Synopsis of the Attack
Bupa, the global health insurance company, was hit by a massive data breach affecting over credentials of several thousand global customers back in early 2017 after a rogue employee (an insider) inappropriately stole customer information from the company, and tried to sell the customer information on the dark web.
Sensitive information extracted in question included such things as name, date of birth, email address, and nationality. The good news was that no medical data, PHI, or financial information was compromised; however, there was no evidence to suggest that the stolen data was used to carry out fraudulent activities elsewhere.
It is surprising to know that even with this insider attack, an anomaly traffic flow due to a large amount of data being extracted would have triggered a detection by the security monitoring team. Unfortunately, this action evaded detection by the security team. What was the punishment? After the breach, the data protection regulator fined Bupa Insurance Services over $200,000 for failing to stop an employee from stealing. Think of these like any other breaches, the disruption to business operations, the lack of customers’ trust, and above all the reputation damage to the company.
Don’t wait! We know that the threat landscape keeps evolving with new attack vectors and attack techniques, giving you even more reasons to evaluate your current cybersecurity solutions.
What to Expect
Our team can be trusted to defend your organization by helping you provide a multi-layered set of mitigations to improve your organization’s resilience against phishing attacks while minimizing disruptions to business operations.
Our cybersecurity trusted advisors are available to help provide the necessary visibility across your entire network infrastructure and thus allowing for proactive threat detection and improved incident identification, robust investigation, and rapid resolution.
Additionally, our subject matter experts will help and guide your team to implement cost-saving measures to proactively identify, mitigate, and remediate security threats and potential attacks. In other words, the knowledge gained can be used to inform decisions regarding the enforcement of policy and best practices to stay protected against future attacks to a large extent.
Response, Impact, Root Cause Analysis, and Lessons Learned
Want to discuss the response, real impact, root cause analysis, and lessons learned from this attack, and count on us to have the discussion tailored to your needs? Then make a decision now!
The team of cybersecurity experts from AbriteLogic Solutions is available to offer a FREE half-hour consultation to discuss the relevant details along with the security implications it may possibly have on your organization.