Healthcare Data Breach Costs Highest of Any Industry at $408 Per Record

According to a new study from IBM Security and the Ponemon Institute, the cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year. 

For the eighth year in a row, healthcare organizations had the highest costs associated with data breaches. The next highest industry was financial services with an average of $206 per lost or stolen record - half of what it cost the healthcare industry. The cost for healthcare organizations is also nearly three times higher than the cross-industry average of $148 per lost or stolen record.

LabCorp Breach May Have Exposed Millions of Medical Records

LabCorp, one of the nation’s largest medical diagnostics companies, is investigating a security breach that may have put health records of millions of patients at risk.

In a filing with the Securities and Exchange Commission, the company says it detected “suspicious activities” on its network over the weekend of July 14 and “immediately took certain systems offline as part of its comprehensive response to contain the activity.” 

Macy’s and Bloomingdales Reveal Two-Month-Long Data Breach

Macy’s and Bloomingdale's have informed online shoppers of a data breach that lasted nearly two months. 

According to a letter from Macy’s Inc., the department stores’ parent company, an unauthorized party reportedly used stolen usernames and passwords to log into the online accounts of certain Macys.com and Bloomingdales.com customers between April 26 and June 12. While it said only “a small number of our customers” were affected by the breach, it didn’t specify how many and said only that the data was obtained from an outside source.

Breadcrumb Presents at CalCPA Event

Invited as a guest speaker, Breadcrumb presented at a California Society of CPA’s Fresno chapter event. Highlighting risk and vulnerability within the financial sector, Breadcrumb CMO, Jennifer Guidry, outlined the current threats within the industry. To conclude the event, CEO, Brian Horton, performed a live-hack demonstration, highlighting the dangers of using free WiFi.

Tesla Sabotage Highlights the Risks of Insider Threat

A former Tesla employee used his access to the company’s network to steal “gigabytes” of highly sensitive data and transferred it to unknown third parties.

Tesla CEO, Elon Musk, sent an email to all employees late last Sunday night alleging that he had discovered a saboteur in the company's ranks.

Musk said this person had conducted "quite extensive and damaging sabotage" to the company's operations, including changing code to an internal product and exporting data to outsiders.

Breadcrumb Conducts Staff Awareness Training for Administrative Solutions, Inc.

This week, Breadcrumb Cybersecurity performed custom, healthcare centric training for Administrative Solutions, Inc. Our team highlighted the cybercrime landscape, compliance requirements, top hacking strategies affecting the healthcare industries, and prevention strategies for mitigating risk.

Administrative Solutions, Inc. (ASi), is a highly regarded Third Party Administrator (TPA) specializing in group benefits and related services since June 2001. ASi has positioned itself to be an all-inclusive TPA for employers of all sizes and is innovative in providing solutions to employee benefit plans. Based In Fresno, California, ASi provides services for employers across the country.

How Long Does It Take to Breach a Healthcare Network?

A recent survey of hackers, incident responders, and penetration testers revealed that the majority can gain access to a targeted system within 15 hours, but more than half of hackers (54%) take less than five hours to gain access to a system, and steal sensitive data. 

The data comes from the 2018 Nuix Black Report and its survey of 112 hackers and penetration testers, 79% of which were based in the United States.

It's Time to Stop Believing These 4 Cybersecurity Myths

Cybersecurity. In recent years, this term has officially became a household name. Rarely does a day pass without news of a cybersecurity breach wreaking havoc on an organization and its customers or patients. 

Luckily, these highly public breaches have led more small-mid size businesses to consider the threat that cybercrime may pose to their enterprise. In our experience, many of these organizations have a few misconceptions when it comes to developing a strong security posture. In order to defend themselves against the risks they face, organizations need to debunk these myths. Here are four of the most common myths:

New Colorado Breach Notification Rules Signed Into Law

If your company has customers in Colorado, you may need to revamp your policies for notifying victims of a data breach.

Last week, Colorado Gov. John Hickenlooper signed into law expansive consumer data legislation that mandates all organizations report breaches within 30 days, making it the most stringent in the nation.

The legislation updates the state’s current notification language that states notification must happen without “reasonable delay.”