- A+
The apparent cause is the hacking suffered by a third party provider明显的原因是第三方提供商遭受黑客攻击
Digital forensics specialists from the International Institute of Cyber Security have reported a new massive data breach incident.国际网络安全研究所的数字取证专家报告了一起新的大规模数据泄露事件。 This time, the victim is Atrium Health , wellness and health program provider, formerly known as Carolinas HealthCare Systems.这一次,受害者是Atrium Health ,健康和健康计划提供者,以前称为Carolinas HealthCare Systems。
After AccuDoc Solutions , one of its third party providers, was hacked, Atrium Health announced that about 2.65 million patient records might have been compromised.在其第三方供应商之一AccuDoc Solutions遭到黑客攻击后,Atrium Health宣布约有265万份患者记录可能遭到入侵。 Information that may be exposed includes patients' insurance policy data, medical file number, bills, address, dates of birth, and social security numbers.可能暴露的信息包括患者的保险单数据,医疗档案号,账单,地址,出生日期和社会安全号码。
“Third-party risk management is not a single security matter, this kind of incidents is important due to the increase in severity and frequency with which they are presented, affecting the growth of organizations that use this joint work model”, says George Wrenn, cybersecurity and digital forensics specialist. “第三方风险管理不是一个单一的安全问题,这种事件很重要,因为它们的严重程度和频率都会增加,影响使用这种联合工作模式的组织的增长”,George Wrenn说,网络安全和数字取证专家。
“Each party involved must have the necessary information to take appropriate actions0. “所涉及的各方必须拥有采取适当行动的必要信息。 Organizations must have the best risk management methods involved in managing high volumes of data”, adds the expert.专家补充说,组织必须拥有管理大量数据所涉及的最佳风险管理方法。
According to the statement released by AccuDoc and Atrium Health, both organizations had relevant security measures.根据AccuDoc和Atrium Health发布的声明,两个组织都有相关的安全措施。 When AccuDoc discovered unauthorized access to their systems, the company's executives ordered a digital forensics investigation to “ensure the protection of the compromised databases and improve the established security controls”.当AccuDoc发现未经授权访问其系统时,该公司的管理人员下令进行数字取证调查,以“确保对受损数据库的保护并改进既定的安全控制”。 The company informed Atrium Health about the incident on October 1st.该公司于10月1日向Atrium Health通报了此事件。
The organization keeps monitoring its computer systems hoping to detect some indication of new anomalous activities.该组织一直在监控其计算机系统,希望能够发现一些新的异常活动迹象。 AccuDoc also mentions that, so far, they have no evidence to confirm that personal information has been extracted from their systems. AccuDoc还提到,到目前为止,他们没有证据证明个人信息是从他们的系统中提取的。
Atrium Health, on the other hand, has its own digital forensics research team, which is conducting a review of their systems independently of AccuDoc's research;另一方面,Atrium Health拥有自己的数字取证研究团队,该团队正在独立于AccuDoc的研究对其系统进行审查; both organizations are in contact with the FBI for any new signs of malicious behavior in their systems.两个组织都与FBI联系,以了解其系统中任何新的恶意行为迹象。
“Just when we thought that the protection of personal data in the healthcare sector showed signs of improvement, data breach in Atrium Health arrived, thus 2018 have been consolidated as a year of records in terms of health cybersecurity incidents”, says Pravin Kothari, information security specialists. “正当我们认为医疗保健领域的个人数据保护显示出改善的迹象时,Atrium Health的数据泄露已经到来,因此2018年在健康网络安全事件方面已经被整合为一年”,Pravin Kothari说,信息安全专家。