses, the data exfiltrated is coalesced and sold in unspeakable communities by people who do unimaginable things—all done at a company’s expense and for ludicrous sums of money. We have to remember that stolen data has no expiration date. It can and will be used in perpetuity. We should all rethink our security strategies as stewards of data and focus on becoming threat defense experts in our organizations.” I feel for these individuals, as they must take precautions to protect and monitor their identities forever. Unfortunately, this has become the new norm. Let us hope that we do not become numb to the flurry of cyber security breaches we have seen in the past two years which have ultimately resulted in almost 50 percent of Americans being hacked or having their data leaked.
When it comes to Personally Identifiable Information (PII) and Personal Health Information (PHI), it is imperative to safeguard it with the proper data protection requirements. This includes keeping pace with the basic fundamentals of patching and leveraging encryption to ensure that when there is a breach, the critical data is forever encased in a digital vault of 1’s and 0’s – only to be unlocked by you or trusted parties. Do not let the shameless and motivated threat actors take advantage of our overworked resources as well as our lean IT and security budgets. As our technologies evolve, whether it is driving transformation through virtualization or cloud, look to pick the right technologies to remain lockstep with your accelerated processes and ever-changing business needs. There are no perfect technologies or all-knowing cyber security unicorns out there that can solve all your problems. However, there are disruptive technology platforms that can assist in mitigating your risk as well as keeping pace with your business requirements through techniques like virtual patching and vulnerability shielding for your infrastructures. This modicum of change to the legacy security model will produce huge dividends for your staff and go a long way in protecting our sacred data sets and intellectual property.
Please add your thoughts in the comments below or follow me on Twitter; @jdsherry.