Did you know that nearly 31 million records were exposed in the 13 biggest breaches in the first half of 2019, with 11 of the top 13 breaches occurring at medical or healthcare organizations? It’s hard to keep track of the most recent breaches since they seem to be occurring on a daily basis. The most important thing to take away from these breaches includes the lessons that IT experts can take away from the incident. Analyzing these incidents can help provide fantastic best practices tips on incident response, as well as in some cases, what not to do.
So far this year, the Quest Diagnostic breach ranks the highest so we will dedicate our entire next blog to this event. Coming in second with the number of records exposed at 7.7 million is the Lab Corp breach. Lab Corp customers had data that was stored on a web payment page of the American Medical Collection Agency (AMCA). It was breached between August 1, 2018, and March 30, 2019.
Information that was exposed included: names, addresses, dates of birth, phone numbers, provider information, balance information, and credit card and banking information. Those records that were impacted were granted credit monitoring and identity protection for the next 24 months as a response protocol. In addition Lab Corp ceased sending new collection requests to AMCA and stopped work from AMCA on pending payment requests.
The Lab Corp disclosure came just days after competing lab testing firm Quest Diagnostics disclosed that the hack of AMCA exposed the personal, financial and medical data on approximately 11.9 million patients.
What lessons can be learned from this incident? After security experts investigated AMCA and its associated companies, it is becoming obvious that third party vendors like this fairly unknown collection agency can hold vast quantities of sensitive data that was being shared or stored can negatively impact consumers. Certainly, companies like Quest and LabCorp. have a duty to ensure contractors are properly safeguarding their patients’ personal, medical, and financial information. Lesson learned about hiring third party contractors who are responsible for the data security of your clients.
Continue to check back with our blog about security breaches and what it means for not only the businesses but for consumers who are caught in the middle and tasked with keeping their sensitive information secure.
Categorised in: Consumers, data breach, data management, IT Consulting Services, Security