A database containing plaintext data (not encrypted) of 9.3 million individuals from a large, unidentified U.S. health insurer is just one entity a hacker, who calls himself “thedarkoverlord,” broke into recently. The hacker is reportedly selling on the dark web copies of databases stolen from the unnamed health insurer and three unidentified U.S. healthcare organizations containing data on nearly 10 million individuals for prices ranging from about $96,000 to $490,000 in bitcoin for each database. The story hit the news wire June 26 and continues to unfold.
The hacked data being sold, according to DeepDotWeb, Databreaches.net and other media sites, includes the unnamed insurer and these unfortunate three:
· A database containing plaintext data of 397,000 patients of a healthcare organization based in Georgia
· A database containing plaintext data of 210,000 patients from a healthcare provider operating in the central and Midwestern region of the U.S.
· A database containing data of 48,000 patients of a Farmington, Mo.-based healthcare organization, which, according to a report on healthcareinfosecurity.com, the hacker claims “was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords.”
Does anything stand out to you in all these breaches? (Hint: notice the words in bold.) So, what can you do to keep the protected health information (PHI) of your patients secure? Inarguably, encrypting your data and eliminating passwords as a single factor for authentication are critical steps.
But with hackers out there who don’t take time off from their attempts to leak patient information from the healthcare system, now may be the best time for you to get in touch with the HIPAA experts at PrivaPlan. We can help ensure that you’re doing everything necessary to protect your data, and therefore, your patients.
Contact us at firstname.lastname@example.org or call 877-218-7707.