People Incorporated Mental Health Services disclosed that an email security data breach exposed sensitive patient records and financial data. The cybersecurity experts offer perspective below.
Mental health professionals conduct some of the most sensitive conversations and deal with some of the most sensitive of health information Lapses in cybersecurity open up their patients to anguish and blackmail, as we’ve unfortunately seen lately. They have a particular responsibility to avoid the types of vulnerabilities that expose sensitive patient data, yet it’s likely that most practices do not take ongoing education on phishing, phone phishing, social engineering and other exploits in the mistaken belief that they’re not targets.
The recent breach of People Incorporated Mental Health Services follows an all too familiar pattern, where an attacker is able to infiltrate a system and remain undetected for far too long while they exfiltrate sensitive data. While the breach seems to be fairly small in scope and the stolen data hasn\’t been used, yet, there\’s no reason to believe it won\’t be sold and abused in the near future. The organization here is being responsible in how they deal with this, but there is no getting around the fact that there was something lacking in their security stack or process that allowed the breach
Mental health professionals conduct some of the most sensitive conversations and deal with some of the most sensitive of health information Lapses in cybersecurity open up their patients to anguish and blackmail, as we’ve unfortunately seen lately. They have a particular responsibility to avoid the types of vulnerabilities that expose sensitive patient data, yet it’s likely that most practices do not take ongoing education on phishing, phone phishing, social engineering and other exploits in the mistaken belief that they’re not targets.
The recent breach of People Incorporated Mental Health Services follows an all too familiar pattern, where an attacker is able to infiltrate a system and remain undetected for far too long while they exfiltrate sensitive data. While the breach seems to be fairly small in scope and the stolen data hasn\’t been used, yet, there\’s no reason to believe it won\’t be sold and abused in the near future. The organization here is being responsible in how they deal with this, but there is no getting around the fact that there was something lacking in their security stack or process that allowed the breach