Public Cloud Security Breaches

The Commonwealth Healthcare Corporation experienced a security incident where patient data and sensitive records were compromised due to vulnerabilities in the internal servers. This breach had a significant impact on the organization's reputation and the trust of patients, underscoring the importance of enhancing security protocols and being transparent in managing similar events.

The Office for Civil Rights within the Department of Health and Human Services has resolved its inaugural inquiry into a cyber-attack involving phishing against a healthcare entity. The security breach transpired as a consequence of staff members being deceived by a phishing email, leading to unauthorized entry into patient information. This episode highlights the essential requirement for effective email security protocols, employee education, and preemptive cybersecurity strategies within the healthcare industry.

Marriott's admission of falsely claiming encryption during its 2018 data breach highlighted the risks of misrepresenting security measures. The breach exposed sensitive data, leading to financial losses, legal challenges, and reputational damage.

MedData Inc. encountered a security incident when an employee unintentionally exposed the confidential health data of more than 135,000 people on the internet. In response, the organization informed the appropriate stakeholders, enhanced security measures, and dealt with a class action lawsuit settlement.

The Los Angeles Times website was compromised in February 2018 through a misconfigured AWS S3 bucket, allowing a cryptojacking script from Coinhive to be injected into their website. This script mined Monero using the processing power of the site's visitors. The incident showcased the need for better security practices like employing CSPM tools and integrity checks for web resources.