US Mental Health Provider Email Breach; Experts Reaction

People Incorporated Mental Health Services disclosed that an email security data breach exposed sensitive patient records and financial data. The cybersecurity experts offer perspective below.

Experts Comments

November 16, 2020
Chloé Messdaghi
VP of Strategy
Point3 Security
Mental health professionals conduct some of the most sensitive conversations and deal with some of the most sensitive of health information Lapses in cybersecurity open up their patients to anguish and blackmail, as we’ve unfortunately seen lately. They have a particular responsibility to avoid the types of vulnerabilities that expose sensitive patient data, yet it’s likely that most practices do not take ongoing education on phishing, phone phishing, social engineering and other exploits.....Read More
Mental health professionals conduct some of the most sensitive conversations and deal with some of the most sensitive of health information Lapses in cybersecurity open up their patients to anguish and blackmail, as we’ve unfortunately seen lately. They have a particular responsibility to avoid the types of vulnerabilities that expose sensitive patient data, yet it’s likely that most practices do not take ongoing education on phishing, phone phishing, social engineering and other exploits in the mistaken belief that they’re not targets.  Read Less
November 16, 2020
Saryu Nayyar
CEO
Gurucul
The recent breach of People Incorporated Mental Health Services follows an all too familiar pattern, where an attacker is able to infiltrate a system and remain undetected for far too long while they exfiltrate sensitive data. While the breach seems to be fairly small in scope and the stolen data hasn't been used, yet, there's no reason to believe it won't be sold and abused in the near future. The organization here is being responsible in how they deal with this, but there is no getting around .....Read More
The recent breach of People Incorporated Mental Health Services follows an all too familiar pattern, where an attacker is able to infiltrate a system and remain undetected for far too long while they exfiltrate sensitive data. While the breach seems to be fairly small in scope and the stolen data hasn't been used, yet, there's no reason to believe it won't be sold and abused in the near future. The organization here is being responsible in how they deal with this, but there is no getting around the fact that there was something lacking in their security stack or process that allowed the breach  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.