Insurer: Breach Undetected for Nine Years
Dominion National Says Recently Discovered Incident Dates Back to 2010
Tom Walsh, president of consulting firm tw-Security, notes: “I am surprised that they detected it dating that far back. Most organizations do not retain audit logs or event logs for that long.
“Most disturbing is that an intruder or a malicious program or code could be into the systems and not previously detected. Nine years is beyond the normal refresh lifecycle for most servers. I would have thought that it could have been detected during an upgrade or a refresh of the hardware.”
Walsh adds that it is still unclear whether the incident is reportable under the HIPAA Breach Notification Rule. “They [Dominion National] were careful in stating that there is no evidence to indicate that data was even accessed,” he notes.
… “Review event logs on a routine basis – or better yet, monitor in real time using behavioral analytics or artificial intelligence systems,” Walsh suggests.
“There are security monitoring services available to assist with log review/monitoring. Dedicating a network engineer for the sole purpose of reviewing logs is not a good use of their time – thus, the growing service sector for log monitoring services.”