Daily Brief: 2017.2.8

THREAT ANALYSIS

Breach exposes more than 10,000 patient records

According to reports, between October 2015 and January 2017, an unauthorized third party accessed Verity Medical Foundation-San Jose Medical Group website, exposing the data of 10,164 patients. The breached patient data, which is dated between 2010 and 2014, included names, dates of birth, medical record numbers, addresses, emails, phone numbers and the last four digits of credit card numbers. It must be noted that website is no longer in use.
(Sources: Healthcare IT NewsModern healthcare)

According to data released by the U.S. Department of Health and Human Services Office of Civil Rights, a total of 75,270 patient records have been affected by 22 breaches so far in 2017. The largest data breach (24,809) was documented by WellCare Health Plans, Inc. in January, followed by Verity (10,164).
(Source: HHS)

Once the breach was discovered, Verity took steps to secure the site to stop further unauthorized activity and prevent future incidents. The health system notified HHS of the breach on January 11th, 2017. Affected patients are reportedly being notified via mail.
(Sources: Healthcare IT NewsBecker’s)

ACTION STEPS

  1. The lack of security awareness among employees is an organizations biggest risk. Therefore, organizations are encouraged to invest in the security awareness of your workforce.
  2. Conduct more frequent vulnerability assessments and penetration testing. A monthly or quarterly test schedule is recommended.
  3. Make sure all the software on your system is up to date. One of the most common infection vectors is a malicious exploit that leverage a software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it.
    (Sources: NortonHealthcare IT News)
Stefanie SullivanComment