Multinational company Omnicell recently confirmed that it had experienced a data breach following a reported ransomware attack, impacting internal systems.
The company, headquartered in Mountain View, California, USA, learned of the ransomware attack, which it disclosed on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission. More details are likely to be disclosed in the coming weeks.
In the company’s quarterly 10-Q filing, Omnicell stated: “Our IT systems and third-party cloud services are potentially vulnerable to cyber-attacks, including ransomware, or other data security incidents, by employees or others, which may expose sensitive data to unauthorized persons. On May 4, 2022, we determined that certain of our information technology systems were affected by ransomware impacting certain internal systems.”
Ransomware and cloud-related cyber breaches have seen quite a resurgence over the past 15 months. Increasing reliance on digitalization and third-party cloud services, the surge in remote working during Covid-19, and IT budget constraints are just some of the reasons why IT vulnerabilities have intensified, offering countless access points for criminals to exploit.
While no sure-fire way exists to prevent attackers from getting access to an enterprise network environment, organizations can leverage data security solutions that protect valuable data itself instead of the environment around that data. Being able not only to protect passwords and perimeters but also to secure sensitive data itself drastically reduces the risk of misuse of data and the resultant reputational damage. Companies should look to deploy data-centric methods such as tokenization or format-preserving encryption to protect the privacy of their customers. A sophisticated data protection architecture doesn’t care where the data is stored or whether that data is on-premise or in multi-cloud environments. The objective is to protect sensitive data itself at its earliest point of entry and allow de-protection only when necessary and only for applications and users with the right permissions. A cyber incident doesn’t necessarily have to become a data breach