LabCorp has disclosed that 7.7 million customers may have been impacted by a data breach of a third party billing provider which exposed PII, payment data and PHI.
Not just Quest: now LabCorp has confirmed a data breach affecting 7.7 million patients. https://t.co/44bJ6RcyZl
— TechCrunch (@TechCrunch) June 5, 2019
Experts Comments:
George Wrenn, Founder and CEO at CyberSaint Security:
“Due to the interconnectedness of modern business, I will be surprised if we do not soon learn about other companies affected by this breach. Especially with our third parties, managing, tracking, and protecting the data that flows to and from our third parties is critical to cybersecurity resilience and a foundation of privacy best practices. Organizations have a duty to ensure that third parties are guarding their patients’ personally identifiable information, and this event is certainly evidence of its importance. The prevalence of third-party breaches, as well as the severity, is only increasing as digitization takes over modern business. Organizations must be responsible for tracking their third parties, knowing the real-time status of their cybersecurity, data protection, and privacy postures, and identifying their risk tolerance using this information to request remediation activities and make the most informed partnership decisions possible.”
Mounir Hahad, Head at Juniper Threat Labs at Juniper Networks:
“It is expected that any organization that uses AMCA for collections would be impacted by this breach. It is telling that AMCA’s main web site does not enforce encryption like most web sites do, and when you manually switch to HTTPS to try to secure the connection, it presents you with the wrong certificate for another web site called retrievalmasterscreditorsbureau.com, which also happens to have expired a year ago.”
