Data leaks are a popular attack vector for cybercriminals. They’re considered a shortcut to accessing valuable sensitive data without needing to carry out sophisticated cyber attacks. Once an attacker discovers a data leak, they can exploit it immediately. Organizations must be vigilant against internal and third-party data leaks. Otherwise, they risk leaving an instant pathway to costly data breaches exposed.

The HECVAT (Higher Education Community Vendor Assessment Tool or Higher Education Community Vendor Assessment Toolkit) is a security framework and template that higher education institutions can use to measure the security risks associated with potential or existing vendors. HECVAT is excellent for higher ed institutions because many third-party organizations tend to have structures and follow practices that lend themselves to increased cybersecurity risk.

The healthcare industry has been plagued by inadequate security measures and common protocol mistakes that result in significant penalties imposed by HIPAA (Health Insurance Portability and Accountability Act). Poor security protocols, neglected risk assessment audits, internal human errors, and the lack of employee HIPAA training are just a few factors contributing to lost, compromised, or stolen patient data and sensitive medical records.

The HIPAA Privacy Rule (Health Insurance Portability and Accountability Act of 1996) is a healthcare cybersecurity framework that mandates security standards for all HIPAA-covered entities. HIPAA aims to protect patient information in the public health sector and promote stronger cybersecurity policies. HIPAA standards have since been adopted worldwide and enforced as federal law in the United States.

Over the years, there have been countless cases of HIPAA (Health Insurance Portability and Accountability Act) violations, which can result in significant financial penalties. Most are directly linked not to accidental employee misconduct or malicious intent but to a lack of understanding of HIPAA standards by healthcare organizations. Most cases involve poor implementation of security controls or lack of risk assessment auditing, to save money and avoid costly auditing.

‍Plex was breached by an unauthorized third-party gained who gained access to a proprietary database. The specific attack vector that facilitated the breach hasn’t been disclosed. According to Plex, cybercriminals “tunneled” their way through sophisticated cybersecurity mechanisms to gain access to sensitive customer data.