This Week in Breach: Quest Diagnostics
Exploit: Unauthorized network access
Quest Diagnostics: Clinical laboratory company with operations in the United States, the United Kingdom, Mexico, and Brazil.
Risk to Small Business: Severe: A collection firm partnering with Quest Diagnostics encountered a data breach that directly impacted nearly 12 million of the lab’s patients. In response, Quest is partnering with a third-party cybersecurity organization to ensure proper breach notification standards are followed. Even though the event precipitated at a separate organization, Quest Diagnostics will bear the financial and reputational burden of a data breach that has compromised the most sensitive information in people’s lives: the type that is related to their health.
Individual Risk: Severe: The scope of this incident is astounding, and it includes patient information, financial data, social security numbers, along with other medical data. While test results were not included in the breach, this extensive trove of valuable information can quickly make its way to the Dark Web, and those impacted by the breach should attain the services necessary to know what happens to their information after it’s compromised.
Customers Impacted: 11.9 million
How it Could Affect Your Customers’ Business: Caring for customers in the wake of a data breach should be any company’s top priority. Although Quest Diagnostics is working diligently to notify those impacted by the breach, much more is required to adequately make reparations. Since sensitive personal information has a significant market on the Dark Web, providing services to help customers understand what happens to their data is an excellent place to start.
In Other News: Phishing Scams Are Getting More Sophisticated
Phishing scams, already a significant headache for companies of all sizes, are becoming more complicated. A recent study found that nearly half of all phishing attacks are polymorphic, meaning that they can implement slight but significant changes to multichannel formats and become more difficult to detect or prevent.
For instance, polymorphic phishing scams will use different email addresses, content, subject lines, sender names, or other features. Therefore, recipients are forced to fend off various versions of the same attack.
Phishing scams, which are frequently used to deliver malicious malware and ransomware, rely on users’ ambivalence to be successful, and they are defendable with proper training and preparation from qualified MSPs. With polymorphic phishing scams on the rise, yesterday’s technical safeguards are being bypassed through sophistication, and the importance of cybersecurity awareness continues to grow in magnitude.