Expert Commentary: CaptureRx Data Breach

By   ISBuzz Team
Writer , Information Security Buzz | May 11, 2021 07:11 am PST

BACKGROUND:

CaptureRx is notifying healthcare providers’ clients that unauthorized access to certain files could have exposed patient details like medical records, name, date of birth, and prescription information. CaptureRx recently announced that it became aware of unusual activity involving certain of its electronic files. While, investigating the unusual activity, on February 19, 2021, they found that certain files were accessed and acquired on February 6, 2021 without authorization.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
David Carroll
David Carroll , Managing Director
May 11, 2021 3:35 pm

<p>The fourth year of Active Cyber Defence was remarkable. Seeing PDNS come to the fore at a time when it was most needed – during the pandemic – is a source of pride here at Nominet. Not only were we able to deliver PDNS to the majority of NHS organisations but, for the first time, PDNS protection was extended to the private sector as it was offered to protect the vaccine supply chain.</p> <p> </p> <p>Another key milestone for PDNS was the response to SolarWinds. Proving to be a treasure trove for cyber analysts, the PDNS dataset was able to help NCSC identify the scope of vulnerability across the public sector to inform its incident response.</p> <p> </p> <p>Now handling 237 billion DNS requests and with close to 800 organisations onboarded – excluding the 1,000+ organisations within the Health &amp; Social Care Network (HSCN) – we have scaled PDNS across new ground, proved its effectiveness, and underlined its importance to our national defence. With the intention of ACD to be copied across other industries and foreign governments, we’re committed to delivering PDNS as it evolves to protect the digital world of the future.</p>

Last edited 2 years ago by David Carroll
Trevor Morgan
Trevor Morgan , Product Manager
May 11, 2021 3:16 pm

<p>Healthcare providers and corporations are among the most highly regulated organizations in any market. The reason is obvious: they collect and handle some of the most sensitive personal data about an individual, information that goes beyond contact and financial data. The report that CaptureRx experienced a data breach should trigger alarm bells within any similar provider. Serious enterprises wanting to take a lesson from this incident should perform a thorough security audit, assess the strengths and weaknesses of their current data security strategy and posture, and question whether the implemented protection methods include data-centric security. Data-centric security such as tokenization and format-preserving encryption protect the data itself rather than focusing on borders, perimeters, intrusion detection, and data access. A token replaces the sensitive aspects of a piece of data, so even if it falls into the wrong hands, the sensitive information behind it cannot be compromised. Best of all, data-centric security travels with data, no matter where it goes. Inspecting your data security measures with an eye toward protecting the data itself is a good allocation of time and can only provide beneficial outcomes.</p>

Last edited 2 years ago by Trevor Morgan

Recent Posts

2
0
Would love your thoughts, please comment.x
()
x