The compromised medical information included millions of individual patient bookings, patient laboratory test records, as well as patient names, addresses, genders, dates of birth, cell phone numbers, and test results. The company said it was investigating the case, but did not comment on whether it planned to inform its patients of the breach.
READ MORE: Fashion chain Moda Operandi used an unsecure data server
Commenting on the news for Digital Journal is Ben Goodman, a CISSP and the SVP of Global Business and Corporate Development at ForgeRock.
Goodman begins by looking at the seriousness of the matter: “It’s disturbing anytime patients’ protected health information is exposed, as this type of data can be used by attackers to create synthetic identities for bots, answer knowledge-based authentication questions that arise during password resets to hijack unsuspecting victims’ accounts, and an attacker could even use the information given to guess a user’s password at random.”
ALSO READ: Elevate your security posture for cybersecurity
To avoid such events in the future, Goodman says that “Organizations must minimize the threat posed by these breaches by increasing security during the user registration process and strive towards a passwordless future. This is especially necessary, as four out of five global data breaches are caused by weak or stolen passwords.”
In terms of what can be done, Goodman notes that “the technology exists to implement passwordless authentication today with the right identity platform. Not only is passwordless authentication more secure, but it will create an easier login journey and reduce costs associated with password resets for organizations. We estimate that 60 percent of large and global enterprises will leverage passwordless methods in over 50% of use cases by 2022.”