June 3, 2019

Hundreds of Millions More People Exposed

It seems that you can’t wake up and read the news without seeing another headline proclaiming millions or even hundreds of millions more people affected by some form of data or information breach.

Latest Victim: Quest Diagnostics

Trusting a vendor with your information is also extending that trust to every one of their vendors and selected security technologies. In the latest breach to hit the news it was the billing collections vendor that was the weakest link. A CNBC article titled “Quest Diagnostics says 11.9 million patients’ financial and medical information may have been exposed in data breach” reported:

“In a filing with the Securities and Exchange Commission, Quest said a billing collections vendor, American Medical Collection Agency, notified it last month of potential unauthorized activity on AMCA’s web payment page. AMCA provides billing collections services to Optum360, which is a Quest contractor. An unauthorized user had access to the system between Aug. 1, 2018, and March 30, 2019, Quest said. 

The system contained sensitive data, including credit card numbers, bank account information, medical information and Social Security numbers, Quest said. Lab results were not provided to AMCA and were not exposed in the breach. AMCA thinks 11.9 million Quest patients were affected as of May 31, 2019, Quest said.”

So, in this case, even if you trusted Quest Diagnostics, it was their vendor AMCA that opened the door to lost identity information.  This is a common problem across all industries.

Another Victim: First American Financial Corp

Not to be outdone by the healthcare industry, it appears that there are much bigger stakes in the financial markets, specifically mortgage documents. KrebsonSecurity recently published a blog titled “NY Investigates Exposure of 885 Million Mortgage Documents” that reported:

“On May 24, KrebsOnSecurity broke the news that First American had just fixed a weakness in its Web site that exposed approximately 885 million documents — many of them with Social Security and bank account numbers — going back at least 16 years. No authentication was needed to access the digitized records.”

As you can imagine, the amount of personal identifiable information exposed in both of these breaches combined with some simple password cracking utilities evadible on the web and you have the recipe for a cascading effect of damage.

An Ounce of Prevention 

Given the definition of futility is doing the same thing and expecting a different result, it is time for you to stop the failed password strategy and move on to a new password-less solution of continuous authentication. Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

Download the Enterprise Management Associates’ Ten Priorities For Identity Management in 2019 today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.

 

Download EMA Top 3 Identity Management Report

identity Access Management data breach continuous cognitive authentication