Expert Comments

Expert On News That Welsh Coronavirus Patient Details Leaked Online

Expert(s): Security Experts
Expert(s): Security Experts

Personal information on almost 20,000 coronavirus patients in Wales was uploaded onto a public computer system in a major data security breach, it was revealed by the Daily Mail.

Experts Comments

September 16, 2020
Robert Byrne
Field Strategist
One Identity
Breach fatigue" and complacency about breaches is a real risk for IT professionals and clearly have significant impact, but on the up side healthcare breaches such as this one can be an opportunity to effect real change in an organisation. Announcing "immediate measures" is barely credible, however, since we know that good data security is an ongoing and, frankly, never ending programme. Clearly the processes and privacy measures in place at the NHS need to be reviewed, not just immediately,.....Read More
Breach fatigue" and complacency about breaches is a real risk for IT professionals and clearly have significant impact, but on the up side healthcare breaches such as this one can be an opportunity to effect real change in an organisation. Announcing "immediate measures" is barely credible, however, since we know that good data security is an ongoing and, frankly, never ending programme. Clearly the processes and privacy measures in place at the NHS need to be reviewed, not just immediately, but also for the medium and longer term. We see most improvements by adhering to principles of least privilege and automated account hygiene processes combined with a focus on the privileged - or highest value - accounts that hackers are targeting. Securing applications and data in the context of a broader IAM programme will help avoid "individual errors" of this kind and give organisations a breach-resilient stance that will contain and minimise the impact of any breach.  Read Less
September 16, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
With modern technology, it's easy to collect, process, and store data. This can bring about many business benefits, but there are equally as many risks, and despite technical controls being in place, it is very easy for an individual to accidentally or deliberately expose sensitive data. Having access to so much data is akin to letting someone drive a bus without prior training. While the basics may appear similar to a car, there are many differences, and there are many more lives at stake......Read More
With modern technology, it's easy to collect, process, and store data. This can bring about many business benefits, but there are equally as many risks, and despite technical controls being in place, it is very easy for an individual to accidentally or deliberately expose sensitive data. Having access to so much data is akin to letting someone drive a bus without prior training. While the basics may appear similar to a car, there are many differences, and there are many more lives at stake. Therefore, security awareness training is important to build a culture of security, so that all employees know and understand the part they play in keeping sensitive information safe and handle it appropriately. Otherwise, we will continue to see huge breaches which could have easily been avoided.  Read Less
September 16, 2020
Brian Higgins
Security Specialist
Comparitech.com
Despite the unfortunate nature of this event and the obvious worry and the potential harm it will undoubtedly cause to those involved, it is an excellent example of how Public Authorities should deal with data breaches. The transparent nature and swift approach taken by Public Health Wales is to be commended. They have clearly done everything they can to mitigate the effects of this breach and obviously have a comprehensive Incident Response plan in place. Anyone notified as victims of the.....Read More
Despite the unfortunate nature of this event and the obvious worry and the potential harm it will undoubtedly cause to those involved, it is an excellent example of how Public Authorities should deal with data breaches. The transparent nature and swift approach taken by Public Health Wales is to be commended. They have clearly done everything they can to mitigate the effects of this breach and obviously have a comprehensive Incident Response plan in place. Anyone notified as victims of the breach should not respond to any unsolicited requests for personal information of any nature; passwords, security information, bank details etc. (even if the request seems unrelated to the incident) on any platform; email, social media or telephone or post. Cyber criminals are inventive and resourceful and will use any number of methods to use this data to commit more crime. If anyone is worried or suspicious, they should contact Public Health Wales, or the Police, directly. Don’t reply to any messages under any circumstances and never share any information.  Read Less
September 16, 2020
Tim Erlin
VP of Product Management and Strategy
Tripwire
Health information is certainly sensitive and needs to be protected. Unfortunately, technical controls aren’t always perfect, and aren’t always enough. In some cases, human error is the root cause of a breach. Breach response, especially for public entities, has to include appropriate transparency and analysis. Although human error might cause a breach, technical controls can certainly be part of the response. Using a technical control to prevent a human from making an error can be very.....Read More
Health information is certainly sensitive and needs to be protected. Unfortunately, technical controls aren’t always perfect, and aren’t always enough. In some cases, human error is the root cause of a breach. Breach response, especially for public entities, has to include appropriate transparency and analysis. Although human error might cause a breach, technical controls can certainly be part of the response. Using a technical control to prevent a human from making an error can be very effective.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Data Hacked For 400,000 LA Patients

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts