On July 31, 2018, UnityPoint Health reported that it has uncovered a massive breach of PHI potentially affecting 1.4 million patients, from a spear-phishing attack; also known outside security circles as "business email compromise."
Sadly, this wasn't the first time for UnityPoint Health to be affected by this type of problem. It was the third!
In April, they announced breaches that occurred in November of 2017, and then again in February of 2018. Those incidents affected approximately 16,000 patients, but the latest breach of 1.4 million is massive even by OCR standards. According to the results of a study conducted by the Ponemon Institute/IBM Security ( 2018 Cost of a Data Breach Study), the healthcare industry has the highest breach costs at an average of $408 per record.In April, they announced breaches that occurred in November of 2017, and then again in February of 2018.
Those incidents affected approximately 16,000 patients, but the latest breach of 1.4 million is massive even by OCR standards. According to the results of a study conducted by the Ponemon Institute/IBM Security ( 2018 Cost of a Data Breach Study), the healthcare industry has the highest breach costs at an average of $408 per record.In April, they announced breaches that occurred in November of 2017, and then again in February of 2018.
Those incidents affected approximately 16,000 patients, but the latest breach of 1.4 million is massive even by OCR standards. According to the results of a study conducted by the Ponemon Institute/IBM Security ( 2018 Cost of a Data Breach Study), the healthcare industry has the highest breach costs at an average of $408 per record.
.jpeg)
For the first time, the study investigated the cost of ‘mega’ data breaches – Those that involve the exposure of more than 1 million records. The cost of resolving these mega data breaches was estimated to be $40 million when more than 1 million records have been exposed.
Clearly, it makes you wonder what security protocols were followed the first two breaches and calls into question the effectiveness of those controls, as the issue continues to escalate.
This piece is not an attempt to conduct a forensic evaluation of these incidents, but it is intended to remind us of the importance of taking data security seriously. Really, Seriously! 40 Million dollars’ worth.
In a conversation with a large security appliance vendor this week, that also happens to be a partner of ours, I discussed this very issue. The consensus was that it was likely that UnityPoint Health has robust firewalls, the best hardware, current disaster recovery plans and procedures, and the latest in routing and switching gear from leading vendors. What it appears they didn't have, were enough and regular training of their staff, to prevent such attacks from becoming incidents. In other words, this was probably preventable!
At CloudSkope, we advise our clients to start with baselines first about every point in their network- applications, infrastructure, data flows, and comprehensive mapping of their entire physical, logical, and technical footprint. We follow (among other things) the NIST Framework and other protocols commonly used by the DoD in securing critical assets. Anything less is pointless.
The other thing that companies should accept, is that most tools implemented by internal security staff are almost always not fully configured and generate tons of noise that must be filtered by someone. Most companies do not have access to their own 24/7 SOC where engineers are constantly parsing data to prevent, not report breaches.
With the emergence of leading vendors like Armor Cloud Security, (armor.com), AlertLogic (alertlogic.com), and others that provide cutting edge and comprehensive 24/7 SOC services in a SaaS pricing model, the excuses for not using this, are pretty much zero!
The Secret that the title of this piece refers to, is a simple fact, that in an internally implemented security model, all you're getting with tools is the ability to know that something has already occurred on your network.
In other words, it’s after the fact! Damage is done! Not before. No matter what any log or SEIM vendor tells, you, this is a simple fact. The only real way to have a chance at prevention is to use a competent platform and managed SOT (Security Operations Team) that is parsing the billions of lines of logs to generate alerts on only what's important to worry about- in real-time!
CloudSkope recommends that companies follow a true defense-in-depth strategy, which includes the 4P's of Infosec:
1. People
2. Policy
3. Procedures (Process)
4. Product
"There are only two kinds of companies in cyberspace today. Ones that have been breached, and ones that will."
since the beginning of time, mankind has considered it as an expression of its earthly weakness and inadequacy to be bound to the earth, to be unable to free itself from the mysterious shackles of gravity. the contemplation of celestial things will make a man both speak and think more sublimely and magnificently when he descends to human affairs. the mass gross absence of sound in space is more than just silence. the outstanding feature, however, is the possibility that the velocity-distance relation may represent the de sitter effect, and hence that numerical data may be introduced into discussions of the general curvature of space. there are no practical alternatives to air transportation. this item is not even worth mentioning other than wanting to make sure that you are not surprised by it in a question from a reporter... this planet is not terra firma. we will return to the moon no later than 2020 and extend human presence across the solar system and beyond. what the space program needs is more english majors.
CloudSkope recommends that companies follow a true defense-in-depth strategy, which includes the 4P's of Infosec:
1. People
2. Policy
3. Procedures (Process)
4. Product
We also recommend starting with a comprehensive NIST Based Audit that looks at assets with the lens of the CIA Framework.
(The confidentiality, integrity, and availability of your data) as it relates to the 4 Ps.
To prevent an attack, tools can only go so far in telling you that something already occurred or after-the-fact. When vendors like Armor provide you a SaaS model that gives you a team that proactively prevents this problem, the budget excuse just does not work anymore.
Learn more about our cybersecurity offerings, or contact us.
Explore our solutions, chat with an expert, and get help when you need it.
CONTACT US >
