On an average day around the globe, a data breach of some type takes place every 39 seconds, resulting in everything from lost information to lost money to lost business. To make matters worse, no one industry is immune, including the tech industry, which pours more than $165 billion into cybersecurity every year and still sees major cyberattacks, such as recent hits on global tech giant Microsoft.
The security team at Microsoft reported that as the world welcomed in 2020, the company suffered a massive data breach of more than 250 million customer service and support records, including those within the healthcare industry. This Microsoft data breach has brought to light many concerns and lessons, showing what’s at risk and what needs to be done in order to keep information safe.
Microsoft Data Breach: What We Know
The records that were compromised date back as far as 2005 and up to December of last year and include online chat records between customers and Microsoft support workers. Personal information from customers was scrubbed from the records before they were stored away safely and contained such items as email and IP addresses.
Microsoft revealed that it had uncovered misconfigured security rules in a database at the end of the year. The company says an error was made on December 5, leaving customer records exposed for more than three weeks, which ultimately lead to the data breach.
What Microsoft is Doing
The company recently announced that it would be auditing its internal cybersecurity policies and putting more tools to use to ensure that stored customer records that include sensitive personal information will be redacted. A new internal alert system will be put in place to have a better monitoring system on misconfigurations that can end up leading to potential cyberattacks.
Risk to Users
While Microsoft has worked to patch up the issue, customers who use its software, such as healthcare organizations, may not be seeing the end of the cyber breach’s effects. While there may not be much practical risk at the moment, there is no real firm understanding to say whether the customer information stolen from servers will be used in other ways.
The main risk is that all customer information could be used in technical support scams aimed at Microsoft’s customers. Scammers are able to pose as legitimate Microsoft support workers and use information to gain further access to customer information through cold calling.
If someone’s email address was exposed during the breach, they should be seeing a real message from Microsoft. Outside of major breaches like this, the company usually doesn’t reach out to users, especially via phone.
What a Microsoft Data Beach Reminds us About Cybersecurity Software and Insurance
Customers who use Microsoft software tools to conduct business or store information should be reminded to review their own cybersecurity measures as well as cyber risk services. This includes the healthcare industry, which stores massive amounts of constantly updated customer information that is highly sensitive.
Cyber risk insurance from Connected Risk Solutions can help healthcare organizations, such as hospitals and specialty care centers, keep the financial fallout from a data breach limited. This kind of insurance is made to protect healthcare organizations, even if a cyber threat isn’t their fault. Not everything in the world of cybersecurity can be predicted or prepared for, so having Cyber risk services insurance can help to keep major claims low.
Organizations should be much more cognizant of their cloud services and their providers’ storage access policies and define their access based on these policies. Because of the damage to IP addresses and email addresses, healthcare organizations and other entities who suffered information loss due to Microsoft’s breach should be on the lookout for attempts at phishing scams.
About Connected Risk Solutions
At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at 678.359.6365.
