What the Presbyterian Healthcare Breach Can Teach Our Businesses

If they can’t secure their email, what makes you think you can?

Pres Healthcare suffered a breach of customer information in May of this year. As is their obligation under the New Mexico Breach Notification Statute, they have published information on when and how the attack occurred and how many records were affected. Here’s what we do know:

  • Around May 6, 2019, several Presbyterian Healthcare Services employees received phishing emails and inadvertently gave over their passwords to the attackers
  • The breach was not discovered until over a month later on June 9th
  • The breach affected approximately 21% of Presbyterian Healthcare Services patients and plan members or approximately 183,000 Patients
  • What is the remedy for these types of breaches? Patients have been advised to monitor their accounts and explanation of benefits statements carefully for any sign of fraudulent activity. And honestly, that’s really all they or anyone can do. There’s no way to predict when and where these breaches will be used in a fraudulent way towards those 183 thousand individuals.

    I bring this story to your attention only to highlight two aspects of this story.

  • That basic email protections like 2 factor authentication are a must for your organization to begin to gain control over security. It was the pathway for these attackers and it could be the pathway into your business.
  • It took over a month for these attackers to be discovered.
  • How much damage could be done with a month hiding out in your emails?

    Don’t wait! Enable two factor today! Call me if you don’t know how.