Security Breach Update
27 July 2018

This week serves up a reminder why medical data should be handled with care, as it’s among the most highly sought after and valuable for hackers. Two of the biggest telecommunications providers in the world were also breached this week, which is what happens when you “phone in” cyber security.

So many Australians have been rushing to opt-out of their government’s new centralized health record system that the site has crashed! Originally it was designed as an opt-in database, but there just wasn’t a lot of activity with the program.

After the government spent more than AU $4 billion on this database, a flop of that magnitude was not an option, so it became a mandatory opt-out program. Many people cite privacy concerns as their reason for opting out, which is a fair assessment.

This lack of trust could be because despite assurances by government officials that no data will be shared with third parties, a partner app called HealthEngine has been caught red-handed breaking those promises.

Recent Breaches

Israel – Verizon – Exposed by Nice Systems – An Israeli based enterprise Software Company that has 85 of the Fortune 100 as customers.
Exploit: Exposed Amazon S3 storage server, supply chain vulnerability.
Risk to Small Business: High: Supply chain breaches are increasingly blamed on the prime vendor as it’s their fiduciary responsibility to ensure the downstream vendors they use are secure. This one has global reach as many of the customers are US-based individuals.
Risk to Exploited Individuals: High: Could allow hackers to break into an exposed individual’s email account protected by 2FA.
Customers Impacted: 14 Million

Singapore – Ministry of Health – Singapore’s national health organization
Exploit: Undisclosed at this time. Lack of advanced, real-time intrusion detection.
Risk to Small Business: High: Nation-state originated, this is a massive breach in both scope and severity; most business would not recover from this, especially due to the fines that many countries would levy on a business that did not secure healthcare data.
Risk to Exploited Individuals: High: Medical information is valuable on the Dark Web and can be used to impersonate or exploit an individual.
Customers Impacted: 1.5 million citizens, including the Prime Minister.

Canada – CarePartners – An organization that provides home medical services
Exploit: Unencrypted data-at-rest. Elevated privileged access. Unpatched vulnerability open for 2 years.
Risk to Small Business: High: Ransom and exfiltrate attacks are an increasingly common practice amongst cyber criminals and can be reputation and monetarily damaging to an organization.
Risk to Exploited Individuals: Extreme: Health information is useful for identity theft and traded frequently on Dark Web market places.
Customers Impacted: 80,000.

Do you know if your business has had a data leakage? Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
18/07/2018

Follow us on LinkedIn:

Related Articles:
Notifiable Data Breaches (NDB) Scheme & Your Company
2018 – The Year of Cyber-Security

Written by