This California Health Network Was Just Hacked for the Third Time — Security Today
This California Health Network Was Just Hacked for the Third Time
What went wrong?
In today's media-heavy landscape, it doesn't take long for news to spread about data breaches. Once they become public knowledge, the potentially affected individuals scramble to protect themselves by enrolling in identity theft monitoring programs while the victimized companies fix their vulnerabilities.
A single data breach experienced by a company is damaging enough, but the Verity Health System of California and Verity Health Foundation, known collectively as Verity, suffered a third such issue. What went wrong?
Unauthorized Email Access
A press release from Verity about the most recent incidents confirms that in late November 2018 and mid-January 2019, an unauthorized third party accessed three of the company’s email accounts, including the attachments contained within the respective messages. Verity’s IT security team learned of those incidents hours after they occurred and immediately began assessing the scope of the issue. They disabled the affected email accounts and took them offline as a start. The company notified all relevant regulatory bodies, too.
A more in-depth investigation of the matter showed that the compromised email accounts contained health or medical information. Verity representatives said the content included details like names, billing codes, health insurance policy numbers, treatments given and medical conditions.
They also confirmed that some of the attachments in those email accounts had Social Security Numbers or driver’s license details. But, the results of Verity’s investigation at the time the company published its press release determined that the goal of those responsible was to get the login information of fellow users.
Like many recent data breaches before this one, the details about the incidents are not sufficient to give people peace of mind. For example, Verity stated that there was no evidence that this unknown and unauthorized party accessed or distributed the information held in those email accounts.
Gloss