Keep your data under lock and key

When you share your personal information with a doctor’s office, are you concerned about the security of your data against bad actors or even accidental exposure?  You should be mindful.  Patients’ personal health information (PHI) and electronic health records (EHR) are a valuable reward for cyber criminals, and their targets are diverse. 

Dentistry practices are no different from any other healthcare entity in this regard.  Nor are their insurers, who will also have access to your data.  A major ransomware attack has recently been revealed against one of the largest such entities, Managed Care of North America (MCNA) Dental. Courtesy of the Russian ransomware group LockBit, who claimed credit for the theft and publishing of the data, almost 9 million patients were impacted by this breach.  This surpasses the 6 million figure of the PharMerica incident earlier this year.  Only a few weeks ago did we refer to that as the largest breach of the year.  It just goes to show how quickly that dubious crown can be passed along.

MCNA offers government-sponsored plans for children and seniors, and recently noticed unauthorized activity in their network, which turned out to be a hacker who accessed and stole certain data.  This includes names, addresses, birth dates, drivers’ licenses and Social Security numbers.  Since the breach was against an insurance company, the hackers also stole pertinent data such as plan and bill information (including that of children) and Medicaid ID numbers. 

Observation of LockBit’s dark web site shows the 700 GB of data that the group stole, adding to their roster of previously breached entities like California’s Department of Finance and the UK’s Royal Mail postal service.

Cyber criminals clearly don’t discriminate in who they go after.  If an organization isn’t careful with their sensitive data, you might find your own info for sale on the dark web.  Evolving data privacy laws, moreover, ensure that your troubles won’t end there, but heavy financial penalties will be a very real possibility.  Healthcare groups and businesses who handle personal data need to take every available measure to prevent a security incident.  This encompasses traditional perimeter security, distributed environments like applications and the Internet of Things (IoT), and encryption of the data itself. 

To frustrate illicit attempts to steal data, NetLib Security offers its powerful and efficient platform, Encryptionizer, to help effortlessly protect your stored data.  Encryptionizer transparently encrypts stored data right out-of-the-box.  With no additional programming or impact on performance while directly assisting with compliance requirements, it ensures your data protection hygiene across all environments: physical, virtual and cloud.  Keep the data under lock and key and the bad actors out, for there are few more valuable resources for organizations these days.


By: Jonathan Weicher, post on June 12, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security