A former Nuance employee accessed the data of over 1 million Geisinger patients in Pennsylvania after being terminated (Link Here)
Geisinger is a non-profit healthcare system in Pennsylvania that operates 134 care sites, ten hospitals, and the Geisinger Health Plan, serving a total of 1.2 million people.
It employs 26,000 staff, including 1,600 doctors, and is considered one of Pennsylvania’s most important organizations.
Nuance is an IT services provider contracted by the organization.
Does your IT or cybersecurity provider have its own security?
If you haven’t already, ask them.
The last thing you want is to get hacked by a former employee of the company you pay to protect you from attacks like this.
And while you’re at it, here are some other questions to ask your IT or cybersecurity provider, to find out if they’re legit.
- Do you follow a cybersecurity framework for both your recommended services and internal practices?
- Do you practice what you preach? Are you implementing all the security measures you recommend to clients, and more?
- Can you share any certifications related to security or other best practices you follow?
- How do you vet the vendors for the products you implement?
- Do you have an incident response plan for your own business?
- Will you create an incident response plan for our business?
- Do you have a business continuity plan, and will you develop one for us?
- Do you have a succession plan in case of unexpected events? (For smaller IT/cybersecurity providers)
- What is your minimum threshold for security services? Do you offer a comprehensive security package or just basic IT services?
- How do you ensure that the tools you use for monitoring and updates don’t introduce additional risks to your clients’ systems?
If they can’t give you satisfactory answers to all of the above questions…
This is what we do, so we’re happy to help.