Patient Data at Risk in MediSecure Ransomware Attack
Electronic prescriptions provider MediSecure said the attack originated from a third-party vendor, and has impacted individuals’ personal and health information
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Search across headline titles and summaries.
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
Electronic prescriptions provider MediSecure said the attack originated from a third-party vendor, and has impacted individuals’ personal and health information
How security teams can bridge the gap between short-term profits and long-term business needs.
2020 Attack Affected 13,000 Blackbaud Clients, 1.5 Billion of Their 'Constituents'A federal judge has denied class certification in consolidated proposed class action litigation against Blackbaud stemming from the fundraising software vendor's 2020 ransomware attack that affected 13,000 clients and compromised data of about 1.5 million donors, patients and other individuals.
Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor. [...]
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.