HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

Safeguarding privacy amidst increasing data breaches

Written by Farah Amod | Sep 23, 2024 10:06:50 AM

The year 2024 has seen a notable increase in data breaches, with many companies and institutions falling victim to cyberattacks. These incidents have impacted multiple sectors, from healthcare to automotive, putting the personal information of billions at risk. This overview will cover the major breaches of the year, explore emerging trends, and offer practical tips for protecting your privacy.

 

The National Public Data breach

One of the most shocking data breaches of 2024 was the attack on National Public Data, a company responsible for conducting background checks. The hackers, a group known as ASDoD, managed to gain access to 2.9 billion records, including Social Security numbers, full names, and addresses. Characterized as one of the largest breaches in history, it has the potential to impact most of the American population. The lawsuit against National Public Data alleges that the company's negligence in securing its database was the primary cause of this incident.

 

The Ascension ransomware attack

In the healthcare sector, the Ascension ransomware attack stands out as a prime example of the consequences of cybercrime. Ascension, a major healthcare system with 140 hospitals across 19 states, experienced a disruption in May due to malware from an employee download. The incident resulted in the temporary closure of emergency rooms and the redirection of patients. Hackers accessed seven out of Ascension's 25,000 servers, and the full extent of the data breach remains under investigation. While Ascension initially reported that 500 individuals were affected, the final count is expected to be around 13.4 million.

 

The CDK global attack

The data breach at CDK Global, a leading provider of software solutions for car dealerships, serves as a cautionary tale for the entire automotive industry. In June, CDK experienced back-to-back cyberattacks that forced the company to shut down its systems. The disruption had an impact on dealership operations, with one Lexus dealership in New Jersey reporting a 50% drop in new car sales during the month. Rumors suggest that the ransom payment to the attackers was in the tens of millions of dollars, proving the financial toll of such incidents.

 

The AT&T breach: A widespread compromise

In July, AT&T disclosed that hackers had stolen data from "nearly all" current and former customers, including phone call and text message records from May 2022 to October 2022, as well as January 2023. While AT&T has not confirmed the details, reports suggest that the company paid a $370,000 ransom to the hackers to delete the stolen information.

Read more: The rise of data breaches in 2024: 1 billion records stolen and counting 

 

Other major breaches

The year 2024 has seen several other high-profile data breaches, each with its own unique impact. These include:

  • Advance Auto Parts (July): Personal information of over 2.3 million individuals was stolen.
  • Roku (April): Hackers accessed around 591,000 accounts through credential stuffing.
  • Truist Bank (June): Hacking group Sp1d3r stole information about 65,000 employees.
  • Tile (June): The breach at Life360, the company behind Tile tracker devices, exposed names, addresses, phone numbers, and device identification numbers.
  • Ticketmaster (June): This breach impacted 560 million customers, including names, addresses, phone numbers, email addresses, order history, and partial payment information.
  • Dropbox (May): Attackers accessed Dropbox Sign's development environment, compromising customer information.
  • TeamViewer (July): Employee directory data, including names and encrypted passwords, was exposed.

Read also: Healthcare data breach insights and statistics 

 

Protecting yourself 

As cybersecurity threats grow more severe, individuals need to take steps to protect their personal information. Here are some strategies to consider:

 

Scrutinize healthcare communications

Receiving an explanation of benefits or a bill for services you did not receive should prompt immediate contact with your healthcare provider and insurance company. Such occurrences could signal misuse of your healthcare benefits.

 

Exercise caution with email requests

Be wary of any email or text message that seems overly urgent or suspicious. It's always better to slow down and verify the legitimacy of the request, even if it means making a phone call.

 

Beware of old friends reaching out

If you receive a message from someone you haven't spoken to in a long time, take the time to confirm their identity. Hackers may use stolen personal information to impersonate acquaintances and gain your trust.

 

Maintain a list of exposed data

Keeping a record of companies that have experienced data breaches and staying alert to any suspicious references to this information can help you identify potential attempts at identity theft or fraud.

 

Update credentials and freeze your credit

Even if you weren't directly involved in a breach, it's prudent to update your banking and credit card login credentials. Additionally, consider freezing your credit to prevent scammers from opening new accounts in your name.

Related: What hackers really do with stolen patient data 

 

Proactive measures to safeguard your health data

While the aftermath of a healthcare data breach can be daunting, you can take proactive steps to enhance the security of your personal information and reduce the risk of future breaches. Start by prioritizing strong password practices: use unique, complex passwords for all online accounts and consider a password manager for secure storage and generation. Enabling multi-factor authentication can further strengthen your security.

Be cautious sharing personal information by providing only what is necessary and avoiding unnecessary disclosures. Stay vigilant by regularly reviewing your credit reports, monitoring accounts for suspicious activity, and staying informed about cybersecurity threats. Enroll in identity theft protection services if needed.

Finally, advocate for stronger data protection by engaging with healthcare providers and policymakers to support data protection policies. Encourage investment in advanced cybersecurity measures and transparency regarding data breaches.

 

What can Paubox do?

Paubox's suite of inbound security solutions is designed to reduce the risk of data breaches through advanced email security features. ExecProtect prevents display name spoofing by isolating fraudulent emails before they can compromise sensitive information. GeoFencing adds an extra layer of protection by filtering emails based on their geographical origin, thereby reducing the risk of breaches from known sources of malicious activity.

DomainAge helps identify potential threats from newly registered domains, which could be used in phishing attacks aimed at data theft. The AI-powered Blacklist Bot enhances security by dynamically updating blacklists to block known malicious senders. Combined with its malware, virus, and ransomware protection, Paubox ensures that harmful content is blocked before it infiltrates an organization, safeguarding against potential data breaches.

 

FAQs

What is a data breach?

A data breach occurs when sensitive, protected, or confidential data is accessed, disclosed, or stolen by unauthorized individuals. This can include personal information such as names, social security numbers, credit card details, and medical records. Data breaches can occur through various means, such as hacking, malware attacks, insider threats, or inadequate security measures.

 

Can legal action result from a data breach?

Yes, legal action can result from a data breach, as affected individuals or organizations may sue for damages caused by the breach.

 

How can healthcare organizations prevent data breaches?

Healthcare organizations can reduce the risk of data breaches by implementing strong cybersecurity measures, conducting regular employee security training, and using encryption to protect sensitive data. 

 

What should a healthcare organization do immediately after discovering a data breach?

Upon discovering a data breach, a healthcare organization should contain it, assess the scope of the impact, notify affected individuals and relevant authorities, and begin an investigation to understand how the breach occurred and how to prevent future incidents.

Learn more: HIPAA Compliant Email: The Definitive Guide.