United States - Select Health Network
Exploit: Unauthorized Email Account Access
Select Health Network: Indiana-Based Collection of Healthcare Providers
An employee’s compromised email account credentials were used to access sensitive data for thousands of patients. The data was accessed between May 22 and June 13, and it’s unclear why it took the company so long to identify the breach and to report it to patients. Regardless, a small vulnerability will likely result in a sizable blow-back in the form of regulatory scrutiny, brand erosion, and potential financial repercussions.
United States - PayMyTab
Exploit: Accidental Data Exposure
PayMyTab: Hospitality Payment Platform
Cyber-security researchers located an unsecured Amazon Web Services bucket that contained the personal data for tens of thousands of PayMyTab users. Notably, the data packet was exposed because PayMyTab personnel failed to follow Amazon’s security protocols. Fortunately, the error was discovered by white hat hackers and was reported to the company, but the bucket had been exposed since July 2, 2018, giving bad actors plenty of time to locate and exploit the information first.
United States - Solara Medical Supplies
Exploit: Compromised Email Account
Solara Medical Supplies: Supplier of Diabetes-Related Treatment Products
An unauthorized third-party gained access to several employee accounts containing patient and employee data. The breach was first discovered on June 20th, and the compromised data was exposed between April 2nd and June 20th. In response, the company reset account passwords, and Solara is updating its policies to ensure that a similar scenario doesn’t occur again in the future. Unfortunately, such maneuvers won’t help patients whose data was already stolen in the breach. Moreover, the company’s lengthy response time will certainly invite increased regulatory scrutiny while giving consumers fodder for criticism during the recovery effort.