New York Hospital Suffers Data Breach Resulting in the Leak of Thousands of Patient Records

Media Division | May 11, 2017

Data breaches have continued to become a much more common occurrence in our digital age.  Being that we have more data than ever held within databases and cloud storage, this opens up the ability for hackers to potentially target it in cyber attacks.  Most organizations typically have properly fortified cyber security to prevent these types of attacks, but in other cases, a cyber attacker is able to exploit a potential vulnerability and access the data.  In a recent data breach, unauthorized access to a database of the Bronx Lebanon Hospital Center in New York led to the exposure of at least 7000 people’s medical records.

Details of the Incident

According to Bob Diachenko, a researcher with Mackeeper, the data breach resulted from a misconfigured backup server that was hosted by iHealth, a company which provides record management.  The exposed records contained data from 2014-2017 and included a plethora of information, such as names, addresses, religious associations, and medical history. A statement from the hospital to NBC News had said that the iHealth server had been targeted by a third party hack and that the hospital and vendor had taken immediate steps to then ensure the data was protected.  They also said that iHealth is working with a security firm to verify the analysis, but that the issue has been resolved. Apparently, there had only been one person who accessed the data without authorization, but it was also uncertain as to how long the data had been exposed.

Breaches of Unsecured Servers and Databases

This year alone, there has been a multitude of data breaches as a result of unsecured or misconfigured databases.  These types of breaches are realistically unacceptable, as properly securing these databases that contain valuable digital assets is a basic security point. Blatant errors like this simply display negligence in the setup and maintenance of these databases.  Even in the cases where the breach is a third party vendor, the organization that owns the data is also responsible, as they should ensure the security of the vendors that they work with.  While it may seem easier to simply point the finger at the third party, the organization holds the responsibility of having trusted their data with the vendor, and this cannot be brushed off by simply redirecting the blame.

The Importance of Comprehensive Data Breach Solutions

With the increased prominence of data breaches in our modern age, it is important that an organization is properly fortified against potential attacks, as well as prepared for the event of a successful breach.  Those who do not have a plan for the event of a breach often find themselves scrambling when they fall victim to one.  Of course, the most ideal situation is that breaches are prevented, but an organization needs to have data breach solutions in place in the event that they do suffer a breach.  This allows them to be able to quickly mitigate and remediate the situation.  This could include patching and addressing the immediate vulnerability, as well as tracing the source of the breach.  An organization must display to their public that they are properly addressing the breach, otherwise trust and reputation can be destroyed.  Massive Alliance’s data breach solutions can help an organization to locate and remove the leaked data from the web, trace and eliminate the threat, and much more.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.