How To Protect From VCU Like Data Breaches?

The Virginia Commonwealth University (VCU) health system suffering a data breach. Information security experts reacted below on what went wrong and how to protect against such breaches.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Chad McDonald
Chad McDonald , CISO
InfoSec Expert
July 14, 2022 1:39 pm

“The exposure of nearly 4,500 organ donors and transplant recipients’ data is another example of poor identity management processes. Having access to someone else’s medical data is a serious issue, if regular users can exploit these flaws, then cyber criminals can. Proper data classification and controls should have identified that this information was sensitive, and that users should not have access to other peoples’ medical records.
 
Organisations must define access levels to identity data based upon risk and justifiable need. A strong identification management system would have only presented identity data to those who had the right to access it. In the case of this particular exposure, it is clear that such a program was not in place.
 
Organisations need an Identity Access Management solution which can unify and streamline their identity data to provide complete and accurate user profiles. With complete visibility over systems, security teams are then able to properly track who should be accessing what, therefore reducing the risk of a serious breach.”

Last edited 25 days ago by Chad McDonald
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x