BlogCybersecurity
Security questionnaire overload? Know your options.
5 Minute Read
Read Security questionnaire overload? Know your options.Cybersecurity
By CORL Technologies | September 28, 2021
CORL continuously monitors cybersecurity events and alerts customers about organizations in their supply chain that have been breached. As part of our tech-enabled managed services for vendor risk management, we also follow up with vendors and track remediation and response activities following breach events.
Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain.
An unsecured database containing over 61 million records has been exposed by GetHealth, a solution which stores health and wellness data from hundreds of wearables. The database held sensitive health information such as names, birthdates, GPS logs, height, weight and more. A sampling of 20,000 records uncovered that the majority of the exposed records were from Fitbit and Apple’s HealthKit. The system was secured within a few hours, although it is unclear how long the records were exposed or who may have been able to access them. Read more about the Apple & FitBit breach |
These organizations were also a part of the GetHealth data breach that exposed over 61 million records of sensitive health information. Other apps and organizations impacted include GoogleFit, Strava, Android Sensor, and ‘S Health’. Read more about the MapMyFitness, Microsoft, Sony, & Google breach |
The personal data of individuals who took a COVID-19 test at a Walgreens pharmacy has been exposed over the Internet due to vulnerabilities in its COVID-19 test registration system. It is currently unclear how many individuals have been affected, although they could well number in the millions given the number of COVID-19 tests Walgreens has performed since April 2020. Read more about the Walgreens breach |
TTEC experienced a widespread system outage caused by an aggressive ransomware group known as “Ragnar Locker”. Employees were urged to avoid clicking on a file that suddenly may have appeared in their windows start menu called “!RA!G!N!A!R!”. Thousands of employees at TTEC are now unable to work customer support for their vendors, and it is unclear the extent and severity of this incident at this time. Read more about the TTEC breach |
Fortinet has confirmed that a cybercriminal gang managed to gain unauthorized access to VPN login IDs and passwords linked with 87,000 FortiGate SSL-VPN devices. The threat actors dumped a trove of around 500,000 login credentials on a dark web forum and a data leak website. Furthermore, the breach list contains exclusive access to high-profile companies across 74 countries, including Israel, India, France, Italy, and France, whereas out of 225,500 victims, 2,959 are identified as US entities. Read more about the Fortinet breach |
Vista Radiology our of Knoxville, TN was the victim of a hacking breach impacting 3,634 individuals. The initial investigation appeared to suggest the sole purpose of the attack was to encrypt its systems, and that data exfiltration was not involved. However, Vista Radiology was informed on July 15 that some evidence had been found that files or folders containing patient data had been accessed and viewed. Vista Radiology said the encrypted data had been backed up and could be restored and that it did not negotiate with the malicious third party. Read more about the Vista Radiology breach |
Thomas Eye group was the victim of an unauthorized access/disclosure to their network server that affected approximately 500 individuals. Details are limited, though the organization has reported the breach to the Department of Health and Human Services per federal breach notification requirements. Read more about the Thomas Eye Group breach |
CoxHealth warned patients of a phone scam in which someone posing as the Springfield, Mo.-based health system tries to sell patients medical equipment or steal their personal information. The health system confirmed these calls are not from any CoxHealth employees or affiliates, and the scam is not the result of a data breach. Read more about the CoxHealth breach |
Jackson Health System is investigating a nurse who allegedly posted photos mocking a neonatal intensive care unit patient on social media. They have also notified the parent of the patient whose privacy was breached. Read more about the Jackson Health System breach |
Facebook had their data breached by a threat actor who is claiming to sell 3.8 billion of their user records. The database was allegedly compiled by combining phone numbers from a previously scraped Clubhouse ‘secret database’ with users’ Facebook profiles. The compilation appears to include names, phone numbers, and other data. Many healthcare organizations list Facebook as a contracted vendor. Read more about the Facebook breach |
Ottawa Hospital Research Institute has apologized to unvaccinated staff after an email was sent out offering a vaccine education session with each recipient’s name visible to others. The email was sent from one of the hospitals software systems and recalled immediately. Read more about the Ottawa Hospital Research Institute breach |
Resource Anesthesiology Associates (RAA) of California has started notifying certain patients of Dignity Health’s Mercy Hospital Downtown and Mercy Hospital Southwest that some of their protected health information was stored on a laptop computer that was stolen. The laptop was password protected but not encrypted. Read more about the Resource Anesthesiology Associates (RAA) breach |
In order to combat these growing supply chain risks, CORL has developed a proprietary data clearinghouse that provides access to assessment results of over 80,000 vendor assessments CORL has conducted. Each year, CORL conducts thousands more vendor risk assessments on behalf of our clients. Chances are very high that we have already assessed a substantial portion of your existing and new vendors from a security, risk, and compliance perspective.
CORL’s tech-enabled managed services and next generation exchange of vendor risk data allows healthcare entities to:
Contact our team here at CORL to learn more about our managed services and next generation exchange for healthcare vendor risk data that gets results with regulatory compliance and lowers supply chain risks.
CORL Technologies
CORL transforms TPRM chaos into clarity
CORL is a leading provider of vendor risk management solutions for the healthcare industry. CORL gets results by scaling organizational and vendor risk programs through our healthcare vendor risk clearinghouse solution, dashboard reporting that business owners can understand, and proven workflows that drive measurable risk reduction. CORL accelerates the speed of vendor risk assessments and holds vendors accountable for remediating risk exposures.
Related Posts
BlogCybersecurity
By CORL Technologies | August 9, 2024
5 Minute Read
Read Security questionnaire overload? Know your options.BlogCybersecurity
By CORL Technologies | February 12, 2024
3 Minute Read
Read Do You Understand Your Vendors’ SOC 2 Reports?BlogCompliance
By CORL Technologies | November 14, 2022
5 Minute Read
Read CISA Cyber Performance Goals: Third-Party & Supply Chain RequirementsWebinars
WEBINAR AI + Healthcare: The Evolving Cybersecurity Equation The healthcare industry is undergoing a profound transformation, driven by the integration of artificial intelligence (AI) into various facets of healthcare delivery, diagnosis, and treatment. AI technology has the potential to revolutionize healthcare, improving care quality, reducing costs, enhancing efficiency, and even improving outcomes. However, with these […]