Contents:
Fairfax healthcare organization from the United States has disclosed a data breach that could have compromised the medical records of approximately 250,000 patients.
The Virginia-based supplier of facial and dental services announced the conclusion of an investigation, which revealed that a threat actor infiltrated its systems in May. The corporation has also informed the Maine Attorney General of its findings.
Details About the Fairfax Data Breach
Fairfax operates half a dozen surgeries across northern Virginia, and the total number of victims impacted by the breach nationwide is 235,931. The exposed data includes names, driver’s licenses, Social Security numbers, health insurance, and medical history details.
Cybercriminals frequently illegally commercialize such information in order to leverage additional crimes such as online fraud and identity theft.
According to the company, there is no evidence of unlawful use of the exposed data for such purposes. However, the infiltrators’ ability to transfer the exposed data without any other apparent alterations may potentially put clients at risk.
The investigation did not find evidence that any files were acquired from Fairfax’s network during the incident, and Fairfax is not aware of any instances of anyone’s personal information having been misused. Nevertheless, Fairfax is notifying individuals whose personal information was contained on the encrypted systems.
Cybernews (Source)
Remediation Measures
Fairfax compensated the victims of the data breach with a year of free identity protection services.
Additionally, the company has taken steps to reduce the risk of security incidents. This includes enhancing its technical security measures.
Every healthcare company that wants to strengthen its security, can follow a few simple steps:
- conduct regular risk assessments
- limit network access to reduce the attack surface and minimize the potential for unauthorized access
- use a Firewall and a Next-Gen Antivirus
- control and monitor privileged access rights
- patch vulnerabilities regularly
- implementing DNS protection measures
- educate and train its employees in cybersecurity
- implement a regular and consistent backup and data recovery process
- develop an incident response plan in case of a cyberattack
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.