Earlier today, DataBreaches posted an announcement of a settlement with a HIPAA covered entity, which encountered serious data breaches due to unauthorized access by a former contractor.
The OCR imposed a monetary penalty of $1.19 million for not performing thorough risk analyses, failing to review system activity, and lacking appropriate access termination procedures for former employees.
Another recent data breach example highlighted how poor access termination on cloud instances led to the theft of sensitive information, affecting approximately 20 million customers.
The investigation revealed that a former contractor's login credentials, compromised via a credential stealer, facilitated the breach and were available on cybercriminal marketplaces.
Collection
[
|
...
]