- This topic has 3 replies, 4 voices, and was last updated 2 years, 7 months ago by Navin Prasai.
-
AuthorPosts
-
-
2021-09-20 at 6:43 pm #31429Arwin Jerome Manalo OndaParticipant
1. Provide a brief description of the story.
In brief, A2Z Diagnostics, a company based in New Jersey providing specialized diagnostic testing, has issued a statement regarding a data breach on its systems. The said breach potentially exposed personal/protected health information of its patients to unknown entities. The information include names, identification numbers, social security numbers, address, and health insurance information among others.
The company claims there is no evidence that such information were misused; however, as an extra precaution, it warned the affected individuals to vigilantly monitor their financial transactions for malicious activities.
2. What is/are the impact of this data breach? Consequences of the data breach.
The data breach potentially exposed protected health information to unknown entities. The customers affected may be subject to identity theft, tagged in malicious activities, or victims of fraud and scams.3. How did the data breach occur?
The breach occurred when the unknown entity had access to select employee email accounts of A2Z from February 2, 2021 to April 2, 2021.4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The company has said that after the cyberattack, it laid foundations to improve its security, notably enhancing its multi-factor authentication software. As such, the most probable cause of the data breach is the failure of the IT personnel to continuously test its multi-factor authentication software for bugs. The bug may have been exploited by the unknown entities to gain access to the employee accounts – leading to potential exposure of personal health information.
5. How could you prevent this data breach attack?
As an informatician, initiating a corrective and preventive action (CAPA) plan would help in identifying the root cause of the attack. From there, I can reinforce policies/activities that would strengthen the security of the system, which may include strong password policy, actively scanning for bugs in the security software, updating machines through patches and fixes as provided by vendor company, use two or more authentication factor of different types, among others. -
2021-09-22 at 5:59 am #31463SaranathKeymaster
It is interesting that the main cause of data breach is due to a technical error in the system that was developed to make the system more secure (multi-factor authentication).
-
2021-09-22 at 10:09 pm #31556Napisa Freya SawamiphakParticipant
Thank you for sharing. Agree that the security system should be developed. In addition, hiring a cybersecurity expert to investigate the incident and setting up the whole system during the beginning phase may be beneficial, also conduct annual cybersecurity training to all employees, in order to raise staff awareness
-
2021-09-23 at 12:38 pm #31596Navin PrasaiParticipant
As mentioned in the report the main cause of the breach was the technical error while testing the bugs using multi-factor authentication.
Employees’ awareness and education, using data encryption, updating software can prevent the attack.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here