Corporate Responsibility, Phishing, and Ransomware

Corporate Responsibility, Phishing, and Ransomware

Magellan Health Care Suffers Breach

Magellan Health Care, based in Arizona, has notified a number of its employees regarding a data breach. For both employees and patients, there was an incident that compromised their personal data. Magellan Health is a Fortune 500 company that provides several health plans, pharmaceutical benefits, and other forms of managed health care. On April 11, 2020, the company realized that it had been a victim of a ransomware attack. Upon discovery, it was noted that the breach had occurred five days previously. The system was invaded through a social engineering phishing scheme that presented to them as a valid Magellan client.

Once the discovery was made, the company initiated an investigation of the breach. They hired a third-party cybersecurity forensics company with talented professionals to determine the details of the hack. These officials had determined that cybercriminals had accessed and exfiltrated data from a single server, which included personal data from both employees and patients.

Phishing

What is phishing, and how does it work? Phishing is a cybercrime in which criminals use lures to get individuals to provide sensitive information, like credit card numbers. Contact can be made to the victim in a variety of ways, email, telephone, or text message.

Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details and passwords.

The first person convicted of ‘phishing’ was a 14-year-old boy in California. The teenager had created a replica of America Online. Through his fake website, he accessed sensitive account information, including credit card details, that he then used to obtain cash.

Here are some common traits to look for from phishing types of communications.

Ransomware is a type of malware and a form of cryptovirology. Cryptovirology encompasses the field of study in which encryption or cryptography is used to design malicious software. These types of malware use a ‘public key’ contained within the malware, which gives access to the contents of the device or computer system. This public key allows for a one-way trap door to enter and control the contents of a system. This hack means that only the hacker can undo certain operations on the victim’s computer.

There are different types of ransomware. Some are quite simple, and when an expert reviews the system, it can be reversed. These types of ransomware lock up the system, which can be unlocked with knowledge of how these types of malware work. The second type of ransomware uses an encryption key, and without the key, it can be impossible to unlock the data to retrieve it. Advanced malware uses the victim’s extortion to take their money as payment to give them the key to their data. Many ransomware victims are expected to pay these funds in digital currencies or cryptocurrencies such as Ukash or bitcoin. In doing this, the payment and the perpetrator of the cybercrime are difficult for authorities to trace.

Privacy Legislation

Businesses across the globe are now required to follow some types of privacy legislation. The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are two examples. Privacy legislation is critical as it requires businesses and enterprises to take responsibility for the personally identifiable information (PII) that their consumers entrust to them. These regulations require companies to be pro-active in their approach to cybersecurity and protecting personal data.

Even in the case of being hacked or breached by a cybercriminal, the company is still liable for any lost data. In California, the penalties for violating consumers’ privacy can consist of substantial financial penalties to the state and settlements for every citizen whose information has been victimized. Under the CCPA, penalties for loss of data through cybercriminal activity can carry class action lawsuits and up to $750 statutory damages for every Californian resident impacted. Knowing that these privacy regulations affect the bottom line and reputation of every business and enterprise, it is well worth the investment to find solutions to protecting consumer data. The answer is where redaction can be a solution to compliance.

Redaction and Data Privacy

Sanitization is a data process that removes sensitive data, such as PII, from documents or other forms of files. Redaction is one form of sanitization. Redaction is blacking out or deletion of text or data. Sanitization is a form of taking a classified document, removing any sensitive data, and leaving a lower classification record so that more individuals can access the remaining data.

Redaction allows for selective release of information by removing the identifying data. The redaction process means that some data is completely removed, leaving the remainder of the document to be handled or processed by employees or others who need to work with materials. Redaction can be the removal of data from records, pdfs, audio, or video. The process allows the remain data to be released to employees without certain access levels or even the public through the Freedom of Information Act (FOIA) requests. The purpose of redaction is to protect sensitive data from cybercriminals, breaches, or other malicious attacks. If the data stored in the system has been sanitized and PII is removed, then the loss of such data will significantly reduce the risk to those impacted.

CaseGuard has become a global leader in the redaction and privacy industries. Using CaseGuard redaction software is one way to protect a company’s reputation. A company that loses its reputation realizes that this can mean a loss of consumer trust and impact its bottom line. CaseGuard redaction software allows companies to defend themselves on a proactive basis.

Intelligent automated redaction software protects sensitive data from exposure and artificial intelligence, and machine learning techniques become more accurate with use. The automation features also save time by reducing employee staff-hours of handling redaction manually. Using a quality redaction software program designed to meet the needs of all forms of data within a business also saves money. By reducing the risk to reputation, consumer trust, and any penalties for violations, the company remains in compliance with privacy legislation.

Some of the additional features of the CaseGuard system allows for using the data, audio, or video better to expand the reach of the company’s message. With redaction software that can be used through an iPhone, a company can live stream events or company information through video on social media platforms. The software’s additional features extend the reach of the company’s message while protecting the privacy of individuals within the videos. The software application can also translate data into 28 different languages, expanding the company platform’s reach to more consumers. Captioning, transcription, and other video editing features are also included. Caseguard offers an all-in-one software system that can redact and edit video, audio, images, and documents in minutes.

Related Reads