A hospital figured out that it was sending unencrypted data over the internet before it was too late.
A hospital organization had a problem with unencrypted patient data being transferred online to a third-party medical record storage company.
A newly acquired clinic was using an outdated virtual desktop image to send patient data to a third-party vendor. By using the old image, the clinic unknowingly sent the data without encryption over the internet. That type of event could have led to a HIPAA violation ($408/record), and worse yet, unauthorized disclosure to cybercriminals.
Fortunately, the hospital had recently signed on for Critical Insight™ Managed Detection and Response with CI Security.
“Should a breach occur after an acquisition or merger, the newly integrated organization’s outcomes are significant. Fines for compromised patient records, lost revenue from the damage to the company’s reputation, and increased oversight from regulatory bodies are all outcomes bad outcomes that are avoidable.”
Fred Langston EVP of Professional Services and Healthcare Security
An analyst doing his standard daily threat-hunting spotted the issue before any damage was done. The analyst alerted the CI Success Engineer team, who quickly developed a Critical Insight IAP and alerted the customer with steps to immediately remediate the situation.
Executive VP of Professional Services at CI Security