Shields Health Care Group has suffered a data breach affecting two million patients. Although the organization claims that no information accessed in the breach has been “misused or disseminated,” it is anticipated that consequences still stand no matter the outcome.
“During this timeframe some data was acquired by the “unknown actor” and although on 18 March Shields had identified and investigated a security alert, at that time data theft was not confirmed.”
These consequences are especially acute when it comes to the healthcare field, financial impact, and its vulnerable patients.
Shields Health Care Group’s business type relies on a handful of partnerships with hospitals and medical centers, so these consequences could affect over 50 facilities and their patients.
Looking into this latest data breach issue for Digital Journal is Craig McDonald, VP of Product Management at BackBox.
McDonald opens with the theme of healthcare organisation vulnerability, noting: “Unfortunately, healthcare organizations are a frequent target of cyberattacks due to the amount of personally identifiable information stored in their systems, as well as the vulnerability of those affected.”
With this specific case, McDonald says: “In this case, over two million patients belonging to Shields Health Care Group had their personal information compromised when hackers breached the network and stole data including names, social security numbers, diagnoses, insurance information, and other medical information. Although there is currently no evidence that any of the data has been misused, the potential is there.”
Data that relates to an individual is especially vulnerable. McDonald notes: “The sort of personal data accessed in this breach can be used in a variety of ways to negatively impact the organization, or perhaps more importantly its patients, including phishing, scamming, social engineering, and extortion.”
In terms of special measures, McDonald advises: “To ensure that vulnerable healthcare patients remain protected and their data stays safeguarded, healthcare organizations must prioritize their cybersecurity posture.”
In addition, he suggests: “Automating network security processes helps to ensure that they are executed consistently and predictably. Keeping the network security posture current and compliant with policy through automated tasks will also help prevent some attacks entirely.”
Additionally, McDonald recommends: “Implementing a strategy for backing up and restoring the network in the event of data breaches and other cyberattacks can mitigate the impact of these situations. A backup strategy should include housing a complete IT inventory, outlining specific responsibilities, exercising alternative communication methods, and a means by which any member of the team can validate the results.”