Information of Eye Patients Exposed Following Data Breach
Hackers have begun to target the healthcare industry.
Two distinct security incidents at eye-care providers in the United States have exposed the protected health information of hundreds of thousands of Americans, according to reports. On September 14, Simon Eye Management notified the Office for Civil Rights at the Department of Health and Human Services of a data breach, according to Intelligent Ciso.
Approximately 144,000 people's personal information was stolen in an email hacking incident at a Delaware eye care organization. According to a Simon Eye alert, suspicious activity related to some staff email accounts' was discovered on or around June 8th. Unauthorized access to several staff email accounts was discovered between May 12 and May 18, 2021, according to a study by third-party computer forensic analysts.
Trevor J. Morgan of Comforte AG, stated: “The data breaches involving two eye-care providers in the US, Simon Eye Management and USV Optical, collectively exposed tens of thousands of data subjects’ PHI, PII, and/or other sensitive information. "
Hackers start looking for information in the healthcare domain
He added that these incidents are unfortunately part of a disturbing pattern of attacks on healthcare and personal care organizations that collect and store a large amount of extremely private information about their customers. These industries must face the fact that they will continue to be high-value targets, and they must adopt defenses commensurate with the pervasive threat. Data-centric security methods like tokenization and format-preserving encryption can help mitigate the impact of data breaches like these because they protect the data itself rather than the perimeters surrounding it. By replacing sensitive data elements with innocuous representative tokens, these methods protect the data itself rather than the perimeters surrounding it. Not providing critical information means that even if threat actors get their hands on the data, they can not do anything with it. Companies need to be able to see the problem clearly and focus on the most appropriate solution.