Nearly 48,000 patients have been affected by a breach of a credit card processing system that was utilized by Baylor, Scott and White Medical Center, a hospital in Texas.
Justin Jett, Director of Audit and Compliance at Plixer:
“Medical-related data breaches are lucrative because malicious actors can try to sell data to advertisers based on health conditions. While credit card systems don’t contain information relating to specific medical data, it does leak information about which providers a patient has visited, which is protected under HIPAA. This is why network traffic analytics is critical to organizations. Without this type of data, businesses don’t have the forensic data they need to trace a breach from its origin, and, therefore, have a much harder time root-causing the breach. By looking at network traffic patterns, organizations can verify that sensitive information isn’t being accessed by non-authorized systems or third-party vendors.”
Mike Bittner, Digital Security & Operations Manager at The Media Trust:
“Credit card-related hacks are happening with rising frequency because when successful they provide bad actors with a trove of information they can immediately exploit, use in later attacks, or sell in the black market. Bad actors know that third-party providers are often involved in processing this information; to the formers’ benefit, the latter often have weak security postures and provide a trusted connection to their clients’ systems—factors that make them ideal targets. Industry standards like PCI DSS and HIPAA that promote data privacy and security should recognize and address the risks that third parties pose, especially as outsourcing payment processes and website management have become the norm. Companies that do outsource should make data security and privacy a priority when vetting third parties. Moreover, they should frequently audit their third parties’ data practices. Finally, they should continuously monitor their websites and mobile apps for any unauthorized activities. These steps will beef up data security and reduce the risk of a breach.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.