Security Breach Update
14 November 2019

Google Has Access to Personal Health Information of Millions of US PatientsGoogle Has Access to Personal Health Information of Millions of US Patients 

Recently Google partnered with Ascension – one of the largest health systems in America – but did so quietly. This partnership allows Google access to all of Ascension’s patients’ data. Ascension operates 150 hospital 21 states.

The effort was code named “Project Nightingale,” and has allowed some Google employees access to data including names, birth dates, addresses, family members, allergies, immunizations, radiology scans, hospitalization records, lab tests, medications, medical conditions, and even some billing records.

The current agreement does not appear to be a violation of HIPAA (Health Insurance Portability and Accountability Act). Google has been looking to expand their health information efforts, including plans to acquire Fitbit. However, Google has responded to the news of the partnership to say the data will not be used other than to assist Ascension medical providers.

Recent Breaches

United States – Brooklyn Hospital Center

Exploit: Ransomware

Risk to Small Business: Severe: A ransomware attack struck Brooklyn Hospital Center, making some patient data inaccessible while deleting other information entirely. The ransomware originated with unusual network activity in July, but it wasn’t until September that the hospital determined that certain data would never be recoverable. However, it’s unclear why it took another month to notify the public of the disabled or missing data. As healthcare providers both big and small face the threat of ransomware attack, this lengthy reporting delay can compound the problem as it ushers in the opportunity for more hostile consumer blowback.

Risk to Exploited Individuals: Severe:  Brooklyn Hospital Center declined to identify the specific data compromised in the breach, but healthcare providers are often a target for cybercriminals because of the sensitive nature of this information. Therefore, anyone impacted by the breach should take the necessary steps to ensure their data’s security, including enrolling in identity monitoring services and closely evaluating their accounts for unusual or suspicious activity.

Customers Impacted: Unknown

United Kingdom – James Fisher and Sons PLC – Marine services provider

Exploit: Unauthorized database access

Risk to Small Business: Moderate:  An unauthorized third-party gained access to the company’s computer system, forcing JFS to bring their systems offline to prevent intruders from further infiltrating their network. In some sense, the company was lucky. Personal information wasn’t compromised in the breach, but cybersecurity events of any kind can still have serious repercussions for any company. In this case, the company’s shares dropped by nearly 6% after the breach, and JFS will incur the cost of cybersecurity specialists who are working to secure their network retroactively.

Risk to Exploited Individuals: No personal information was compromised in the breach.

Customers Impacted:  Unknown

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
14/11/2019

Follow us on LinkedIn:

Related Articles:
Business Continuity with Datto
Businesses underestimate the threat of stolen employee data.

Written by