The FTC seems to be minimizing a data breach at the credit reporting agency Equifax that lasted 10 weeks from mid-May through July 29. Hackers accessed names, social security numbers, birth dates, addresses, and driver’s license numbers. They also obtained 209,000 credit card numbers.
Matter-of-fact reporting by the FTC has lawmakers alarmed at nary a mention of negligence or investigation. Rather the September 8th post on the FTC blog is a “what you can do now” provides detailed instructions but does not mention cause or steps the organization is taking to mitigate future risk. But, House Financial Services Committee Chairman Jeb Hensarling (R-Tex.) said Friday that his panel would hold hearings on the breach.
Shortly after the breach was discovered, senior Equifax executives sold stock in the company worth nearly $1.8 million. The stock has been plummeting since. The company is offering free identity theft protection and credit monitoring to those affected by the breach.
In our experience at Dooth dealing with data security and cyber threats, we know it is not only necessary to secure the systems themselves, but to separately encrypt usernames, identifying data, and sensitive files––each separately––at different physical and logical locations so that if a system (i.e. calendar, documents, email) becomes compromised, hackers are unable to piece together scrambled data.
Will systems ever be hacker proof? Cyber threats will never go away. However, as organizations, especially healthcare facilities and medical suppliers, start using systems that have robust layers of encryption, they become harder targets for cyber criminals. Access to their systems become difficult. Unscrambling the data elements and piecing them back together becomes too laborious. The risk of hacking decreases with each layer of protection implemented.