Fallout Mounting From Recent Major Health Data Hacks
Post-Breach List of Affected Individuals Growing; More Lawsuits Filed
…”When an organization discovers it has been breached, it immediately begins a containment and eradication process,” said Wendell Bobst, a partner at consulting firm tw-Security. “Getting systems back online to restore revenue and image are usually the C-suite’s top objectives. Knowing what evidence to preserve and retain can take a back seat at the moment,” he said.
Another factor often relates to assumptions made about the extent of the impact and the determination of harm, Bobst said. “Some records may only contain name and address, while others may include Social Security number, date of birth, etc. The legal and notification processes begin. Meanwhile, forensics experts continue to look for clues, which may include the discovery of additional databases, reports/extracts and spreadsheet reports over the previous years.”
Finally, often organizations reporting suspicious activity begin looking to their third parties for answers, he said.
“The scope of the breach may get larger as the investigation continues. For example, initially it may be thought that only one or a few systems were accessed in an unauthorized manner, then it is discovered more were accessed,” Bobst said.
“This is especially true in cases where organizations do not have robust audit logging or have short log retention periods, hampering efficient investigation.”