Third Party Data Breach Exposes 7.7 Million Patients

Home  »  Blog  »  Cyber Security  »  Third Party...

By Bill Minahan   |   June 12, 2019   |   0 Comments

LabCorp-Third-Party-Data-Breach19.6 million patients affected by data breach in last 2 days

LabCorp was the second medical testing company this week to fall victim to a data breach. The hack is the same one affecting their competitor, Quest Diagnostics. The two companies report a total of 19.6 million customers whose private and financial information have been compromised.

In their official statements’ Quest and LabCorp report that they were informed by American Medical Collection Agency (AMCA), a third party collection agency, of an unauthorized user who accessed personal information. The information breach includes certain financial data, Social Security numbers, and medical information, of millions of customers.

The breach is one of many plaguing companies in recent years. The Equifax hack of 2017 and the Yahoo attack of 2013 affected the private data of 143 million and 3 billion customers respectively.

Hackers gain access through third party vendors

The LabCorp and Quest Diagnostics breaches are similar to the Target hack of 2014 that affected 110 million customers. Hackers strategically attacked smaller and less secure third party vendors that had access to larger and more lucrative systems.  Target’s breach began when an employee at an HVAC company associated with Target fell victim to a phishing attack. The attack spread malware-laced emails capable of taking over its victims’ computers. The threat then gained access to Target and stole private financial data from over 100 million customers.

Security breaches of this scale are devastating to companies financially and for customers who trust them with their private information. Despite larger companies investing millions into security precautions, they’re still at risk from third party companies who don’t have proper cyber security programs in place. Data breaches caused by third parties are becoming more common.

Additionally, itComputer code cyber hack’s devastating for the third party vendors who often lose business after hackers gain access. Companies that don’t know how to defend themselves from cyber crime risk their customer’s private data, and therefore their trust. Quest Diagnostics and LabCorp have frozen all business with AMCA effective immediately. It highlights the need for vigilant  cyber security protocols at companies of all levels and sizes. Companies that seem like they have low-risk for cyber attacks can suffer the most from them because they’re unsuspecting and unequipped.

Data-breaches of this scale are likely to continue in coming years

In an ever-connected world, businesses rely on each other and are increasingly digitally linked. Unless the third party vendors with which giant corporations work with prepare themselves for security threats, we will likely continue to see shocking security breaches at this scale and frequency. Unfortunately, this is bad news for consumers, corporations, and the third party vendors they work with. Data breaches caused by third parties are preventable.

Nearly a week after the breach, attorneys in Florida have filed a class action lawsuit against Quest Diagnostics. The suit seeks justice for customers affected by the breach. The lawsuit states the breach “was a direct result of defendants’ failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect patient PII,”

Finally, if your business is at risk or you’re unsure if it is, it’s time begin the process of reducing your attack surface.  You don’t have to do it alone. Contact aNetworks today to ensure your company and customers’ are protected.