Stolen Data Not Too Dangerous
Avishai Avivi is SafeBreach‘s CISO. He’s cautiously optimistic that the breach isn’t as bad as it could have been. That’s because a limited amount of personally identifiable information (PII) was exposed.
“Considering this was a health exchange, the data exposed could have easily included protected health information (PHI),” he said. “While malicious actors can try and use the data included in the breach to attempt further breaches, the PII elements in question are not too dangerous. To those of us who remember the days before the internet exploded, phone companies used to distribute free books with thousands of PII records including full names, physical address and phone numbers.”
This is not meant to diminish the severity of this breach, Avivi said. And until we understand more about the full scope of the incident, he recommends all potential victims of this breach raise their level of awareness to unusual or suspicious messaging.
“One example would be unsolicited phone calls or emails from someone claiming to represent DC Health, looking to verify information, or even trying to prompt the individual to log in using a link provided to change their password,” he said. “These should be considered highly suspicious, and should be reported to the authorities.”
