The University of Pittsburgh Medical Center (UPMC) had the private information of more than 36,000 people breached. But the medical giant itself was not compromised. A smaller law firm they use for billing-related legal services experienced the event from April to June of last year.
An ability to access a larger and possibly more secure network via a smaller partner is not a new idea. In fact, it’s a favorite avenue of cybercriminals. But that’s what makes it even more disturbing.
With the prevalence of ransomware rising, larger companies need to consider not only their own security, but the security of smaller partners. The standard of security should be the same across a company’s network. That standard should then extend to anyone doing business with them.
The law firm where the data compromise may have happened issued a statement. They say none of the patients’ information like social security numbers, birth dates, financial information and driver’s license numbers was misused. Unfortunately, once the data is taken, it’s impossible to follow all the avenues where the information could be used.
Anyone thinking their data may be being misused should set up credit monitoring and change any relevant passwords for financial institutions.
1,194 total views, 3 views today