Hospital Stops Unencrypted Data Transfer to 3rd Party
A hospital figured out that it was sending unencrypted data over the internet before it was too late.
A hospital organization had a problem with unencrypted patient data being transferred online to a third-party medical record storage company.
A newly acquired clinic was using an outdated virtual desktop image to send patient data to a third-party vendor. By using the old image, the clinic unknowingly sent the data without encryption over the internet. That type of event could have led to a HIPAA violation ($408/record), and worse yet, unauthorized disclosure to cybercriminals.
Fortunately, the hospital had recently signed on for Critical Insight Managed Detection and Response.
A SOC analyst saw the problem and quickly flagged it, calling the contact at the hospital. The hospital was able to quickly fix the problem before it was detected by criminals, eliminating the exposure.
"Should a breach occur after an acquisition or merger, the newly integrated organization’s risks are significant. Fines for compromised patient records, lost revenue from the damage to the company’s reputation, and increased oversight from regulatory bodies are all bad outcomes that are avoidable." - Fred Langston