A naukri.com initiative
Hitconsultant
1M
211
Image Credit: Hitconsultant
What All Healthcare IT Leaders Must Understand About the Kaiser Permanente Breach
- Kaiser Permanente recently suffered a massive data breach impacting the privacy of 13.4 million patients' information that was compromised and shared with external vendors and advertisers due to the poor management of third-party scripts on its website and mobile application that unintentionally transmitted private information.
- Despite reporting the data breach to the HHS, Kaiser failed to properly align the tracking code's data permissions with its intended purpose and may still face scrutiny from HIPAA regulators.
- IT leaders must be aware of browser-side attacks on their websites and mobile applications such as data leaks, poor third-party script management, and unauthorized data sharing.
- To prevent similar incidents, the use of Content Security Policies should be used to closely manage third-party scripts running on websites and applications.
- Specialized strategies are needed as traditional network monitoring and security cannot detect browser-side threats.
- IT leaders must introduce processes for engineers utilizing conditional rendering, that loads scripts only on pages where they are needed and enables CSPs to manage third-party scripts.
- Modern websites use 30 or more third-party scripts to enable different functionalities which could result in scripts accessing and sharing data that shouldn't be the case.
- The reputational and financial risks of data breaches from poor third-party script management are just as significant as traditional data security breaches and can significantly impact customer trust.
- Browser-side security strategies that provide full visibility, malware detection and automated responses to third-party script threats are vital.
- Kaiser's breach provides a warning for IT leaders about the risks posed by third-party script security and highlights the importance of efficient data management, privacy policies, and safeguards.
Read Full Article
12 Likes
For uninterrupted reading, download the app