Atrium Health data breach exposed 2.65 million patient records | ZDNet
The security incident also exposed an estimated 700,000 Social Security numbers.
Between September 22 and September 29, an unauthorized threat actor was able to gain access to databases containing the records, which included names, home addresses, dates of birth, insurance policy information, service dates, medical record numbers, and account balances.
John Callahan, CTO of Veridium:
“Health credentials are worth more on the dark web than other credentials. This is where fraud has moved to. The Atrium Health breach is another proof point that shows privileged access management (PAM), like database access, needs to be carefully managed with escalated authentication requirements and multi-party approval. For example, consent from your admin and/or supervisor.”
“Most vendor risk management (VRM) audits include a survey of physical and information security tools, training and practices including identity verification and authentication of vendor employees and their contractors who have access to client data, on-boarding, off-boarding, and access control list procedures. Such audits are important for product and service vendors but VRM is especially critical when using SaaS vendors.”