This episode is a reminder that even minor vulnerabilities can have extensive consequences. In this case, accessing just a few email accounts compromised thousands of patient records, creating serious problems for both the victims and the company. Since healthcare organizations are explicitly charged with protecting this information, they need to take every precaution to make sure that their systems are secure. By monitoring where and how hackers use patient and employee information on the Dark Web, providers can offer lasting protection. (Read more about the week in breach)

This incident is a reminder of the difficulty of managing and maintaining an international IT infrastructure. Fortunately, Verint’s security software immediately detected the breach and made employees aware of best practices for combating a ransomware attack, but a lot more could have been done. Companies should invest in solutions that can proactively and continuously monitor hacker marketplaces for compromised employee or customer data. Especially in the case of companies conducting business in cybersecurity and IT infrastructure, the risk associated with damaged brand quality is too high.

Being able to rule out a credential stuffing attack is crucial to identifying the source of a breach. Without the help of an MSP or an MSSP that offers Dark Web monitoring solutions, it becomes incredibly difficult to track how compromised data is being leveraged by hackers. When developing digital platforms, companies of all sizes need to plan to protect their customer data by taking every precaution to ensure that their information is never compromised. (Read more about the week in breach)

Companies charged with handling personal health information (PHI) need a comprehensive understanding of their IT infrastructure, including potential vulnerabilities. Since HIPAA compliance and patient trust are both on the line, any company managing PHI should prioritize risk assessment and prevention. Employees should be the first line of defense, as they manage patient data on a daily basis, and they must be armed with proper cybersecurity awareness training to prevent future incidents.

The notion that this incident could be perpetrated by an insider threat is a reminder than any single employee can do significant damage to a company’s IT infrastructure. Having contingency plans in place is a veritable must-have, but companies should also be prepared to provide support to any individuals impacted by the breach.