5 Pennsylvania Data Breaches in 2017 & How to Avoid Them in 2018

2017 has been a year marked by unprecedented data breaches, the sum total of which accounts for billions of compromised documents and user accounts. Those targeted include Deloitte, Gmail, Equifax, Yahoo, FAFSA through the IRS, and the list continues to grow. Certain industries, including healthcare and financial services, were hit harder than others. Unfortunately, Pennsylvania residents and businesses were not spared the sting of cybercrime, with the following incidents representing the worst of 2017's data breaches.

Here are the 5 Pennsylvania Data Breaches in 2017:

High Profile Targets

  1. Democratic Lawmakers

    • In March, Senate Democrats were struck with ransomware. The software encrypted and shut down the Senators' computer systems, locking them out of their network, and rendering their data inaccessible.   
  2. Chipotle

    • Chipotle's May breach, while a nationwide incident, affected ten Philadelphia branch locations. The breach was first noticed when unauthorized activity was observed on the network responsible for supporting in-restaurant payments. Hackers used malware to access customers' credit card information, through point-of-sale devices. 

  3. Merck & Co.

    • In June, Merck & Co. Pharmaceuticals was targeted in an extensive, international attack. Hackers used ransomware similar to WannaCry and Petya, which had surfaced the month prior. Merck's network site was shut down, employees were locked out of their computers, and there was damage to on-site hardware.  

  4. Philly Women's Health Care Groups of PA, LLC

    • One of Philadelphia's largest cybersecurity events, in July Women's Health experienced an extensive breach of personal data. An estimated 300,000 patients were affected and, at the time of disclosing, this was the third-largest breach reported to the U.S. Department of Health and Human Services. 

  5. Whole Foods

    • Like Chipotle, Whole Food's October hack was a national incident. That said, Whole Foods' taprooms and restaurants in Philadelphia, Wynnewood, Allentown, Upper St. Clair, and Wexford locations were affected. 


Gaining the Upper Hand

If anything, these recent breaches show the growing variety of cyber threats. From ransomware and point-of-sale hacks to email and SMS phishing, these threats have become increasingly ubiquitous. But why? This growth can be attributed to a number of factors: diversification of attack type, decreased cost of premade hacking materials and their availability on the dark web, increased use of file-less attacks, and expanded reliance on smart devices including IoT products.

So how does one contend with these factors? By leveraging third-party expertise that provides tailored, proactive IT infrastructure. In partnering with an IT provider, such as iCorps, you can utilize resources including, but not limited to, the following: 

  • Anti-virus protection

  • Managed network security 

  • Data backup and disaster recovery plans

  • Vulnerability and network monitoring 

  • Email encryption and SPAM filtering

Unfortunately, many companies wait until it is too late to develop a security posture befitting their size, scope, and clientele. Others operate under the assumption that cybersecurity ends with setting up a firewall - the "set it and forget it" mindset. This is simply not the case. In the event of a data breach, businesses must contend with lost company profits and time, and compromised employee security, hardware, data, and intellectual property. For those businesses that are able to recover from a security event, the process is arduous and costly. Instead of relying on this reactive, "damage control" approach, consider a proactive security infrastructure that will mitigate these potential issues. 

Creating Accountability

Another essential component of preventative security is employee education. End-users often prove the weakest link in companies with a fortified IT infrastructure. Fortunately, there are many ways to close this cyber-awareness gap: setting up multi-factor authentication, and installing software that automatically scans incoming emails for malware or suspicious attachments. Incorporate routine, engaging content on security best practices. You can also utilize third-party expertise. iCorps offers on-site, customized cybersecurity training, tailored to meet your staff's needs.  

Of course, employee education will only go so far without supporting, company-wide cybersecurity standards. What policies do you have to secure your data? Given the rising number of remote workers, do those policies also cover mobile devices? Once an afterthought, these questions must now be an essential component of your company's proactive strategy. They protect your clients, employees, and intellectual property. Not only do cybersecurity policies alert users to expectations and best practices, they allow for more consistent understanding across all management levels 

Don't know what to include in your cybersecurity policies? IT security experts can help develop and implement a set of policies that address the unique features of your business. Not only would these policies be crafted around industry best practices, but they would also ensure your company is compliant with national and state-specific regulations. By outsourcing to a third party, whose job it is to monitor changes in data regulation and reporting, you can better allocate your time, focusing instead on growing your business.  

How to Take a Proactive Approach

There is no substitute for a well-thought-out, customized cybersecurity plan. Do not let the growing threat of cybercrime distract from your businesses' goals, profits, and prospects. While reviewing the state of your security posture, remember to: 

  1. Stay Informed

    • Connect with industry experts, who can position your business for success through proactive defense 
  2. Streamline Cyber Defense

    • Incorporate enterprise-class security features, tailored to your businesses' unique needs 
  3. Implement these Basic Resources: 

    1. A data and recovery plan 

    2. Routine employee training 

    3. An executive-level strategy including proactive cybersecurity 
      policies, insurance, regulatory responses, and IT resource

Learn more about iCorps' managed services.

Contact for a Free Consultation