After outsourcing giant Wipro suffered a phishing incident, attackers used its email system to target the company’s customers. The breach demonstrates the dangers of supply chain and third-party risk.
In its latest assessment of the state of healthcare cybersecurity, CynergisTek researchers found that vendors working with health providers account for some of the largest data breaches to date.
Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization’s critical information and resources. Subcategories of PAM include shared access password management, privileged session management, vendor privileged access management and application access management.
So far in 2019, business associates were reported to be involved in more than a quarter of the major health data breaches added to the federal tally. Those 27 incidents reported as involving BAs so far in 2019 impacted a total of nearly 690,000 individuals, according to the HHS site.
Enterprise VPN provider Citrix has suffered a hack that may have stolen sensitive information about the company’s technology. A security firm that warned Citrix about the breach says the hackers stole at least 6TB of data and are part of an Iranian hacking group that’s targeted more than 200 organizations.
Businesses today have more third parties touching their confidential data than ever before: an average of 583. Fifty-nine percent of respondents said they have experienced a data breach thanks to one of their third parties. Forty-two percent had experienced such a breach within the last 12 months.
As many as 500 million people who made reservations at Starwood properties may have had their personal information accessed in a breach that lasted as long as four years. An unauthorized party had copied and encrypted information from the database and had taken steps toward removing it, Marriott says.
A hacking affecting Atrium billing vendor AccuDoc may have affected as many as 2.65 million people, Charlotte-based Atrium said. Of those, about 700,000 patients may have had Social Security numbers compromised, according to Atrium.
According to the Opus and Ponemon study, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is even higher at 61 percent — up 5 percent over last year’s study and a 12 percent increase since 2016.
Third-party vendors are turning into a key challenge because third-party risks have been neglected for far too long, even though they come with many associated risks.