Connect with us

Hi, what are you looking for?

Tech & Science

Over 1B CVS Health records exposed online

A CVS database containing more than 1 billion data records was posted online earlier this year. CVS is a chain of U.S. based pharmacies. Many healthcare breaches can be traced to misconfigured databases, servers and other IT and it appears the recent incident is a similar case.

The leaked records include a large number of searches on CVS.com and CVSHealth.com for medications and COVID-19 vaccines, among other items.

A CVS spokesperson says the company swiftly took down the database, according to Forbes.

Looking into the matter for Digital Journal is David Pickett, threat hunter and senior cybersecurity analyst at Zix I AppRiver.

Pickett explains the importance of the health-related data breach and the significance of the exposed data: “The exposure of over a billion records belonging to CVS Health highlights the importance of protecting sensitive customer information as well as ensuring your organization and any third-party vendors who have been brought on to help with security and cloud migration have proper security measures in place.”

Pickett goes on to outline the duty of care that firms tasked with holding personal data of others need to develop and ensure that this is enforced through good governance in relation to this he says: “Companies that house personal information for millions of customers need to reflect on their current password practices and ensure they are building the safest habits to protect their company and customers from cybercriminals. In this case, the database was not protected by a password and had no authentication requirements.”

In terms of appropriate security measures for such data, Pickett recommends: “Implementing two-factor authentication (2FA) or a multi-factor authentication (MFA) protection approach provides an extra layer of security by making users confirm their identity, most often via a unique code sent to the user’s phone, email address or through an authenticator app, after entering their username and password.”

Without these types of security protocols, the task becomes easier for rogue actors: “It’s getting easier for cybercriminals to breach even the most complex password, which is why implementing 2FA is critical.”

He also puts forward: “Another component to be mindful of when working with third-party vendors that have access to company data is reviewing and understanding what the vendor agreement encompasses for security practices.”

Pickett concludes: “These solutions will help to prevent companies from becoming another statistic in a long list of companies who have had data exposed online. What does this mean for data protection?

A CVS pharmacy in Southside Place, Texas — Image by WhisperToMe via Wikimedia / Public domain.
A CVS pharmacy in Southside Place, Texas — Image by WhisperToMe via Wikimedia / Public domain.

A CVS database containing more than 1 billion data records was posted online earlier this year. CVS is a chain of U.S. based pharmacies. Many healthcare breaches can be traced to misconfigured databases, servers and other IT and it appears the recent incident is a similar case.

The leaked records include a large number of searches on CVS.com and CVSHealth.com for medications and COVID-19 vaccines, among other items.

A CVS spokesperson says the company swiftly took down the database, according to Forbes.

Looking into the matter for Digital Journal is David Pickett, threat hunter and senior cybersecurity analyst at Zix I AppRiver.

Pickett explains the importance of the health-related data breach and the significance of the exposed data: “The exposure of over a billion records belonging to CVS Health highlights the importance of protecting sensitive customer information as well as ensuring your organization and any third-party vendors who have been brought on to help with security and cloud migration have proper security measures in place.”

Pickett  goes on to outline the duty of care that firms tasked with holding personal data of others need to develop and ensure that this is enforced through good governance in relation to this he says: “Companies that house personal information for millions of customers need to reflect on their current password practices and ensure they are building the safest habits to protect their company and customers from cybercriminals. In this case, the database was not protected by a password and had no authentication requirements.”

In terms of appropriate security measures for such data, Pickett recommends: “Implementing two-factor authentication (2FA) or a multi-factor authentication (MFA) protection approach provides an extra layer of security by making users confirm their identity, most often via a unique code sent to the user’s phone, email address or through an authenticator app, after entering their username and password.”

Without these types of security protocols, the task becomes easier for rogue actors: “It’s getting easier for cybercriminals to breach even the most complex password, which is why implementing 2FA is critical.”

He also puts forward: “Another component to be mindful of when working with third-party vendors that have access to company data is reviewing and understanding what the vendor agreement encompasses for security practices.”

Pickett concludes: “These solutions will help to prevent companies from becoming another statistic in a long list of companies who have had data exposed online.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Entertainment

Emmy-nominated actor Justin Hartley is chasing ghosts in the new episode titled "Aurora" on '"Tracker" on CBS.

Business

The electric car maker, which enjoyed scorching growth for most of 2022 and 2023, has experienced setbacks.

Social Media

Do you really need laws to tell you to shut this mess down?

World

The UK risks a major showdown with the Council of Europe - Copyright AFP Sam YehEurope’s highest rights body on Tuesday called on Britain...