The Florida Healthy Kids Corporation (FHKC), a US provider of children’s health insurance, data breach which exposed the addresses of several thousands of who applied for or renewed insurance coverage online via FHKC between November 2013 and December 2020.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>The pandemic has put a global spotlight on the wealth of sensitive data insurance organizations possess. Widespread adoption of new tech initiatives brought on by COVID-19 has led to an increase in data within insurance companies and inevitably opened up a new attack surface for malicious cyber adversaries to target — such as the 122,000 globally-connected internet assets within the top nine insurance organizations. With the increased pace of technology rollout, increased use of online health service on account of the pandemic, and the active adversaries lurking, the insurance industry has become adversaries’ latest target.</p> <p> </p> <p>FHKC was allegedly exposed by it\’s hosting provider, and a failure to apply patches — which isn\’t an uncommon story. This highlights the need to consider and manage supply chain security, as well as to trust — but first verify.</p> <p><br />As the insurance industry continues to play an instrumental role in distributing the COVID-19 vaccine and providing basic healthcare amidst the pandemic, insurance organizations must look to up-level their current cybersecurity measures with external security researchers via a bug bounty or vulnerability disclosure program (VDP) to help identify and disclose vulnerabilities before they can be exploited by adversaries. By doing so, insurance organizations can get ahead of malicious actors and proactively address vulnerabilities before they become a devastating breach.</p>