Public eye on data security
Are you or your organization running VMWare’s ESXi software on virtual computers? If so, you may have been a target in a recent ransomware scheme. Italy’s National Cybersecurity Agency (ACN) announced the breach last week, in which hackers went after thousands of computer servers around the world. Most of these were in the US, France and Germany.
A statement from the Italian government denied blaming any hostile state agencies, judging by current evidence. It’s a silver lining of sorts, as the hackers’ resources would have been even more substantial were they backed by a government entity. Most of the companies that were affected were those that ignored warnings about an exploit in the software a couple of years ago, which the hackers now used to their advantage.
This is just the latest instance of international data security incidents. And it’s clear that the situation has grown so serious as to be thrust into the mainstream, if a recent Super Bowl commercial about the Trojan horse is any indication (although referring to an event as “the most infamous breach in history that should have been stopped” whose historicity has always been uncertain is questionable). Bringing public attention to data security on such a massive platform shows how severe and unavoidable the issue has become.
More ransomware hit the healthcare industry (really it never stops) by way of a December breach against California provider Regal Medical Group and its affiliates. The personally identifiable information (PII) and protected health information (PHI) of more than 3.3 million people was stolen in this case, individuals who began to receive notifications this month. Regal detected malware on their servers that allowed the perpetrator to exfiltrate data from the systems. Among the data set were Social Security numbers, member numbers, and detailed medical information like lab results and prescriptions.
Hackers target all kinds, without discrimination. Organizations across the globe should be more motivated than ever to mitigate the damage from these attacks and protect sensitive information. Public attention and outcry has resulted in a proliferation of regulations designed to protect consumer data. Even now the FTC is enforcing its first fine under the Health Breach Notification Rule, which they allege was violated by GoodRx, a digital health platform. Make sure you can’t be found guilty next through improper data protection or sharing policies: keep your data encrypted and don’t fall foul of compliance standards.