BlogCybersecurity
Security questionnaire overload? Know your options.
5 Minute Read
Read Security questionnaire overload? Know your options.Cybersecurity
By CORL Technologies | November 3, 2021
CORL continuously monitors cybersecurity events and alerts customers about organizations in their supply chain that have been breached. As part of our tech-enabled managed services for vendor risk management, we also follow up with vendors and track remediation and response activities following breach events.
Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain.
Limeade provides mobile-first solutions grounded in science to improve employee well-being, engagement and inclusion. The business associate organization suffered an unauthorized access/disclosure to a desktop computer that affected approximately 2,287 individuals. Read more about the Limeade breach |
Wiggin and Dana LLP experienced a security incident that affected their network systems. They received confirmation that certain files stored within their environment may have been accessed. Wiggin and Dana is providing notice because the investigation confirmed that the following types of information may have been present in the affected systems at the time of the incident: name, date of birth, Social Security number, financial account information, medical/diagnosis/treatment information, and/or government issued identification numbers. Read more about the Wiggin and Dana LLP breach |
PracticeMax’s client, Anthem, had members who are enrolled in the VillageHealth program notified that some of their protected health information had potentially been compromised in a ransomware attack. The following types of data have been exposed: First and last name, date of birth, address, phone number, Anthem member ID number, and clinical data relating to kidney care services received. The attack lasted from April 17 to May 15 and a server containing PHI was accessed and files were stolen. Humana and Anthem use this vendor to share information with Village Health, a kidney care provider. Humana reported that this event impacted 4,424 patients. Anthem reported the breach to the California attorney general, but the volume of records was not disclosed. Read more about the PracticeMax, VillageHealth, & Anthem breach |
Accenture disclosed a ransomware attack by threat actors LockBit. At the time of the attack, threat intelligence firm Cyble reported that the ransomware gang stole databases containing over 6TB of data and were demanding a $50M ransom. The experts also claimed that the hack was the result of an insider job. After the attack, Accenture pointed out that the operations were not impacted and that it was able to restore from backups. The company also denied claims that ransomware operators have stolen customer credentials. Read more about the Accenture breach |
Microsoft stated that a new Iran-linked hacking group has targeted more than 250 Office 365 tenants and compromised accounts for less than 20 of those tenant organizations. The attacks, which the company disclosed in a security alert, have been carried out via password spraying, a technique where hackers try the same password over and over again—while rotating the username. Read more about the Microsoft breach |
Independent Health, a large health plan organization out of New York, has suffered an unauthorized access/disclosure to their emails that affected approximately 541 individuals. The organization has reported the breach to the Department of Health and Human Services per federal breach notification requirements, though further details are limited. Read more about the Independent Health breach |
EMI Health, a health plan out of Utah, launched an investigation that determined an unauthorized person gained access to their network between and deployed malware onto their systems. The unauthorized person acquired copies of some documents from their systems that contained member information and do not yet know which specific members’ information was involved. EMI Health believes that the documents contain members names, Social Security numbers, driver’s license numbers, addresses, dates of birth, health insurance identification numbers, and/or clinical information. Read more about the EMI Health breach |
Orange County HCA suffered an unauthorized access/disclosure to their paper/films that affected approximately 4,732 individuals. The organization has reported the breach to the Department of Health and Human Services per federal breach notification requirements, though further details are limited. Read more about the Orange County HCA breach |
American Osteopathic Association is notifying approximately 27,500 individuals that some of their personal information was stolen in a cyberattack. After a review, it was determined names, addresses, dates of birth, Social Security numbers, financial account information, and email addresses/usernames and passwords were in the exfiltrated data. Read more about the American Osteopathic Association breach |
GitHub was informed of a security loophole that allows software code to be automatically passed without any peer or supervisor review. The vulnerability, discovered by security startup Cider Security, circumvents security controls and exists even in the installations of organizations that have not enabled the recently introduced feature. Read more about the GitHub breach |
Acer has confirmed that its after-sales service systems in India were recently breached in what the company called “an isolated attack.” While Acer didn’t provide details regarding the attackers’ identity behind this incident, a threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers. Read more about the Acer breach |
Olympus, a global medical device solutions vendor, was forced to take down its IT systems in the Americas following a cyberattack that hit its network. An Olympus spokesperson stated that the company found no evidence of data loss during an ongoing investigation regarding this incident. This breach is the second major breach for Olympus in 2021. Read more about the Olympus breach |
In order to combat these growing supply chain risks, CORL has developed a proprietary data clearinghouse that provides access to assessment results of over 80,000 vendor assessments CORL has conducted. Each year, CORL conducts thousands more vendor risk assessments on behalf of our clients. Chances are very high that we have already assessed a substantial portion of your existing and new vendors from a security, risk, and compliance perspective.
CORL’s tech-enabled managed services and next generation exchange of vendor risk data allows healthcare entities to:
Contact our team here at CORL to learn more about our managed services and next generation exchange for healthcare vendor risk data that gets results with regulatory compliance and lowers supply chain risks.
CORL Technologies
CORL transforms TPRM chaos into clarity
CORL is a leading provider of vendor risk management solutions for the healthcare industry. CORL gets results by scaling organizational and vendor risk programs through our healthcare vendor risk clearinghouse solution, dashboard reporting that business owners can understand, and proven workflows that drive measurable risk reduction. CORL accelerates the speed of vendor risk assessments and holds vendors accountable for remediating risk exposures.
Related Posts
BlogCybersecurity
By CORL Technologies | August 9, 2024
5 Minute Read
Read Security questionnaire overload? Know your options.BlogCybersecurity
By CORL Technologies | February 12, 2024
3 Minute Read
Read Do You Understand Your Vendors’ SOC 2 Reports?BlogCompliance
By CORL Technologies | November 14, 2022
5 Minute Read
Read CISA Cyber Performance Goals: Third-Party & Supply Chain RequirementsWebinars
WEBINAR AI + Healthcare: The Evolving Cybersecurity Equation The healthcare industry is undergoing a profound transformation, driven by the integration of artificial intelligence (AI) into various facets of healthcare delivery, diagnosis, and treatment. AI technology has the potential to revolutionize healthcare, improving care quality, reducing costs, enhancing efficiency, and even improving outcomes. However, with these […]