What do a state government agency, a healthcare services provider, a multinational law firm, and a beloved Canadian financial institution all have in common? While this sounds like the setup to a corny punchline, the answer is no joke: They’ve recently been breached. In fact, companies across every industry are finding themselves victims of data breaches stemming from employee fraud, cybercrime, and even state-sponsored attacks. It no longer matters what business you’re in: If you work in the IT department, you need to immediately formulate strategies and processes around data breach prevention, detection, and response.
Each day, dozens of data breaches take place, exposing millions of records. Here are just a few recent incidents across industries:
- The Oregon Department of Human Services reported that more than 645,000 Oregonians had their personal data compromised, with lost data including HIPAA-protected information like names, addresses, dates of birth, Social Security numbers, case numbers, and protected health information (PHI). The breach took place thanks to a spear-phishing email campaign that led to nine employees giving out their user credentials to hackers, allowing access to more than two million emails within the department and associated PHI for 19 days before the hack was discovered and compromised accounts were secured.
- Wolverine Solutions Group, a third-party contractor of mailing and other services for hospitals and healthcare companies, was the victim of a ransomware attack that targeted servers containing more than 600,000 patient records for hundreds of hospitals and sub-entities, including Blue Cross Blue Shield of Michigan. While there is no indication hackers stole customer data, the company still had to mail out letters to all patients whose data was potentially exposed, along with paying for free credit monitoring.
- Hundreds of commercial insurance policyholders of global specialist insurer Hiscox had their data compromised when hackers specifically targeted an unnamed U.S. law firm that had previously worked with the insurer, itself a major provider of cyber insurance. The hack exposed information stored on the law firm’s servers, compromising the data of up to 1,500 policyholders.
- Canadian financial institution Desjardins had the personal financial records of 2.9 million individual and business members exposed due to unauthorized access of internal data by an employee. Data exposed included each client’s name, date of birth, social insurance number, address, phone number, email address, and banking habits.
Protecting Sensitive Data Is Your Responsibility
These data breaches occurred weeks before they were discovered. It then took each company hundreds of hours and major expenses to fix the breach, notify customers, pay for identity theft monitoring services, deal with law enforcement, and manage questions from concerned customers.
In industries like government, healthcare, financial services, and the legal sector, organizations are responsible for particularly sensitive customer data, including patient data, credit card numbers, Social Security numbers, and the trade secrets of clients. Such organizations are targeted by hackers of all sizes who know these industries represent a target-rich environment filled with data that fetches top dollar on the black market. As an organization operating in this environment, you have an ethical obligation and a legal responsibility to do everything you can to monitor, detect, and respond to threats.
The Value of a Security Operations Center
A security operations center (SOC)-as-a-service like Arctic Wolf’s helps keep companies protected through a combination of machine learning and human expertise. Threats and vulnerabilities are analyzed in real-time, around the clock, to help IT evaluate and prioritize risks. It gives 24/7, on-demand access to a dedicated Concierge Security™ Team of experts who function as an extension of your IT and security teams.
As a result, you can lower your risk of becoming the next data breach headline while gaining the ability to respond to breaches in minutes instead of weeks.
Discover how your organization can gain access to the required people, processes, and technology that make up SOC-as-a-service by downloading the Definitive Guide to SOC-as-a-Service.