fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Top 10 Healthcare Breaches in the U.S. Exposed Data of 19 million

Top 10 Healthcare Breaches in the U.S. Exposed Data of 19 million

The healthcare sector has been the target of hundreds of cyberattacks this year. A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties.

Most of the largest data breaches result from ransomware attacks and the first ten of them account for more than half of all the healthcare records exposed in 2021.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

PII of millions stolen or exposed

The breach notification rule under the Health Insurance Portability and Accountability Act (HIPAA), requires healthcare organizations to disclose a breach if it affects more than 500 residents of a state or jurisdiction.

The top ten cyber events with the widest impact listed on the portal of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights are from hacking incidents and account for exposing data of almost 19 million people.

Top ten healthcare data breaches in the U.S.

At the top of the list reported this year is an incident that impacted Florida Healthy Kids Corporation. Hackers exploiting vulnerabilities left unpatched for seven years in its website hosting platform had access to data of 3.5 million individuals.

The second-largest data breach in the healthcare sector impacted the 20/20 Eye Care Network in Florida, which resulted in exposing the personal data of over 3.2 million individuals.

Hackers gained access to the company’s AWS S3 buckets and deleted the information. A class-action suit was filed against 20/20 Eye Care Network.

Another notable data breach comes from dermatology group practice Forefront Dermatology, which found that an unauthorized party had access to its systems for a week.

The intrusion exposed information of more than 2.41 million patients, including names, addresses, dates of birth, health insurance plan member IDs, and medical and clinical treatment details.

Also Read: How To Secure Your WiFi Camera: 4 Points To Consider

Ransomware gangs attack

On February 19, 2021, NEC Networks (CaptureRx) discovered that its systems had been compromised two weeks earlier and the intruders had access to customer records.

The investigation later determined that it was a ransomware attack that impacted data belonging to 1.65 million people.

Data of over 1.5 million individuals was compromised in an attack on August 4 against Eskenazi Health public hospital division.

The hackers had been on the internal network since May 19, preparing to encrypt the network, although they failed to complete the operation, the company said.

While the threat actor did not encrypt any data, they managed to steal from the organization personal and health information belonging to patients.

The Kroger Co. confirmed a data breach that exposed records of 1.47 million people. The incident was part of an extortion campaign from the Clop ransomware gang.

Access to corporate data was possible by exploiting vulnerabilities in Accellion’s legacy File Transfer Appliance service used by up to 100 companies.

The Kroger supermarket chain, also a pharmacy operator, agreed to pay $5 million to end claims against it on behalf of customers and employees who had their personal information exposed.

Also a victim of a ransomware attack, the St. Joseph’s/Candler health system announced that it detected the intrusion on June 17, 2021. An investigation revealed that the hackers had access to the network since December 18, 2020.

While on the network the attackers had access to data of 1.4 million patients, including addresses, dates of birth, Social Security numbers, driver’s license number, financial information, health insurance plan member ID, and medical and clinical treatment information.

The REvil ransomware gang breached the systems of the University Medical Center Southern Nevada in mid-June that stored data of 1.3 million people.

The data included personally identifiable information (PII) as well as “certain protected health information,” reveals the data security incident notification from the organization.

American Anesthesiology notified patients in early January 2021 that Mednax Services, one of its service providers, had suffered a phishing incident that resulted in personal information being exposed to an unauthorized party

The attacker had gained access to the partner’s Microsoft Office 365 email system in mid-June 2020 and could access personal information belonging to American Anesthesiology patients. In total, data of 1.2 million people were exposed.

Last on the list of the largest ten data breaches reported so far in 2021 is Professional Business Systems, Inc., d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp., (“Practicefirst”) – a vendor for multiple healthcare providers.

The incident was a failed ransomware attack and it became known in late December 2020. The hackers did not encrypt any data but they copied files from Practicefirst’s network, exposing the personal information of more than 1.2 million patients and employees.

More than 50 hacking incidents disclosed on the HHS portal have affected upwards of 100,000 individuals, showing that organizations in the healthcare sector continue to be attractive targets.

According to HIPAA Journal, close to 45 million healthcare records have been exposed or stolen in breaches reported in 2021.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us