On October 25, Fortune 1000 company CNO Financial Group, Inc. submitted a report to the Office for Civil Rights’ Breach Portal at the U.S. Department of Health and Human services. The report revealed that the personally identifiable information of 566,127 people was accessed by an unauthorized party through a subsidiary of CNO, Bankers Life. This breach is the fifth largest incident added to the HIPAA Breach Reporting Tool this year.
Security experts commented below on this report.
Jonathan Bensen, Acting CISO at Balbix:
This particular breach was the result of threat actors obtaining the credentials of Bankers Life employees, highlighting a need for enterprises to educate their employees on the threats that lurk in the shadows and the importance of proper security hygiene. This breach is the fifth largest incident added to the HIPAA Breach Reporting Tool website this year, making it clear that Bankers Life must adopt a proactive approach to breach avoidance. This starts with continuously monitoring your entire asset inventory so identified security issues can be quickly addressed.”
Jacob Serpa, Product Marketing Manager at Bitglass:
According to Bankers Life, compromised employee credentials were used by unauthorized third parties who accessed company tools that contained personal information belonging to policyholders and applicants. Unfortunately, this type of attack is not surprising, as nearly three quarters of all financial services breaches in 2018 were caused by hacking or malware. Organizations cannot underestimate the importance of advanced identity management solutions, including single-sign-on and multifactor authentication. With these kinds of tools, organizations can ensure that sensitive data doesn’t fall into the wrong hands.”