Healthcare data risks in the supply chain

The healthcare industry encompasses all sorts of entities, beyond hospitals and medical device providers.  These firms make use of third party vendors that provide various services.  Truepill, a digital health startup company, is the most recent example of this.  A startup that provides certain pharmaceutical management services to healthcare organizations, Truepill revealed that hackers had accessed the personal data of nearly 2.4 million patients.  This data included names, demographics, and other types of medical information, personal health information (PHI) and electronic medical records (EHR), and prescriptions and physicians. 

Truepill’s investigation into the incident resulted in the statement: “As a result of this breach, it is essential that we reevaluate our security protocols and learn from this incident to better protect patient data in the future.”

By and large, however, this has been the extent of their comment.  The firm has otherwise been a bit tacit on details of the breach, not responding to questions and offering up only these miniscule tidbits, a class action lawsuit – filed relatively quickly – places responsibility on Truepill’s parent company, Postmeds.  It asserts a failure by Postmeds to maintain proper data security measures: above all for leaving said data unencrypted on its servers. 

Failure to encrypt always seems like the most egregious oversight an organization can make.  There’s no definitive, foolproof way to prevent all social engineering attempts against human error, but keeping your data unusable to cyber criminals is a clear cut, straightforward matter. 

Now, as Postmeds is a healthcare service provider, it falls under the purview of Health Insurance Portability and Accountability Act (HIPAA).  By not meeting these compliance standards through a lack of encryption, Postmeds and Truepill are opened up to consequences like legal action.  This comes on top of a recent settlement made with the US Drug Enforcement Administration (DEA) over questionable prescription practices.  The company has offered assistance to those impacted by the breach, and also states it has begun enhancing its security measures to prevent future incidents.

Unless an organization’s data, this valuable resource gathered from equally valuable customers, is safely encrypted, breaches like this will continue to be a simple effort for hackers.  Using NetLib Security’s Encryptionizer, a powerful platform that transparently encrypts data on servers, legacy systems, and distributed applications, brings this critical defense into play.   No additional programming is required, and this efficient, cost-effective solution has virtually no impact on performance.

Encrypting data should be at the forefront of any organization’s cybersecurity against bad actors.  Request a free evaluation of Encryptionizer here.


By: Jonathan Weicher, post on November 22, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security