Serviceaide, an enterprise management solutions provider, has experienced a data leak. This leak has affected the personal and medical information of nearly 500,000 Catholic Health patients. 

While the compromised information may vary per individual, some data at risk includes: 

• Names
• Birth dates
• Emails
• Usernames and passwords
• Patient account numbers
• Medical record numbers
• Prescription and treatment information
• Medical information
• Clinical information
• Healthcare provider information
• Health insurance information
• Social Security Numbers

Security Leaders Weigh In

Darren Guccione, CEO and Co-Founder at Keeper Security:

The sheer volume of sensitive personal and healthcare data exposed in the Serviceaide breach highlights the critical ongoing need for robust cybersecurity measures across the healthcare sector. Determining the true impact of a breach of this scale often takes months or even years as organizations must uncover the full extent of data exposure, verify the accuracy of the breach reports and navigate evolving regulatory requirements. 

The exposed Catholic Health data remains a significant threat. With personal, medical and financial information compromised, the risk for identity theft, medical fraud and targeted phishing attacks is high. While there may not be immediate signs of misuse, the stolen data could surface down the road, prolonging risks for both individuals and organizations. There are proactive steps victims can take to mitigate damage to the exposure of Personally Identifiable Information (PII), such as changing login credentials of online accounts and apps, utilizing a dark web monitoring service to check for leaked credentials, monitoring or freezing their credit bureaus and practicing consistent cyber hygiene.

Healthcare leaders must take a proactive stance in combatting cyber threats by allocating dedicated resources and a healthy budget to cybersecurity, and treating cybersecurity as a core component of patient safety. Aligning with government and industry frameworks, such as those from CISA, NIST and HIPAA, is critical to ensuring strong security practices. 

Mr. Agnidipta Sarkar, Vice President CISO Advisory at ColorTokens:

The breach resulted from an insecure direct object reference (IDOR) misconfiguration, allowing potential unauthorized access to sensitive data without evidence of data being copied. This could affect individuals receiving medical care from Catholic Health’s 75 locations in Western New York, increasing risks of identity theft, financial fraud, and medical fraud, since the possible data loss of highly sensitive personal and health information. 

There are a lot of lessons for cybersecurity teams, but implementation is complex. These include preventing misconfiguration risks, delayed detection, third-party vendor risks, sensitive data exposure and regulatory implications. At a minimum healthcare security teams must resolve IDOR vulnerabilities, audit configurations, enhance change governance and implement passwordless least privilege access. 

These controls need discipline and correlation between teams and investment and monitoring of cybersecurity tools. The easier route to take is to embrace zero-trust mechanisms like enhanced identity governance, microsegmentation and software defined perimeter augmenting a strong data leak prevention.

Haviv Rosh, Chief Technology Officer at Pathlock:

Recent attacks highlight a critical need for CISOs to operate under an “assume breach is inevitable” mindset. The question isn’t if they get in, but what happens next. Specifically, security leaders should incorporate a strategy grounded on several key elements.

First, they should identify crown-jewel assets - the systems and data that drive revenue, trust, or operations. Second, segmenting and isolating critical workloads is important to prevent lateral movement. Third, they must invest in recovery-first infrastructure. This task includes having in place immutable backups with fast restore capability. It also assumes incorporating infrastructure-as-code to redeploy environments quickly. Lastly, serverless or container-based services for modular failover, as well as privileged access governance with real-time audit and drift detection, are essential. 

The final yet critical element of this strategy is continuously testing resilience under real-world conditions. If you don’t test it, it won’t work when it matters. Tabletop exercises, red team drills, and recovery dry-runs must be standard practice.

Today’s modern security program isn’t defined by how many attacks it blocks, but by how confidently it recovers when hit. Resilience is now the most important control.