The insurance industry has been consistently targeted for cyber attacks as of late, for good reason: sensitive data is at the heart of every process—from handling health insurance claims to archiving medical histories. And because medical records are worth ten times more than credit card information on the black market, firms handling said data are required to take extra precautions in bolstering information security. However, every once in a while hackers are granted freebies—as was the case recently with Systema Software, a small insurance claims management solution provider.
It’s unknown whether any cyber criminals were able to cash in on this data payload, but one thing is certain: software error was to blame—police reports, drug tests, detailed doctor’s notes, social security numbers, all left open and unsecured in the AWS cloud. The database backup was discovered by a security enthusiast casually combing through AWS subdomains for such an opening, and while it was determined that the data safe was from cyber criminals—how does one really know for certain?
Insurance and healthcare-related software providers are at the crossroads right now. Many legacy solutions have been ported to the cloud by software developers without fully understanding or addressing the security implications of cloud-enablement. Of course, solutions born-in-the-cloud are no more secure by default, either—a SaaS offering built from the ground up without proper continuous security mechanisms in play is as much a sitting target for exploitation as an application shoddily ported to the cloud.
Misconfigurations and undiscovered security gaps are the leading cause of criminal data theft. Systema may have lucked out in that a hobbyist—not hacker—discovered the flaw, but they aren’t out of the woods yet: potential HIPAA violations are being investigated for the company's negligence.
Such incidences can be avoided easily and cost-effectively with UpGuard’s platform for integrity monitoring and validation. Our solution gives both insurance/medical organizations and software providers the required mechanisms to ensure that their cloud infrastructures are free from security gaps, vulnerabilities, and misconfigurations. Give a test drive today—it’s free.
All the information needed to perform a CSR assessment is bundled into the UpGuard platform. Learn more about CSR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >