Vermont hired the third-party vendor Samanage to provide support services as a subcontractor for its exchange, Vermont Health Connect. WEX Health, a contractor to Vermont, used Samanage’s cloud-based IT support services to manage the IT help desk and maintenance tasks.
In summer 2016, a Bing webcrawler discovered the URL to a Microsoft Excel spreadsheet of 660 names and Social Security numbers belonging to Vermont Health Connect users. Bing reportedly incorporated this spreadsheet, which was publicly available online without adequate authentication procedures, into search results.
A Vermont citizen notified the state’s attorney general’s office of the breach. An investigation into the incident found the “breach would have gone unreported” because of “a miscommunication within the company,” the attorney general’s office said in a Sept. 29 statement.
Ryan Van Biljon, vice president of sales and services at Samanage, told Bloomberg BNA the company “worked diligently with the AG of Vermont to comply with all of their requests” related to the settlement.
More articles on cybersecurity:
Cybercrime costs healthcare companies $12.5M per year, report finds
McAffee: Healthcare accounts for 26% of North American cybersecurity incidents in Q2
59% of hackers agree phishing is most effective way to extract data, survey finds
