Health care provider Kaiser Permanente suffers data breach

Health care provider Kaiser Permanente suffers data breach

Posted on

Health care provider Kaiser Permanente has disclosed a data breach that saw the information of some 70,000  patients compromised at subsidiary Kaiser Foundation Health Plan of Washington.

In a notice to patients on June 3, Kaiser Permanente described the data breach as a “security incident” that involved unauthorized access on April 5. The company said that it discovered that an unauthorized party had gained access to an employee’s emails. It is claimed that the unauthorized access was terminated within hours after it began.

Protected health information was contained in the emails and while Kaiser Permanente says that it has no indication that the unauthorized party accessed the information, they are also unable to rule out the possibility.

Information potentially breached included first and last name, medical record number, dates of service and laboratory test result information. Social Security numbers and credit card numbers were not exposed.

While Kaiser Permanente does not say how the email account was compromised, the evidence points to either credential stuffing or phishing. That evidence includes the company saying “the employee received additional training in safe email practices,” which wouldn’t be required unless it was one of those two things.

“It is most likely that the threat actor(s) involved were already inside for some time and what was detected was the actual data being exfiltrated within hours,” Sanjay Raja, vice president of product at unified security and risk analysis company Gurucul Solutions Pvt Ltd A.G., told SiliconANGLE. “What is becoming more evident as we see attacks similar to the Kaiser disclosure is Identity Threat Detection and Response is a critical component of any security operations program.”

Chris Clements, vice president of solutions architecture at cybersecurity company Cerberus Cyber Sentinel Corp. commented that “while I applaud Kaiser Permanente for taking the proactive step to notify such a large group of people that their information may have been compromised despite reporting they have no clear evidence that it was, it demonstrates the need for organizations to have robust auditing controls to quickly identify what data was accessed by attackers during an incident.”

“The breach occurred almost three months ago, yet Kaiser Permanente has only recently notified potentially impacted people that their data may have been compromised,” Clements explained. “During this time, the affected individuals could have been targeted by attackers using any specific information stolen in convincing social engineering campaigns.”

“It’s critical that as a part of their larger cybersecurity culture organizations, include assessing their ability to quickly understand the scope of a potential breach in risk analysis or tabletop exercises,” Clements added.

Photo: Ted Eytan/Flickr

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *