United States – Alomere Health
Exploit: Phishing attack
Alomere Health: General medical and surgical hospital
Risk to Small Business: Severe: Two employees fell for a phishing scam that gave hackers access to patients’ protected health information. The first breach occurred between October 31, 2019 and November 1, 2019, while a second breach took place on November 6, 2019. In response, the company is updating its email security protocols, an effort that won’t restore the stolen data nor repair the company’s already-damaged reputation. In addition, Alomere Health could face regulatory penalties because of the nature and scope of the data breach.
Individual Risk: Severe: The compromised employee email accounts stored patient data, including names, addresses, dates of birth, medical record numbers, health insurance information, along with sensitive diagnosis and treatment details. In addition, some patients had their Social Security numbers and driver’s license numbers exposed. Alomere Health is offering free credit and identity monitoring services to those impacted by the breach, and anyone affected should enroll in these services. In addition, they should be especially critical of online communications, as the stolen data can be deployed in phishing scams that can collect additional personal data.
Customers Impacted: 49,351
How it Could Affect Your Business: Phishing scams are the leading cause of data breaches, but they are also entirely avoidable. With the cost associated with a compromise continually escalating, training employees to identify and avoid phishing scams is a relatively low-cost initiative that can transform employees into a robust defense rather than an imminent vulnerability.
In Other News:
UK Businesses Endured an Attack Every Minute in 2019
For companies around the world, 2019 was a terrible year for data security. This is especially true for UK businesses, which endured a deluge of cybersecurity episodes equal to an attack every minute. Individually, it’s estimated that each business experienced 576,575 attempts to compromise company data in 2019, a 152% year-over-year increase.
The report, compiled by Beaming, a Hastings-based ISP, identified China as the origin for nearly ⅕ of the attacks. Hackers commonly pursued domain admin tools and IoT endpoints to gain access to company networks. In total, the report concluded that 2019 was the worst year on record for UK data breaches. Moreover, the report cautioned SMBs to take cybersecurity issues more seriously by recognizing the profound risk and implementing basic protection plans, including adopting two-factor authentication to secure web platforms.