It has been reported that Atrium Health, previously Carolinas HealthCare System, revealed that data of approximately 2.65 million patients including addresses, dates of birth and social security numbers may have been compromised in a breach at its third-party provider AccuDoc Solutions. IT security experts commented below.
Sam Curry, Chief Security Officer at Cybereason:
“The Atrium breach is further evidence that the healthcare industry continues to be a target, and patient data will continue to be at risk because of an increasingly complex and expanding attack surface. In the bigger picture, it would be premature to speculate on the overall damage to Atrium’s employees and patients but everyone should assume their personal information has already been stolen many times over. If anything, hackers are persistent meaning they will be successful 100 percent of the time when they attempt to breach a system. This stacks the cards against the defenders and the healthcare industry as a whole needs to rethink their strategy around network detection and start taking the fight to the hacker by going on the offensive with more advanced technologies and servics that will stop threats before they ever materialise.”
Javvad Malik, Security Advocate at AlienVault:
“It’s encouraging to see the forensic examination concluded that although the data was viewed, it was unavailable for download or exfiltrate the data. However, better detection controls could have prevented the attackers from going undetected in the system for over a week.
The incident serves as a reminder that companies and providers across all verticals are attractive targets and no company should consider itself ‘too small’ or uninteresting to be a target.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.