It was reported at the end of last week that there had been a data breach at Natural Health Services. It involves the personal health information of about 34,000 medical marijuana patients that was accessed in a data breach of an electronic medical record system used by NHS and its parent company Sunniva Inc. The NHS says patients have been informed in the last week of the breach that occurred between Dec. 4, 2018 and Jan. 7. It says the breach didn’t involve any financial, credit card or social insurance number information since those aren’t collected from patients.
This is not the first time — nor probably the last — when Canadian 🇨🇦 marijuana users have found themselves embroiled in a data breach. #Databreach exposes diagnosis data of 34,000 medical marijuana patients | ZDNet https://t.co/o3oPYa3leq
— 2BCyberBright (@2BCyberbright) March 31, 2019
Don Duncan, Director of Business Development at NuData Security:
“Any breach of personal information is an opening for potential future fraud. A stolen name and email address can be combined with other personally identifiable information (PII) from other hacks and breaches, to amass even more detailed profiles of users that are traded and sold to other hackers and fraudsters. For example, with enough data collected from separate breaches, a fraudster can gain access to enough financial and personal information to enable the successful application for a new credit card or loan, or even takeover of an existing consumer financial account.
Behavioural analytics can provide victims of a data breach with an extra layer of protection even after a hack like what happened to the Natural Health Service has occurred. We need to put a stop to these fraudsters in an entirely passive and non–intrusive way by building barriers to the fraudsters. We do this by learning how a legitimate user interacts with the online world around them, in contrast to a potential fraudster who uses valid consumer information stolen from intrusions and data breaches. Passive biometric technologies are highly accurate and impersonation resistant, making it possible to predict and prevent fraud from occurring in real time – without interrupting a user’s experience.
The only way we are going to stop these breaches is to devalue the data the fraudsters are going after. Passive biometric technology is being used by some large banks and merchants that can verify the true user even when valid stolen credentials are presented. Once these dynamic behavioural authentication solutions are more widespread identity thieves will have a much harder time operating in an environment where the data they go after is useless to them. We look forward to seeing online identity thieves go out of business.”