Data Breach – Why you should care and what you should do

What is a data breach?

  • A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.
  • Victims of data breach are usually large companies or organizations and the data stolen may typically be sensitive, proprietary or confidential in nature.
  • Data breach may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.

(Source: https://www.trendmicro.com/)

Larger hospitals, especially teaching institutions, appear to be at the greatest risk for health data breaches, says a new study. That’s possibly due to several factors, including these hospitals’ rich pools of patient data and greater demands for sharing that information for patient care and research, some experts say.

The study, which was published by JAMA Internal Medicine, analyzed data from the U.S. Department of Health and Human Services to examine what type of hospitals face a higher risk of data breaches.

The study’s analysis included examining major health data breaches affecting 500 or more individuals that are posted on the HHS’ Office for Civil Rights’ HIPAA breach reporting website, commonly called the “wall of shame.”

The study notes that 1,798 large breaches were reported to HHS between Oct. 21, 2009 and Dec. 31, 2016, and of those, 1,225 were reported by healthcare providers, with the remainder reported by business associates, health plans and clearinghouses.

Why should I care?

Because, as your organizational workforce increases, the probability of a single individual email breach increases exponentially, especially with the complexity of the “business anywhere” concept of the mobile devices, such as a Smartphone or smart devices. A single employee may encounter identity theft, blackmail, and even threating scam phone calls, like we have seen during the tax season from fake IRS agents. But for an organization, the impact is even greater: A single compromised account can serve as a launching point for reconnaissance, phishing waves or a pivot point for a further attack.

Email is not the only host of sensitive data. There are now applications or mobile applications such as OneDrive, Dropbox, Online Shares, SharePoint, to name a few, that hosts sensitive information. With the proliferation of the cloud technology loss of one credential is sufficient to impact your entire organization. (Source: https://blog.lumen21.com/2017/04/07/why-do-i-care-about-data-breach/#more-2511)

What to Do if a Data Breach Happens to You

  1. Determine what was stolen.

You’ll need to pin down exactly what kind of information was lost in the data breach. Sensitive information falls into three diverse categories:

  • Least sensitive: Names and street addresses. Such information was harmless when it was printed in the phone book. Today, a name typed into a search engine can yield data useful to online marketers and nosy neighbors, but probably not enough to cause serious trouble.
  • More sensitive: Email addresses, dates of birth and payment-card account numbers. (Payment cards include debit cards, credit cards and charge cards like an American Express card.)
  • Most sensitive: Social Security Numbers, online-account passwords, financial-account numbers and payment-card security codes (the three- or four-digit number printed on the front or back of payment cards).
  1. Change all affected passwords

If an online account has been compromised, change the password on that account right away. If you used the same password for any other accounts, change those as well, and make up a new, strong password for each account.

  1. Implement a Local Administrator Password Solution (LAPs) for your Active Directory
    The benefits of LAPs are, it periodically randomizes local administrator passwords – ensures password update to AD succeeds before modifying local secrets/passwords, centrally stores secrets in existing infrastructure – Active Directory (AD), control access via AD ACL permissions, transmits encrypted passwords from client to AD (using Kerberos encryption, AES cypher by default). For more details, visit https://technet.microsoft.com/en-us/mt227395.aspx.

Multifactor Authentication (MFA)
MFA is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are). For example: Google, Microsoft and even Yahoo has started using MFA by either texting you the authentication code to your registered phone or using the IOS or Android app that’s installed on your registered Smartphone