Breach Candy Hospital Leaves 121 Million Patients' Records Exposed

We expect companies that handle our most personal information to take every possible safety precaution to protect us from cybercriminals. However, not all organizations take cyber security seriously even if they are handling sensitive data of millions of people. Unfortunately, Mumbai’s Breach Candy Hospital’s patients recently learned that their medical images, histories, and other sensitive information got leaked because the hospital did not bother to properly secure the systems that it uses to store the mentioned information. According to cybersecurity specialists from Greenbone, such reckless behavior resulted in 121 million records getting exposed. If you want to know more about how it happened as well as what can you do if your data gets exposed due to a data breach, you should read our full blog post.

It might be easier to understand how bad the Breach Candy Hospital data breach was if you know some statistics about such incidents in the US. According to hipaajournal.com, there have been 3,054 healthcare data breaches that involved more than 500 records in between 2009 and 2019. It is also said that these incidents resulted in 230,954,151 healthcare records being lost, stolen, or misused. The biggest healthcare data breach in the US was the Anthem Blue Cross breach that affected around 78.8 million people in 2015. If you compare it to the Breach Candy Hospital data breach, it does not look so bad, as the incident in Mumbai resulted in 121 million exposed records, which is about a half of all breached records between 2009 and 2019 in US.

How did Breach Candy Hospital data breach happen?

As mentioned earlier, Breach Candy Hospital data breach was caused by careless behavior. To be more precise, it looks like the hospital was storing their patients’ medical images on Picture Archiving and Communication Systems (PACS) servers that are also used by various other healthcare organizations. The Greenbone report says that these PACS servers have various vulnerabilities. For instance, they use a standard that includes the IP protocol, which means that these systems can be found on the Internet.

What’s even worse is that medical images and other data stored on these servers is not protected by passwords, which means that anyone could view and even download it. Researchers say that besides 121 million medical images of Breach Candy Hospital patients and Utkarsh Scans customers, the vulnerability in the mentioned servers might have exposed patients’ names, dates of birth, national ID numbers, medical histories, physician names, and other sensitive data.

What to do if your data was exposed due to a data breach?

The news of you being a victim of a data breach could be overwhelming, but it is important that you remain calm and take necessary steps to prevent further damage. If you have no idea what to do, you should check the tips provided below that list the three most important things that data breach victims must do.

Learn what kind of data got leaked

The first thing that you should do after learning that your personal information might have been leaked during a data breach is to find out whether it was sensitive or not. For example, your name or the name of the city or country that you live in might seem private, but it is unlikely that someone will be able to do you harm if they find it out.

As for your sensitive information like your date of birth, social security number, credit card details, and email addresses, it could be misused for various malicious purposes, such as identity theft. Therefore, if you learn that such information got leaked, specialists recommend taking immediate actions to protect yourself.

Make sure that your data cannot be misused

For instance, if you learned that your banking information was leaked during a data breach, you should immediately contact your bank. Inform them about what has happened and ask to monitor your accounts for suspicious activities as well as block and change your credit card if its information got exposed. If it is your email address that got exposed, you might receive phishing or malicious emails, which is why we recommend watching out for suspicious emails from people you do not know. Plus, you may want to increase your email account’s security, for example, by enabling Two-Factor Authentication and setting up a stronger password.

On the other hand, if you learned that your social security number got leaked, it might not be so easy to prevent it from being misused. To learn what to do in such a case, you could read this guide. Also, you should know that there are credit-monitoring and identity-monitoring services that can alert you if anyone tries to take credit in your name or use your identity somehow else. Such services might cost you, but they can make things much easier so it might be worth to look them up.

Change your passwords

It is not only your email account’s password that you may have to worry about. If one of your passwords got leaked and you use the same password for your other accounts, it is crucial that you create new passcodes that would be unique and strong. Also, it is advisable to change your passwords if they are old and weak because if hackers know your email address or your login name, they could try to take over your other accounts.

If you do not think that you can create unique and strong passwords for all your accounts, we advise employing a password manager that could do it for you. For instance, Cyclonis Password Manager can generate combinations from up to 32 characters and you can choose what kind of characters should be used. Yet, the best part about having a password manager is that you do not need to remember your login credentials. As a result, you can use complex combinations that will protect your accounts better.

All in all, you should know that healthcare is one of the most targeted sectors and that with some hospitals only starting to digitize their patients’ records, data breaches are bound to happen. We can only hope that such incidents will encourage other healthcare institutions to take cyber security seriously and do more to protect their patients’ data. Also, it is essential to understand that while you may have no control over how such institutions protect your sensitive data, there are things you can do if your information gets exposed. The tips we presented in this blog post can help you in various types of data breaches. Thus, we advise keeping them always in mind so you would be prepared to face whatever may come your way.

March 30, 2020
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.