Expert Comments

Expert On News That Welsh Coronavirus Patient Details Leaked Online

Expert(s): Security Experts
Expert(s): Security Experts

Personal information on almost 20,000 coronavirus patients in Wales was uploaded onto a public computer system in a major data security breach, it was revealed by the Daily Mail.

Experts Comments

Dot Your Expert Comments
Robert Byrne
September 16, 2020
Field Strategist
One Identity

Announcing "immediate measures" is barely credible, however, since we know that good data security is an ongoing and, frankly, never ending programme.
Breach fatigue" and complacency about breaches is a real risk for IT professionals and clearly have significant impact, but on the up side healthcare breaches such as this one can be an opportunity to effect real change in an organisation. Announcing "immediate measures" is barely credible, however, since we know that good data security is an ongoing and, frankly, never ending programme. Clearly the processes and privacy measures in place at the NHS need to be reviewed, not just immediately,.....Read More
Breach fatigue" and complacency about breaches is a real risk for IT professionals and clearly have significant impact, but on the up side healthcare breaches such as this one can be an opportunity to effect real change in an organisation. Announcing "immediate measures" is barely credible, however, since we know that good data security is an ongoing and, frankly, never ending programme. Clearly the processes and privacy measures in place at the NHS need to be reviewed, not just immediately, but also for the medium and longer term. We see most improvements by adhering to principles of least privilege and automated account hygiene processes combined with a focus on the privileged - or highest value - accounts that hackers are targeting. Securing applications and data in the context of a broader IAM programme will help avoid "individual errors" of this kind and give organisations a breach-resilient stance that will contain and minimise the impact of any breach.  Read Less
Javvad Malik
September 16, 2020
Security Awareness Advocate
KnowBe4

Having access to so much data is akin to letting someone drive a bus without prior training.
With modern technology, it's easy to collect, process, and store data. This can bring about many business benefits, but there are equally as many risks, and despite technical controls being in place, it is very easy for an individual to accidentally or deliberately expose sensitive data. Having access to so much data is akin to letting someone drive a bus without prior training. While the basics may appear similar to a car, there are many differences, and there are many more lives at stake......Read More
With modern technology, it's easy to collect, process, and store data. This can bring about many business benefits, but there are equally as many risks, and despite technical controls being in place, it is very easy for an individual to accidentally or deliberately expose sensitive data. Having access to so much data is akin to letting someone drive a bus without prior training. While the basics may appear similar to a car, there are many differences, and there are many more lives at stake. Therefore, security awareness training is important to build a culture of security, so that all employees know and understand the part they play in keeping sensitive information safe and handle it appropriately. Otherwise, we will continue to see huge breaches which could have easily been avoided.  Read Less
Brian Higgins
September 16, 2020
Security Specialist
Comparitech.com

Cyber criminals are inventive and resourceful and will use any number of methods to use this data to commit more crime.
Despite the unfortunate nature of this event and the obvious worry and the potential harm it will undoubtedly cause to those involved, it is an excellent example of how Public Authorities should deal with data breaches. The transparent nature and swift approach taken by Public Health Wales is to be commended. They have clearly done everything they can to mitigate the effects of this breach and obviously have a comprehensive Incident Response plan in place. Anyone notified as victims of the.....Read More
Despite the unfortunate nature of this event and the obvious worry and the potential harm it will undoubtedly cause to those involved, it is an excellent example of how Public Authorities should deal with data breaches. The transparent nature and swift approach taken by Public Health Wales is to be commended. They have clearly done everything they can to mitigate the effects of this breach and obviously have a comprehensive Incident Response plan in place. Anyone notified as victims of the breach should not respond to any unsolicited requests for personal information of any nature; passwords, security information, bank details etc. (even if the request seems unrelated to the incident) on any platform; email, social media or telephone or post. Cyber criminals are inventive and resourceful and will use any number of methods to use this data to commit more crime. If anyone is worried or suspicious, they should contact Public Health Wales, or the Police, directly. Don’t reply to any messages under any circumstances and never share any information.  Read Less
Tim Erlin
September 16, 2020
VP of Product Management and Strategy
Tripwire

Breach response, especially for public entities, has to include appropriate transparency and analysis.
Health information is certainly sensitive and needs to be protected. Unfortunately, technical controls aren’t always perfect, and aren’t always enough. In some cases, human error is the root cause of a breach. Breach response, especially for public entities, has to include appropriate transparency and analysis. Although human error might cause a breach, technical controls can certainly be part of the response. Using a technical control to prevent a human from making an error can be very.....Read More
Health information is certainly sensitive and needs to be protected. Unfortunately, technical controls aren’t always perfect, and aren’t always enough. In some cases, human error is the root cause of a breach. Breach response, especially for public entities, has to include appropriate transparency and analysis. Although human error might cause a breach, technical controls can certainly be part of the response. Using a technical control to prevent a human from making an error can be very effective.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...

Expert Reaction On Private Data Leaked From Far-right Platform Gab