Back to blog

Happy Holidays – Your Medical Lab Results Were Just Breached

Pathlock
December 13, 2016

Happy Holidays – Your Medical Lab Results Were Just Breached

The last thing anyone thinks about when undergoing medical tests at a lab is whether or not those results are safe. Unfortunately, 34,000 people found out that their information was breached at Quest Diagnostics. The company just announced that a hack occurred on November 26th using a vulnerability in the MyQuest by Care360 web application. The app is used by more than 300,000 doctors’ offices to manage patient data. The information included name, date of birth, lab results, and some telephone numbers. As of now, the company has found no malicious intent with the breach but that doesn’t mean it’s not coming. It’s pretty easy to see how this type of information can be used to blackmail the company or individual. It was a little over a year ago that a class action lawsuit was filed against Quest Diagnostics for another reported breach. In this case, the lawsuit alleged that hundreds of medical records were mistakenly being sent to a marketing firm but didn’t notify the affected patients. Whether it’s an external or internal threat, organizations have to go beyond cybersecurity solutions that may detect security events but are typically siloed and disconnected from the business risks. These solutions usually create countless low impact security alerts that drain IT resources as they address them. Unfortunately that time is wasted because the majority of these alerts have nominal business impact. They need to be able to correlate the business risk to security events and alerts in order to determine which ones need to be addressed because they can lead to an actual breach of their crown jewel assets. Start by clicking here to learn how your cyber posture compares to other leading organizations.