Data breaches are not uncommon these days as cybercriminals try to maximize every opportunity they can to get a hold of sensitive information. Back in April, we told you about DMSniff, a malware that targets small- and medium-sized business point-of-sale systems, specifically in the food, hospitality, and entertainment industry. Now, a major breach in the health care industry that could impact nearly twelve million patients of Quest Diagnostics.
Quest was first notified by the AMCA (American Medical Collections Agency), which describes itself as, “The leading recovery agency for patient collections,” when they saw unauthorized activity on their web payments page.
The firm representing the AMCA told NBC 4 in New York, “Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page.”
AMCA, which provides billing collection services to Optum 360, a Quest contractor, had information on their system that included personal information, financial data, social security numbers, and medical records. Those medical records did not consist of lab results.
According to a statement by Quest Diagnostics, “The company is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information. Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.”
In the case of this breach and many others, those responsible aren’t searching for the medical information, but rather the financial data that can be sold on the dark web.
No matter the size of the business, the best thing to do is be prepared. Cybercriminals are always trying to up their game and come up with the latest form of malware or threats. A study by Accenture states, “Malware and web-based attacks are the two most costly attack types with companies spending an average of $2.4 million in defense”. Here are several items to keep in mind when it comes to combatting cyber security.
- Plan ahead
- Eliminate blind spots
- Know your points of contact
- Find out your liability coverage
- Vet third parties
- Institute a dedicated response team
- Engage outside vendors
- Understand legal requirements
- Reduce security weakness with layers of tokenization and encryption
Data breach preparedness can be complex and the results could be catastrophic. Small Business Trends states, “43 percent of cyber-attacks are aimed at small businesses.” Understanding best practice solutions can help reduce the risk of such a breach and ensure that you are prepared in the event that one does occur.
Check out our January edition of the Reseller Edge newsletter where we discussed the importance of security with topics on PCI Compliance, an overview of data breaches and how they occur, and how to secure your POS system. In February we explored cybersecurity even more in-depth and how to save your merchants from data breaches.