Hi, what are you looking for?
When the admin console is accessible via the Internet, it’s only a matter of time before data is breached.
By
Published
A significant data breach has impacted the healthcare giant Community Health Systems (CHS). This is to the extent that up to one million people have been impacted. The data breach has been identified as arising from file-transfer software called GoAnywhere MFT, developed by Fortra.
“As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company’s affiliates were exposed by Fortra’s attacker,” according to a spokesperson from Community Health Systems.
Looking into the matter for Digital Journal is , Almog Apirion, CEO and Co-Founder of Cyolo.
For Apirion this issue represents another cyber-swipe against the healthcare and medical communities. This sector represents a continual target for those seeking to capture personal data.
As Apirion explains: “Healthcare organizations are unfortunately no stranger to cyberattacks and data breaches. Institutions like Community Health Systems (CHS) are an attractive target for threat actors due to their troves of personal information and their reliance on third parties both for cybersecurity and other aspects of their work.”
In terms of the mode of attack, Apirion describes: “The reality is that when hackers exploit vulnerabilities in third-party security tools, the lives and privacy of patients are put at risk. Interoperability is vital for successful healthcare delivery, so a Managed File Transfer (MFT) is a needed solution.”
MFT is a technology platform that allows organizations to reliably exchange electronic data between systems and people in a secure way that goes someway to meeting business compliance needs.
There are inherent weaknesses, as identified by Apirion: “When the admin console is accessible via the Internet, it’s only a matter of time before data is breached. Any connection to a sensitive data source must be properly managed and secured.”
There are measures that healthcare institutions could and should adopt. Apirion defines these as: “Zero-Trust Access strategies should be employed to support the needed connections, especially between care delivery partners. This is especially useful when critical applications, like MFT, need to be connected to the Internet.”
In outlining the benefits of these types of approaches, Apirion surmises: “Having the ability to restrict access and keep the application hidden will go a long way to preventing this type of breach in the future.”
Dr. Tim Sandle is Digital Journal’s Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.
Baidu’s ‘Ernie Bot’ was unveiled at a press event in Beijing – Copyright AFP/File Jade GAOChinese search engine company Baidu’s shares fell as much…
Bread and potatoes: a man buys food at a cut-price Red Cross shop – Copyright AFP/File Daniel ROLANDViken KANTARCIIt’s not yet 6 am and…
The EU has already committed to invest hundreds of billions of euros in green tech including solar panels – Copyright AFP/File Kazuhiro NOGIRobin MILLARDThe…
Global action against TikTok, owned by Chinese firm ByteDance, kicked off in earnest in India in 2020 – Copyright AFP Fabrice COFFRINIJules BONNARDTikTok’s breakneck…
COPYRIGHT © 1998 – 2023 DIGITAL JOURNAL INC. Sitemaps: XML / News . Digital Journal is not responsible for the content of external sites. Read more about our external linking.
Leave a Reply