Heart Disease Treatment Center Pwned By Hackers

The South Denver Cardiology Associates (SDCA), a US heart disease treatment center, has filed a data breach notice admitting that an unnamed attacker broke into their systems sometime between January 2 and January 5, accessing confidential data of 287,000 individuals. The data exposed included patients’ names, DOBs, drivers’ license numbers, health insurance info and clinical info including diagnoses, types of services and physician names. In other words, everything that a cybercriminal needs to steal identities.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“The cyber assault on the healthcare industry continues even as the pandemic is at least temporarily easing out. Our healthcare institutions have very unique requirements in terms of technology, processes and unfortunately with higher regulatory scrutiny and more constrained IT and security budgets. The amount of sensitive information collected and stored is enticing for threat actors to find ways to compromise these organizations more actively than many others. Security teams with constrained resources and budgets must look for solutions with advanced analytics and trained (non-rule-based) machine learning capabilities that can look at any device and any application out of the box without a lot of customization and rapidly understand attacks targeting user data or attempting to detonate ransomware. Another key factor is that these institutions process large volumes of data and security solutions that scale based on users and assets can significantly lower costs across the board while improving visibility. This can help teams with limited resources more rapidly find and prioritize critical security events and reduce overall operational expense over time.” 

I’d be very worried if I were one of the 287,000 individuals that’s involved in this hack. And on top of that, I really have to wonder what SDCA is actually doing to prevent something like this from happening again. Because saying “To help prevent something like this from happening again, we are taking steps to enhance our security measures.” without providing details about why their patients should trust them again isn’t good enough, and their FAQ doesn’t help either.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: