A U.S. medical training school has exposed the personally identifiable information of thousands of students after an unsecured bucket was left exposed online. As ZDNet reports, he server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data.
The quantity of data exposed equates to just under an estimated 200,000 files including driver license copies, names, dates of birth, home addresses, phone numbers, email addresses, and both professional and educational summaries.
Troy Gill, Senior Manager of Threat Intelligence at Zix | AppRiver, outlines to Digital Journal the seriousness of the issue.
Gill begins by assessing the specific sector under threat and the main trends of concern: “The healthcare and education industries continue to be a top target for cybercriminals who find new ways to obtain the endless sensitive patient and student information due to the organizations requirements to store this data.2
Considering the specific case, Gill assess the situation as: “In the case of US medical training school, a server without authentication controls left the personally identifiable information of thousands of students exposed.”
From this, wider lessons can be learned. Gill notes: “This is a great reminder for organizations to examine their security solutions and evaluate their current authentication practices to ensure they are building the safest habits to protect themselves and sensitive data that they store from bad actors. It is critical that authentication controls are not only in place, but that organizations take it a step further by deploying two-factor authentication (2FA).”
What are the advantages of this? According to Gill: “Implementing 2FA provides an extra layer of security by making users confirm their identity, most often via a unique code sent to the user’s phone, email address or through an authenticator app, after entering their username and password. It’s getting easier for cybercriminals to breach even the most complex password, which is why implementing 2FA is critical.”
To these other good practices can be considered. Gill advises: “Additional password best practices to keep information secured include regularly updating passwords and ensuring that passwords are not recycled among services.”
Gill concludes, recommending: “To avoid simple errors that could lead to attacks and data theft, organizations should also make it a habit to deploy regular security audits to identify vulnerabilities and other suspicious behavior, allowing them to ensure sensitive data is routinely being backed up.”