BlogCybersecurity
Security questionnaire overload? Know your options.
5 Minute Read
Read Security questionnaire overload? Know your options.Cybersecurity
Keep Up with CORL: Vendor Breach Digest, 9/13/21
CORL continuously monitors cybersecurity events and alerts customers about organizations in their supply chain that have been breached. As part of our tech-enabled managed services for vendor risk management, we also follow up with vendors and track remediation and response activities following breach events.
Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain.
Microsoft discovered a breach within their Power Apps portal apps which has left 38 million records exposed. The scale of vulnerability affected more than 1,000 web apps and covered private information that includes COVID-19 contact tracing, vaccination registrations and statuses, employee databases with details such as home addresses and phone numbers, and even social security numbers. Read more about the Microsoft Power Apps breach |
Fujitsu had 4 GB of data stolen by a group of well-known threat actors, “Marketo”. Fujitsu states that information appears related to customers and not their own systems. Samples of the data included confidential customer information, company data, budget data, reports, and other company documents including information on projects. Marketo is not a ransomware group but operates in a similar fashion by stealing company data and threatens the release of the data unless a ransom is paid. Read more about the Fujitsu breach |
Nova Biomedical suffered a hacking/IT incident to their network server that affect approximately 3,774 individuals. Details are limited, though Nova has reported the breach to the Department of Health and Human Services per federal breach notification requirements. Read more about the Nova Biomedical breach |
The State of Maryland Board of Podiatry was another victim of the Microsoft Power Apps breach that exposed a total of 38 million records containing personally identifiable information (PII). The information included employee information as well as data related to Covid-19 vaccinations, contact tracing, and testing appointments. Read more about the State of Maryland Board of Podiatry breach |
Sandhills Center, a mental managed care services company out of North Carolina, had its information exposed to the data for sale site “Marketo” by an unauthorized individual or group. The 643 GB data dump has not been fully investigated yet; but after further examination and pressure from an outside source with proof, Sandhills Center confirmed that there were in fact four individuals with potential exposure of protected health information. The source who pressured Sandhills into reporting believes the number of affected individuals to be closer to 1,000. Read more about the Sandhills Center breach |
The State of Indiana was another victim of the Microsoft Power Apps breach that exposed a total of 38 million records containing personally identifiable information (PII). The information included employee information as well as data related to Covid-19 vaccinations, contact tracing, and testing appointments. Read more about the State of Indiana breach |
Nashua Regional Cancer Center suffered a hacking/IT incident to their network server that affect approximately 520 individuals. Details are limited, though the organization has reported the breach to the Department of Health and Human Services per federal breach notification requirements. Read more about the Nashua Regional Cancer Center breach |
DuPage Medical Group suffered a cyber-attack from threat actors which caused a week-long computer and phone outage. DuPage has notified approximately 600,000 patients that their data may have been compromised. Read more about the DuPage Medical Group breach |
Metro Infectious Disease Consultants suffered a hacking/IT incident to their emails that affected approximately 171,740 individuals. Details are limited, though the organization has reported the breach to the Department of Health and Human Services per federal breach notification requirements. Read more about the Metro Infectious Disease Consultants breach |
North Country Healthcare suffered a hacking/IT incident to their network server that affected approximately 3,550 (est.) individuals. Details are limited, though the organization has reported the breach to the Department of Health and Human Services per federal breach notification requirements. Read more about the North Country Healthcare breach |
JPMorgan Chase has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers. Personal details of Chase bank customers including statements, transaction lists, names, and account numbers were potentially exposed to other Chase banking members. Many healthcare entities conduct their corporate banking through Chase. Read more about the JPMorgan Chase breach |
T-Mobile is actively investigating a data breach after a threat actor claims to have hacked T-Mobile’s servers and stolen databases containing the personal data of approximately 100 million customers. This stolen data allegedly includes customers’ IMSI, IMEI, phone numbers, customer names, security PINs, Social Security numbers, driver’s license numbers, and date of birth. Read more about the T-Mobile breach |
CORL’s Managed Services & Next Generation Exchange of Vendor Risk Data
In order to combat these growing supply chain risks, CORL has developed a proprietary data clearinghouse that provides access to assessment results of over 80,000 vendor assessments CORL has conducted. Each year, CORL conducts thousands more vendor risk assessments on behalf of our clients. Chances are very high that we have already assessed a substantial portion of your existing and new vendors from a security, risk, and compliance perspective.
CORL’s tech-enabled managed services and next generation exchange of vendor risk data allows healthcare entities to:
- Prioritize vendors for assessment and remediation
- Make informed supply chain risk decisions
- Scale vendor risk programs
- Report on vendor risk across the entire vendor portfolio
- Drive and track remediation
- Validate controls and gain assurance
- Track KPI, KRI, and SLA metrics on program performance
- Identify trends in vendor types to anticipate breaches
- Save time, money, and resources
- Accelerate assessment turnaround times
Contact our team here at CORL to learn more about our managed services and next generation exchange for healthcare vendor risk data that gets results with regulatory compliance and lowers supply chain risks.
About the Author
CORL Technologies
CORL transforms TPRM chaos into clarity
CORL is a leading provider of vendor risk management solutions for the healthcare industry. CORL gets results by scaling organizational and vendor risk programs through our healthcare vendor risk clearinghouse solution, dashboard reporting that business owners can understand, and proven workflows that drive measurable risk reduction. CORL accelerates the speed of vendor risk assessments and holds vendors accountable for remediating risk exposures.
Related Posts
BlogCybersecurity
Do You Understand Your Vendors’ SOC 2 Reports?
3 Minute Read
Read Do You Understand Your Vendors’ SOC 2 Reports?
BlogCompliance
CISA Cyber Performance Goals: Third-Party & Supply Chain Requirements
5 Minute Read
Read CISA Cyber Performance Goals: Third-Party & Supply Chain RequirementsYou might also be interested in…
Webinars
AI + Healthcare: The Evolving Cybersecurity Equation
WEBINAR AI + Healthcare: The Evolving Cybersecurity Equation The healthcare industry is undergoing a profound transformation, driven by the integration of artificial intelligence (AI) into various facets of healthcare delivery, diagnosis, and treatment. AI technology has the potential to revolutionize healthcare, improving care quality, reducing costs, enhancing efficiency, and even improving outcomes. However, with these […]