Cybersecurity Briefing: Significant Breaches and Vulnerabilities on March 24, 2018

Today, March 24, 2018, several significant cybersecurity incidents underscore the ongoing challenges organizations face in protecting sensitive data.

Commonwealth Healthcare Corporation Breach This morning, reports emerge of a breach at the Commonwealth Healthcare Corporation, where personal data and sensitive records were compromised due to vulnerabilities in the corporation's internal servers. This incident highlights the critical need for enhanced cybersecurity protocols within healthcare organizations, particularly as they manage sensitive patient information. The breach emphasizes the urgency for healthcare providers to adopt robust security measures to safeguard against such vulnerabilities, especially as the sector continues to digitize.

Phishing Investigation by HHS In a disclosure published earlier today, the U.S. Department of Health and Human Services' Office for Civil Rights announces the settlement of its first-ever investigation into a phishing attack. This investigation stems from an incident where unauthorized access to patient information occurred, further emphasizing the necessity for stronger email security protocols and comprehensive employee training. As phishing attacks become increasingly sophisticated, organizations must prioritize educating their staff to recognize and respond to these threats effectively.

Under Armour Data Breach Also making headlines is the data breach involving Under Armour's MyFitnessPal app. This breach affects approximately 1.5 million user records, with personal health data exposed. The incident was publicly disclosed in March 2018, underscoring the vulnerabilities associated with mobile applications that handle sensitive personal data. As the fitness and health industry continues to integrate technology into daily routines, the need for robust security measures is critical to protect consumer trust and privacy.

Orbitz Data Breach Additionally, reports indicate a significant breach impacting around 880,000 payment card records due to a vulnerability in a legacy system at Orbitz. This incident serves as a reminder of the risks associated with outdated technology and the importance of maintaining up-to-date security practices. Organizations must not overlook legacy systems, as they can serve as gateways for malicious actors if not properly secured.

These incidents collectively illustrate the persistent vulnerabilities faced by organizations in 2018, often resulting from misconfigurations and inadequate security measures. The growing threat landscape necessitates a proactive approach to cybersecurity management, where organizations must continuously adapt and strengthen their defenses against evolving cyber threats. As we move forward, the implications of these breaches highlight the critical need for organizations to prioritize cybersecurity in their operational strategies, particularly in sectors handling sensitive personal data.