shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Lake County Health Department

      Jul 23, 2021 11:51:31 AM

      The target: Lake County Health Department, a Chicago-based centre for management of health services.

      The take: Exposure of name, date of birth, phone number, email address, and Covid-19 vaccination status for over 700 patients.

      The attack vector: The data was exposed through an unsecured Google sheet saved on an employee’s private Google Drive account which was being accessed by company employees.

      This breach is a critical reminder of the importance of robust security controls wherever customer data is concerned. Using private services poses a great threat as these are not subject to a company’s cybersecurity standards, and nor are their authentication controls in place. It also exposes the data to credential stuffing attack. If the employees personal account was compromised anywhere else, access to the company data is now at risk. Strict separation between personal and professional IT systems is critical for maintain an accurate picture of access and control.

      Read more...

      Topics:Know Your Breach

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates