Exploit: Phishing attack
Florida Blue: Health insurance provider
Risk to Small Business: 2.2 = Severe: A phishing attack at one of Florida Blue’s third-party vendors successfully duped an employee into compromising patients’ personally identifiable information (PII). The event included less than 1% of Florida Blue’s members, but it shines a spotlight on the underlying cybersecurity vulnerabilities within third-party partnerships. Now, because of an event outside of their immediate control, Florida Blue will face intense regulatory scrutiny and suffer from less-quantifiable reputational damage in the wake of breach.
Individual Risk: 2 = Severe: Patients’ PII was exposed in the breach, including names, dates of birth, and prescription information. Florida Blue is offering free credit monitoring and identity theft protection for anyone impacted by the breach. Although Florida Blue doesn’t believe that patient data has been misused, these services will provide long-term oversight to ensure that patients’ credentials remain secure.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In today’s digital environment, cybersecurity needs to be a central component of any third-party partnership. Unprotected companies place your data at risk, potentially undermining your best efforts to secure infrastructure. In contrast, strong cybersecurity standards can serve as a competitive advantage, allowing companies to market their strong defensive posture as a reason to subscribe to their services.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
