Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Early in the morning of March 22nd a threat group known as LAPSUS$ posted screenshots on their Telegram account that allegedly show access to Okta internal systems such as Slack, Cloudflare, Jira, Salesforce and other “Okta cards.” Okta’s CEO Todd McKinnon apparently confirmed an event in January in a tweet:: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors.

The average company can’t do business without their third parties. Vendors, suppliers, partners, distributors, and contractors — third parties make it so much simpler to build, distribute and sell a product or service.

Read also: Israel hit with a large-scale DDoS attack, hundreds of GoDaddy-hosted websites infected with a backdoor, and more.

HIPAA requires covered entities and business associates to secure protected health information (PHI). Failing to do so can result in steep fines and penalties. Some PHI breaches, however, are out of the organization’s control. Determined hackers can expose PHI, and employees can make mistakes — they’re only human, Despite training, rigorous security protocols, and constant monitoring, data breaches can happen.

Read also: Rompetrol hit by Hive ransomware, Mozilla fixes Firefox zero-days, and more.

At the end of 2021, Capital One agreed to pay a settlement of $190 million to 98 million customers whose personal data was stolen in a 2019 data breach. Similar class-action lawsuits were filed in 2021 against T-Mobile, Shopify, and Ledger. When it comes to the cost of breaches, however, those are just the legal fees. Every year, businesses lose millions of dollars in revenue to cyberattacks and data breaches.

The healthcare industry suffers some of the highest volumes of cyberattacks and there are whispers of a lot more to come. Combine this trend with breach damage costs surpassing all other industries and you get the thunderous warning of a devastating cyberattack storm approaching the sector. To help healthcare entities strengthen their cyber resilience, we’ve compiled a list of some of the biggest data breaches in the healthcare industry, ordered by degree of impact.

Simply put, a data leak is when sensitive data is unknowingly exposed to the public, and a data breach is an event caused by a cyberattack. An example of a data leak is a software misconfiguration facilitating unauthorized access to sensitive resources - such as the major Microsoft Power Apps data leak in 2021. An example of a data breach is a cybercriminal overcoming network security controls to gain access to sensitive resources.