Massive data breach affects SD COVID-19 patients
A division of the SD Department of Public Safety, the Fusion Center, is letting people who tested positive for COVID-19 know they may be the victims of a massive data breach.
Laurence Pitt, global security strategy director at Juniper Networks, said, “This is quite shocking that such sensitive data relating to emergency responders and people with Coronavirus was being stored in a way that it could be stolen and abused from a breach. Either this information was stored unencrypted or with a simple encryption that was simple for the hackers to break. With public awareness of breaches, ransomware and malware, this behavior from a web-development firm is not acceptable. If they were part of my supply chain, I would be taking a look at alternative options. At the same time, this breach shows that it is not possible to outsource data compliance. Engaging a third-party in the supply chain is not as simple as signing a contract. In the digital world, there is also a duty requirement to ensure that any company that is part of your supply chain is compliant, secure and open to being regularly checked and tested. A breach/break at any point is a risk to all organizations making up the chain.”