Personal Data Of 34,000 Medical Marijuana Patients Accessed In Data Breach

It was reported at the end of last week that there had been a data breach at Natural Health Services. It involves the personal health information of about 34,000 medical marijuana patients that was accessed in a data breach of an electronic medical record system used by NHS and its parent company Sunniva Inc. The NHS says patients have been informed in the last week of the breach that occurred between Dec. 4, 2018 and Jan. 7. It says the breach didn’t involve any financial, credit card or social insurance number information since those aren’t collected from patients. 

Don Duncan, Director of Business Development at NuData Security:

“Any breach of personal information is an opening for potential future fraudA stolen name and email address can be combined with other personally identifiable information (PII) from other hacks and breaches, to amass even more detailed profiles of users that are traded and sold to other hackers and fraudsters. For example, with enough data collected from separate breaches, a fraudster can gain access to enough financial and personal information to enable the successful application for a new credit card or loan, or even takeover of an existing consumer financial account.   

Behavioural analytics can provide victims of a data breach with an extra layer of protection even after a hack like what happened to the Natural Health Service has occurred. We need to put a stop to these fraudsters in an entirely passive and non–intrusive way by building barriers to the fraudsters. We do this by learning how a legitimate user interacts with the online world around them, in contrast to a potential fraudster who uses valid consumer information stolen from intrusions and data breaches. Passive biometric technologies are highly accurate and impersonation resistant, making it possible to predict and prevent fraud from occurring in reatime – without interrupting a user’s experience.   

The only way we are going to stop these breaches is to devalue the data the fraudsters are going after. Passive biometric technology is being used by some large banks and merchants that can verify the true user even when valid stolen credentials are presented. Once these dynamic behavioural authentication solutions are more widespread identity thieves will have a much harder time operating in an environment where the data they go after is useless to them. We look forward to seeing online identity thieves go out of business.” 

 

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.