Security Teams Told to Keep Quiet About Security Breaches and NuLife Med Settles Lawsuit

In the last 12 months, there is an increase in ransomware and phishing attacks on companies. Costs related to such attacks also increased. According to IBM Security, in 2022, the data breach average cost is $4.35 million. For healthcare data breaches, the average cost is $10.1 million.

Because of the high costs and reputational damage due to data breaches, there is pressure on cybersecurity teams to keep quiet about cyberattacks and data breaches, even if the law requires reporting data breaches. According to the newly published Bitdefender 2023 Cybersecurity Assessment, there is significant pressure on cybersecurity teams to keep quiet about data breaches. In the U.S., 74.7% of study participants said they had encountered a data breach or data leak last year, and 70.7% were told not to report a security breach when they should have. 54.7% of the study participants said did not report a security breach when they should have.

Bitdefender’s study reveals the failure of healthcare organizations to report data breaches. 28.6% of healthcare respondents stated they did not report a security incident because they were told not to report it. In the U.S., 78.7% of respondents claimed they are concerned about their company facing legal action because of the wrong handling of a security breach.

Bitdefender likewise asked in the survey what are the biggest threats faced by IT professionals today. In the U.S., the following are the biggest perceived threats:

  • 80% – software vulnerabilities/zero days
  • 73.3% – supply chain attacks
  • 58.7% phishing/social engineering
  • 50.7% insider threats
  • 45.3% ransomware

But for companies, the biggest threat is the human factor. The major security issue encountered by U.S. companies include:

  • 49.3% – extending security capabilities through several environments
  • 49.3% – complexity
  • 40% – reporting capabilities
  • 32.1% – incompatibility with other security solutions

Respondents likewise answered what they observed to be the biggest security myths, which are the following:

  • Myth 1: The organization is not a target for cybercriminals (42.7%)
  • Myth 2: Using non-corporate approved applications is not a big issue (40%)
  • Myth 3: The IT department is solely responsible for security (36%)
  • Myth 4: It’s safe to click/open emails that are delivered in inboxes (36%)

Considering the rise in cyberattacks on U.S. companies, it is good to know the plan of action mentioned by the respondent:

  • 78.7% stated they have plans of increasing their security funding
  • 49.3% stated they have plans to reduce  new cybersecurity tech purchases
  • 38.7% stated they were limiting the hiring of new cybersecurity employees as companies wànt security vendors to give the needed support
  • 95% stated they have plans to  increase the number of security vendors
  • 90% stated they are on the lookout for holistic, all-in-one security solutions to lighten the burden and avert compatibility problems.

Censuswide conducted the survey used for the report. The respondents were 400 IT experts such as junior IT managers and CISOs, in companies that have  1000+ workers in the UK, USA, France, Germany, Spain, and Italy.

 

NuLife Med Settles Class Action Data Breach Lawsuit

The medical equipment company, NuLife Med, based in Manchester, New Hampshire, has consented to resolve a class action lawsuit associated with a data breach in March 2022  that impacted over 80,000 people.

NuLife Med discovered suspicious activity inside its computer system on March 11, 2022. Based on the forensic investigation, hackers got access to its systems from March 9 to March 11, 2022, and viewed or extracted data. The breached information included names,  medical data, medical insurance details,  addresses, and in certain cases, driver’s licenses, Social Security numbers, and credit card / financial account data.

The Pires, et al. v. NuLife Med LLC  lawsuit was filed in the US District Court for the Southern District of Florida. Allegedly, NuLife Med was negligent for not implementing proper security measures to protect the privacy and confidentiality of patient data. Thus, the data breach happened though it was completely preventable. The lawsuit alleges that the plaintiff, Victor Pires, and other affected persons, sustained an injury because of the negligence and had out-of-pocket expenditures to deal with the incident.

NuLife Med opted for a settlement to avert the costs of continuing litigation and the uncertainty of trial. But it did not admit any wrongdoing. There is no mention of the total cost of the settlement. Those who got NuLife Med’s breach notification letter are eligible to file a claim in case they can give documented evidence of losses incurred and will get a check with a value of up to $25. Class members have the option to avail of credit monitoring services for one year.

The last day to file a claim is June 20, 2023. The last day to object or be excluded from the agreement is May 16, 2023. The schedule of final approval hearing is on June 5, 2023.

About Christine Garcia 1312 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA