Podcast Episode Details
Back to Podcast Episodes
Quest Diagnostics Data Breach, Google’s Network Outage, US Visa Applicants and Social Media Names
This is your Shared Security Weekly Blaze for June 10th 2019 with your host, Tom Eston. In this week’s episode: the Quest Diagnostics and LabCorp Data Breach, what happens to your smart devices when the Internet goes down, and US visa applicants now required to share their social media names.
Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Everyone ready for news about yet another massive data breach? Well, last Monday Quest Diagnostics (which is the world’s largest blood testing company) disclosed that a data breach affecting 11.9 million customers was due to a website breach of a third-party collections vendor called American Medical Collection Agency (or AMCA). This breach in particular was a little different because Quest uses a contractor (Optum360) which in turn uses another contractor, AMCA, for medical billing and collections. According to the SEC filing, the AMCA payment system was compromised on August 1st 2018 and was vulnerable until March 30th of this year. Information compromised included names, birth dates, address, phone number, dates of service, medical providers, and balance information. To make matters worse, LabCorp (who also used AMCA) disclosed later in the week that 7.7 million of their patients were also affected by this breach. LabCorp also indicated that about 200,000 people also had their credit cards and bank account information compromised as well. The only good news out of all this is that medical data and laboratory test results were not compromised.
What this latest breach shows us that companies like Quest Diagnostics routinely outsource functions like billing and collections to third-party companies. In this case it was a contractor of a contractor but in many similar breaches, we never know how far or how deep the rabbit hole may go with all these third-party relationships. Third-party security is very challenging for organizations, especially when there are multiple parties involved processing and storing customer data. One thing is clear, I think we’ve all had enough of free credit monitoring for 24 months and statements like “we take the security and privacy of your data seriously” type responses we always hear after every data breach. I know personally, I’d like to hear more statements like: we are doing the following things to make sure a breach like this doesn’t happen again. Perhaps it’s just a pipe dream but for now, I guess we continue to let the data breaches flow.
Last week Google had a major outage that affected YouTube, Gmail, G Suite, and several other services like Nest which by the way is now a Google owned company. While network outages are not that uncommon, in this case the outage caused Nest products to not function which left many customers without any way to control thermostats, security cameras, and other Nest products like their smart door locks. Now most of these devices have manual overrides in the case of an Internet outage, that is until they lose power or batt
Published on 6 years, 6 months ago