Recently a national diagnostics organization announced it is investigating an unauthorized third-party intrusion into an internet application on its network.
How many people currently have their personal health information exposed as a result of this incident? About 34,000.
Fortunately, the information did not include social security numbers, credit card information, insurance or other financial information. The diagnostics provider reports it is taking steps to prevent similar incidents from happening in the future, and is working with a leading cybersecurity firm to assist in investigating and further evaluating the company's systems. The medical laboratory company, which provides blood draw and urine testing services to patients, has locations throughout the United States.
One can only imagine the strain a massive data breach can create for any organization, particularly a high-profile entity.
Personally Identifiable Information, or PII, is information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth and mother’s maiden name.
For businesses today, protecting customer data such as credit card information, log-in credentials, and other personally identifiable information is one of the top priorities for both security and risk leaders, as well as business leaders. Enterprises must limit the use, collection, and retention of PII to only what is critically necessary for organizational purposes in an attempt to organize and protect customer data.