“Data breach fatigue” is a new concept that should concern us all. Apparently, instead of keeping people alert to the need to prevent and protect, constant media coverage of data breach incidents can have the opposite effect where people fail to respond. But as hackers find new and ingenious ways to steal data, we can’t afford to stop looking for the risks.
Information about data breaches can point to potential vulnerabilities to look out for. For example, in '3rd Party Security' below: SMBs provide a valuable service but can be a weak link in your security because a surprising number don’t encrypt their laptops. A laptop doesn’t have to contain customer data in order to be valuable to a hacker. A stolen, unencrypted laptop can provide the auto-saved login details for the company network. And in 'Industry News' below, a data breach at UMMC highlights a practice that is all too common: laptops protected only by a generic username and password that would take moments for a thief to breach.
So we’ll continue to report data breaches in SecureNews, to keep the spotlight on the potential vulnerabilities and help you to protect your business.
Most insurance carriers distribute their products through brokers. Yet too many brokers are not encrypting their laptops, putting their carrier partners at risk of a data breach.
In the past it was large organizations and financial institutions that were under attack but now SMBs are increasingly seen as soft targets. They are unlikely to have implemented security protection and, as vendors to large corporations, have access to lots of sensitive data in order to service the insurance products. According to Reuters, personal information is ten times more valuable than a credit card number on the black market making insurance companies very appealing to hackers.
Alertsec CEO Ebba Blitz said, “We get so many calls for help from companies after an unencrypted laptop has been stolen. Carriers should insist on encryption as standard operating procedure for the brokers they use.”
Read more about this issue and other articles from Alertsec on our website:
The University of Mississippi Medical Center (UMMC) agreed to pay $2.75million because of a failure to follow HIPAA regulations when a laptop was stolen in 2013. The OCR's investigation concluded that, as well as failing to notify the 10,000 patients whose health information were on the laptop, UMMC had failed to implement appropriate safeguards as required under HIPAA.
Since the 2013 breach, UMMC has installed encryption software on all laptop computers and beefed up other security precautions.
Thieves broke into the offices of StarCare Specialty Health System in Texas and stole five laptop computers. One contained the ePHI of 2800 patients including names, telephone numbers, Social Security numbers, and Medicaid/Medicare numbers. It is unclear whether the laptop was password protected, although the data was not encrypted.
Following the burglary StarCare has decided to use data encryption on all of its computers.