Connect with us

Hi, what are you looking for?

Tech & Science

Latest data breach involves patient-linked medical records

This is a great reminder for organizations to examine their security solutions and evaluate their current authentication practices.

Image: © AFP
Image: © AFP

A U.S. medical training school has exposed the personally identifiable information of thousands of students after an unsecured bucket was left exposed online. As ZDNet reports, he server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data.

The quantity of data exposed equates to just under an estimated 200,000 files including driver license copies, names, dates of birth, home addresses, phone numbers, email addresses, and both professional and educational summaries.

Troy Gill, Senior Manager of Threat Intelligence at Zix | AppRiver, outlines to Digital Journal  the seriousness of the issue.

Gill begins by assessing the specific sector under threat and the main trends of concern: “The healthcare and education industries continue to be a top target for cybercriminals who find new ways to obtain the endless sensitive patient and student information due to the organizations requirements to store this data.2

Considering the specific case, Gill assess the situation as: “In the case of US medical training school, a server without authentication controls left the personally identifiable information of thousands of students exposed.”

From this, wider lessons can be learned. Gill notes: “This is a great reminder for organizations to examine their security solutions and evaluate their current authentication practices to ensure they are building the safest habits to protect themselves and sensitive data that they store from bad actors. It is critical that authentication controls are not only in place, but that organizations take it a step further by deploying two-factor authentication (2FA).”

What are the advantages of this? According to Gill: “Implementing 2FA provides an extra layer of security by making users confirm their identity, most often via a unique code sent to the user’s phone, email address or through an authenticator app, after entering their username and password. It’s getting easier for cybercriminals to breach even the most complex password, which is why implementing 2FA is critical.”

To these other good practices can be considered. Gill advises: “Additional password best practices to keep information secured include regularly updating passwords and ensuring that passwords are not recycled among services.”

Gill concludes, recommending: “To avoid simple errors that could lead to attacks and data theft, organizations should also make it a habit to deploy regular security audits to identify vulnerabilities and other suspicious behavior, allowing them to ensure sensitive data is routinely being backed up.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Social Media

A Prague hospital said it was treating five children who had swallowed magnets following a "piercing challenge" they had found on TikTok.

Tech & Science

PsiQuantum needs to look good and work well for the sake of future science.

World

Rubble in a central Israeli city in the aftermath of the Iranian missile attack, Tehran's second-ever direct strike on its regional foe - Copyright...

World

The devastation from Hurricane Helene is seen in North Carolina's Black Mountain on October 3, 2024 - Copyright AFP/File Allison JoyceUlysse BELLIERThe only road...