Security Breach Update
12 April 2019

Medical BreachThe results from a data breach can be devastating, not only for your business, but for all your clients, suppliers and employees.

You don’t just risk losing data, but your reputation and your business. Take the University of Connecticut Health Center as an example.

It has been served a class action lawsuit over a data breach that resulted in the exposure of 326,000 current and former patients. The class action is seeking $5M in damages, alleging that the university not only took months to report the breach, but could have done more to prevent it.

Several class action plaintiffs claim that their bank account has been defrauded and overdrawn due to the information that was compromised during the breach.

With the public eye scrutinising organisational efforts to protect their customers and employees, small businesses must catch on early and begin working with their IT providers to bolster their cybersecurity initiatives.

Recent Breaches

Germany – Bayer Pharmaceuticals – multinational pharmaceutical and Life Sciences Company.

Exploit: Malware attack

Risk to Small Business: Severe: In a statement this past Thursday, Bayer revealed that infectious software was discovered on its systems back in early 2018. Before removing the malware in March, the company proceeded to “spy” on the hackers to identify the responsible party.

Without any further details on their incident response methodology or further information on what Bayer means by “spy” ID Agent recommends always contacting an Incident Response Team if a compromise has been identified.

Allowing an unknown third party to continue accessing data is generally inadvisable. The drug maker announced that there is no evidence of data theft, and they have traced the source of the hack to a group known as Winnti.

Risk to Exploited Individuals: Low:  No individuals are at risk

Customers Impacted: NA

 

Ireland – Saolta University Healthcare Group

Exploit: Scam

Risk to Small Business: Severe:  Patients of one of the hospitals in the Saolta network, University Hospital Galway (UHG) are receiving letters from an organization calling itself the Anglo American Lottery. The scam informs them that they have won a prize in the “hospital sick patient lottery draw” and will be admitted to a ward. Along with soliciting DOBs and other personal details, the scheme offers a fake website and phone number. Patients of UHG are filing complaints and have voiced their concerns to the Data Protection Commission, and it remains to be seen how Saolta will be penalized.

Risk to Exploited Individuals: Moderate: Given that hackers were able to send personalized letters to the home addresses of patients, it’s clear that an exposure of information has already occurred. Anyone who has received or responded to the letter must immediately enlist in identity protection and reach out to Saolta to receive reparations.

Customers Impacted:  To be determined.

 

Canada – BC Pension Corporation – ne of the largest pension plan administration agents in Canada

Exploit: Missing microfiche

Risk to Small Business: Severe: Members of the BC College Pension Plan are receiving notifications that their information may be at risk after a box went missing during an office move from last year.

Contents of the container included microfiche with personal information of members who worked from 1982 to 1997, and the breach was discovered in October 2018. Although the corporation has declared this as a low risk security incident, FIPA argues that it is a high-risk attack.

Along with negative publicity, the BC Pension Plan Corporation will face backlash from members and may spearhead the case for implementing mandatory data breach reporting requirements in British Columbia.

Risk to Exploited Individuals: Severe: Some of the information includes names, social insurance numbers and dates of birth. Although there is currently no indication of an attack, plan members should investigate identity and credit reports to see if they were affected. In the words of one of the affected members, West Kelowna resident Pamela Stevens, “the information is out there, and there are people that wait around for these things to happen to get people and to use their cards and information to misuse it.”

Customers Impacted:  Around 8,000

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
12/04/2019

Follow us on LinkedIn:

Related Articles:
SonicWall Cyber Threat Report 2019
Cybersecurity Best Practices

Written by