Resources

Nearly 32 million patient records were breached in the first half of 2019, according to new data released this week in the Protenus Breach Barometer, an analysis of how data breaches are affecting the healthcare industry.

Banking institution Capital One has just revealed that it’s suffered a data breach that exposed the names, addresses, phone numbers, emails, dates of birth, and self-reported incomes of approximately 100 million Americans, and 6 million in Canada, due to a “configuration vulnerability” in the servers of an unnamed cloud computing company hosting the bank’s data.

Another clinical lab ensnared in the AMCA data breach has come forward. Clinical Pathology Laboratories (CPL) says 2.2 million patients may have had their names, addresses, phone numbers, dates of birth, dates of service, balance information, and treatment provider information stolen in the previously reported breach.

While many in the healthcare industry have seen the benefits of outsourcing tasks to third-party vendors, a new study cautions that those benefits could come with significant risks.

While data breaches cost providers $2.9 million in recovery, new data from Ponemon Institute and Censinet shows managing vendor risk is far most costly at $3.8 million per provider annually.

Along with ransomware’s resurgence in financial impact and the rise of cryptojacking, attacks via third parties also became more prevalent in 2018, OTA found. The most notable such attack was Magecart, which infected the payment forms on more than 6,400 e-commerce sites worldwide.

No doubt, all security leaders want to be successful and improve cyberdefenses, no matter how long they stay. But too many quick job changes can become a serious problem on resumes and personal reputations.

If you have any business partners and vendors connected to your internal IT network, you should audit those individuals and entities to ensure they are using appropriate and sufficient IT security solutions. You may have adequate protections in place for your employees and organization, but don’t forget to be sure that your partners do as well.

Oregon Senate Bill 684 extends breach notification obligations to “vendors,” defined as entities who contract with a covered entity to “maintain, store, manage, process or otherwise access personal information.”