A cybersecurity startup exposed a hospital’s data without permission. The company used the hospital’s network to demo their software, and by doing so, it exposed sensitive information. What’s more, they never had permission to use the hospital in any way for demonstration purposes.
Sadly, your vendors may be your biggest risk – even if they are under contract to protect you. Our cyber security assessments and compliance audits often find unsecured connections used by IT consultants, web developers, accountants, and other third-parties when we review our client’s networks.
While the most well-known example of data exposure by a vendor is probably the Target breach, no organization is immune, regardless of size. A breach was reported in March by a healthcare company that discovered that its service providers were emailing files containing PII and health data without encryption, resulting in the company having to report the exposure and notify 644 patients.
Don’t forget to inventory the vendors who have access to your network or protected data. Having each vendor attest to their level of security and cyber practices may check the compliance requirement box, but we can assist with determining if additional testing should be required for vendors who create a major risk of exposure to your organization.