A human error caused by information technology vendor Inmediata Health Group is reported to have led to the leak of health data related to more than 1.6 M Puerto Ricans. However, the healthcare services provider says that there is no evidence that the data was scraped and sold on the dark web or used for malicious purposes.
Cybersecurity Insiders says that Inmediata used to operate a healthy database of information related to the populace of the Caribbean Island located in US territory. In the first month of this year, the IT staff of the healthcare administrator became aware that the protected data was available for viewing online as search engines like Google started to index the internal WebPages used for business operations- all due to a configuration error caused by the company’s admin staff.
In Feb ’19 the company launched an internal investigation on the security lapse and also reviewed its security posture. It discovered that the data files were never copied or saved onto any media or cloud storage which means that the data remained isolated from the reach of hackers.
Inmediata has taken the initiative to inform its customers about the potential breach which took place early this year.
Data such as social security numbers might have been compromised in the cyber incident and all those whose data was exposed will be informed the details about the incident and the protective measures they have to take after the incident.
“As many vendors underestimate the sophistication of hackers they put the data at risk in the systems as they provide insufficient controls”, says Holger Schultz, Founder, and CEO of Cybersecurity Insiders.
Mr. Schultz added that organizations especially those operating in healthcare and finance should have well framed administrative and technical controls at the server level to act as a barrier and protect the network from cyber attacks.