The Latest / Data Security News
March 5, 2019
A hospital cyber security threat has struck once again. The worrying situation continues. We never have to wait long to hear about the latest cyber security threat aimed at the healthcare industry. This time it was UConn Health in Connecticut that was the target.
The hospital cyber security incident is thought to have potentially affected 300,000 people, with 1,500 possibly having their social security number exposed. UConn announced the incident at the end of February, but the incident itself took place in late 2018. It’s likely phishing tactics were used to learn of the employees’ passwords for their email accounts.
UConn health says that an unauthorized third-party illegally accessed employee email accounts. Emails within these accounts contained personal data of patients, and employees. Once the infiltration was discovered, the accounts were quickly recovered by UConn Health.
The breached data could include names, contact details, financial data, D.O.B, health insurance information and medical data. UConn says it is unable to isolate what information was accessed and whether information was downloaded/stolen. It has notified all those potentially affected, and for those whose social security number is in potential threat, it has offered a year of free credit monitoring.
Hospital cyber security incidents continue to take place because as we have seen here, they are institutes that contain a wealth of personal information on a vast amount of people. If hackers get their hands on the data hospitals hold, they can build further fraudulent attacks against the individuals compromised.
Hospitals are a ‘good’ target as well because they cannot afford to be out of action. Downtime for hospitals mean serious real-world consequences. This can lead to more lapsed security in the name of keeping operations flowing.
It’s likely the phishing of passwords was behind this particular attack. It demonstrates why healthcare institutes need stronger and securer log-in methods for employees. But those methods can’t come at the cost of convenience. Here at Global Data Sentinel, we advocate the use of biometrics and multi-factor log-in for organizations. It adds a layer to security that is hassle free for users, but makes phishing attacks far harder. Find out more.