Breach Report 2019 – July

by Sarah Harvey / July 31st, 2019

Regardless of the size or industry of organizations, every month there is headline after headline reporting about new data breaches. Whether it’s a ransomware attack, a negligent employee opening a phishing email, or a state-sponsored attack, millions of individuals are impacted by data breaches and security incidents on a regular basis. Let’s take a look at some of the top data breaches that occurred during July and the lessons we…

Business Associate Due Diligence: Lessons Learned from AMCA

by Sarah Harvey / July 5th, 2019

In most healthcare settings, third parties are relied upon to provide secure offerings to assist covered entities in providing quality, secure healthcare services.  Covered entities ultimately bear the responsibility of validating their third party security standards, however, covered entities often times still fall short in ensuring that business associates guard protected health information (PHI) against advancing cybersecurity threats. In one of the most recent cases, Quest Diagnostics, one of the…

Breach Report 2019 – June

by Sarah Harvey / June 27th, 2019

Regardless of the size or industry of organizations, every month there is headline after headline about new data breaches. Whether it’s a ransomware attack, a negligent employee opening a phishing email, or a state-sponsored attack, millions of individuals are impacted by data breaches and security incidents on a regular basis. Let’s take a look at some of the top data breaches that occurred during June and the lessons learned from…

Wipro’s Data Breach: A Valuable Lesson for Managed Service Providers

by Sarah Harvey / June 25th, 2019

In mid-April, KrebsOnSecurity reported that Wipro, one of India’s largest IT managed service providers, experienced a data breach impacting hundreds of thousands of their clients. The cause? An advanced phishing attack effecting a handful of employee accounts. These phishing attacks were then the gateway malicious hackers needed to target Wipro’s customers. What can we learn from this data breach? It all comes down to the need for effective third-party risk…

Web Application Vulnerability Leads to Compromised Data

by Sarah Harvey / April 8th, 2019

Georgia Tech Data Breach Last week, Georgia Tech announced a vulnerability in a web application that compromised 1.3 million individuals’ information, spanning from current students to alumni to employees. The vulnerability allowed unauthorized, third party access to a central Georgia Tech database. The university hasn’t released many details yet, but we do know the basics of the incident. The Georgia Tech data breach was found in late March but the…