People Inc. Data Breach

People Inc., one of western New York’s largest non-profit agencies, reported a data breach which has exposed sensitive medical information belonging to up to 1000 current and former clients. People Inc. offers residential care, employment assistant, community outreach programs, healthcare, and recreation schemes for seniors, the vulnerable, and both the families and those who have disabilities.

The breach was discovered on February 19, 2019, and a public notification was made on May, 29, 2019. An unknown hacker had managed to infiltrate one or more email accounts belonging to employees of the organization, the emails of which contained personal health information on clients. 

Commentary: No organization is immune from cyber attacks, whether they are for profit or not. This is of particular concern for non-profits who may prioritize information security even less than commercial companies. This, combined with the typically low funding that exists in non-profits for IT related matters, makes them easy targets to exploit.  

Likely Threat(s): Criminals
Likely Motive(s): Theft
Likely Means: 1.x Attack the User
Opportunities: Security Awareness, Credential Management, 2FA

%d bloggers like this: