As Data Breaches Proliferate, New NIST Playbook Offers Recovery Tactics

data breach

Data breaches can have far-reaching impacts on operations, finances and reputations. 

And the impact and frequency of data breaches are only increasing as bad actors seek out new vulnerabilities in organizational infrastructures, exploiting weaknesses to gain unauthorized access to sensitive data. 

Just look at the disastrous downstream impact that suspected ransomware gang Blackcat’s cyberattack targeting UnitedHealth Group’s technology unit, Change Healthcare, has had on the broader U.S. pharmacy and healthcare ecosystem, as PYMNTS reported last week. 

Now entering its seventh day (Tuesday, Feb. 27), more than 100 Change Healthcare services, including benefits verification, claims submission and prior authorization, have been shut down. As a result, pharmacies and healthcare systems on the Change Healthcare platform have been forced quickly set up either modified electronic claims processing workarounds, or turn to offline processing systems.

“The Change Healthcare breach serves as a sobering reminder of the critical importance of proactive cybersecurity strategies and collaborative efforts to mitigate the risk of data breaches. Strengthening cybersecurity protocols, enhancing employee training, and fostering a culture of cybersecurity awareness are essential steps in safeguarding against the pervasive threat of data breaches and preserving the confidentiality, integrity, and availability of sensitive information,” Lisa Plaggemier, executive director of the National Cybersecurity Alliance (NCA), told PYMNTS. 

In an email provided to PYMNTS, Change Healthcare estimated more than 90% of the nation’s 70,000+ pharmacies have modified electronic claim processing to mitigate impacts from the cyber security issue; the remainder have offline processing workarounds.

“Since identifying the cyber incident, we have worked closely with customers and clients to ensure people have access to the medications and the care they need. We also continue to work closely with law enforcement and a number of third parties … on this attack against Change Healthcare’s systems,” a Change Healthcare representative commented to PYMNTS. 

This, as the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has published a new report titled “Data Confidentiality: Identifying and Protecting Assets Against Data Breaches,” meant to help organizations in security-critical industries detect, respond and recover from a data attack. 

Read moreAttack Vectors 2024: Scaling Effective Cyber Hygiene Throughout Your Business 

The Digital Threat Landscape Continues to Expand

Last year saw cyberattacks on the U.S. health system grow in both volume and sophistication, with health facilities being struck by 226 digital attacks affecting 36 million people by the middle of the year.

And the Change Healthcare breach is far from the only major cybersecurity incident reported recently. 

LoanDepot suffered a January data breach, reported Friday (Feb. 23), that affected 16.9 million customers. Moving and storage company U-Haul also reported on that same Friday that it had experienced a data breach in December of last year affecting around 67,000 of its customers across the U.S. and Canada. 

Also in December of 2023, Sony-owned video-game studio Insomniac suffered its own breach; while VF Corporation, the owner of VansThe North FaceTimberland and Dickies, suffered a Dec. 13 cyberattack that disrupted its holiday order fulfillment workflows. 

In our data-driven world, organizations must prioritize cybersecurity and privacy as part of their business risk management strategy, the report notes. 

A data breach refers to the unauthorized access, disclosure or acquisition of sensitive information, often involving personal or confidential data. These incidents can occur through various means deployed by bad actors and cybercriminals, such as hacking, phishing, physical theft or exploiting vulnerabilities in computer systems.

Read alsoCriminals Target Big Ticket Transactions in Commercial Banking Fraud Surge

Data Exists to Be Accessed, Making Protecting it a Challenge 

Organizations must identify and protect their own sensitive data assets to prevent data breaches. In the event a data breach occurs, it is essential that organizations be able to detect the ongoing breach themselves, as well as begin to execute a response and recovery plan that leverages security technology and controls. 

Per the NIST, many of the fundamental challenges for organizations looking to maintain data security result from the sheer volume of an organization’s data, the many ways users can access the data (on-site versus remote, computer versus mobile device), and the potential for the compromise of valid user credentials being used by unauthorized users.

A business continuity analysis is also recommended by experts to identify potential impacts on business operations as a result of a loss of data confidentiality. 

“After-action reports will help you understand what your business continuity plan was and where it failed … If you haven’t stayed up on your hygiene, that will come out in the report. That’s why running red team exercises or simulated events is so important,” Matanda Doss, executive director and lead information security manager for commercial banking at JP Morgan, told PYMNTS in December. 

PYMNTS-MonitorEdge-May-2024