A hacking incident at the University of New Mexico Health in Ålbuquerque exposed the information of 637,252 patients, according to data recently reported to HHS. The health system began notifying patients who may have been affected Aug. 3. On June 4, the health system discovered that an unauthorized third party gained access to its network and may have obtained files containing patient information May 2. The exposed files contained patient names, addresses, birthdates, medical record numbers and health insurance details. Some patients' Social Security numbers were exposed, according to the online privacy notice. The health system said it is providing free credit- and identity-monitoring services to patients whose Social Security numbers were exposed. https://www.
In response to this, James McQuiggan, Security Awareness Advocate at KnowBe4 (knowbe4.com) has offered the following comment:
"One of the more disparaging and difficult issues with data breaches is the revelation of how long the cybercriminals were inside the organization's network undetected. Part of the cyber criminal's repertoire is to silently work through an endpoint to the critical systems by using exploits and stolen credentials.
Organizations with Security Operations Center (SOCs) have the difficult task of working through millions of log records looking for that proverbial "needle in the haystack." Unfortunately, it is not until after an incident has occurred that the security teams discover the breach.
Security teams must have the necessary tools and education to quickly and effectively detect unauthorized access and activity to defend their organization's infrastructure and data."