This wouldn’t have solved the largest one, Change Healthcare. They are an insurance claims exchange. They have to have all of this data.
The breach was social engineering of a customer support rep.
Having worked with them, they’re absolutely necessary for healthcare (in its current form; don’t get me started) to function. The alternative is integrating with hundreds of payers (won’t happen) or doing it by fax/mail (disaster).
I would say that if it is possible to exfiltrate 193 M sensitive records through a social engineering attack on one customer support rep, then there are multiple failure points that they and other businesses need to address:
- better security training for employees
- don't store 193 M sensitive records in such a way that one social-engineering attack gives you access to all of them
- don't store 193 M sensitive records without appropriate encryption, and make it hard to steal both the records and the decryption mechanism.
The breach was social engineering of a customer support rep.
Having worked with them, they’re absolutely necessary for healthcare (in its current form; don’t get me started) to function. The alternative is integrating with hundreds of payers (won’t happen) or doing it by fax/mail (disaster).