Blog / When cybersecurity incidents hit close to home.
What can we learn from local cybersecurity incidents?
Whether you know it or not, cybersecurity affects all of us, even you and even if you’re not even online! That’s because you don’t need to be online for your data to be put at risk. If you’ve ever even just interacted with a business or service that stores information, particularly healthcare services, it’s almost certain at least some data about you and your identity is online, and that means it’s at risk. In fact, your information is in so many organizations that you may not even be aware of them let alone deal with them directly. Governments, for just one example, often outsource various projects and portions of their responsibilities, but so do many private businesses. Does your favourite baker offer a rewards program? Well, it’s almost certain their bakery doesn’t have an IT team managing the project; they’ve likely outsourced developing and implementing it to an IT company, which means now your data is in their hands as well. So even if you’ve gone as far off grid as possible—and I mean living deep in the heart of the Sahara desert or Amazon jungle off-grid—you’re data is somewhere online and that means online protections and cybersecurity incidents can affect you.
I bring this up because, as you may or may not have heard about already, there was one such incident in Alberta recently, specifically regarding a data breach with Quickcard. Quickcard’s website refers to what happened as a “cybersecurity incident,” and while technically accurate, the website of the Alberta Dental service association more rightly called it a “data breach.”
But why is this incident important? Two reasons:
- Quickcard administrates the healthcare benefits for dental programs in Alberta.
- One of our clients reported the email notification about this incident as spam.
Now I’m fairly sure the reason this email was reported as spam simply because a well-meaning user didn’t understand what was going on, so reporting the email was likely a knee jerk reaction. Most users don’t know the detailed inner-workings of email so it’s understandable that many also don’t know how to properly vet the authenticity of an email. And of course, while mis-reporting real email as spam isn’t great, people really should be erring on the side of caution so it’s not like the user did anything wrong. In fact, just like the examples above, they likely didn’t even know who Quickcard was as it’s their dentists that use the program directly.
Beyond that context, the information that Quickcard currently says was accessed are patients’:
- name,
- date of birth,
- mailing address, and
- details relating to your health benefits claims.
Even these few details are enough information for savvy hackers to instigate at least some level of identity theft depending on the situation, but the information could also be abused in plenty of other nefarious scenarios.
The takeaway here is simple; don’t simply dismiss emails that show up in your inbox or junk folders just because you don’t recognize who sent them. Read your emails, analyze them, and if need be open a browser and do some searches (like “Quickcard cybersecurity incident” in this case) to see if there’s any validity to the message. Of course, directly clicking a link in an email (especially one you don’t trust) is still a terrible idea so don’t go around clicking links willy-nilly, but you can take a few minutes for some quick research, particularly when the topic is about cybersecurity incidents like this one that strike close to home.
This week’s Shakespeare quote comes from Hamlet; “Doubt thou the stars are fire; Doubt that the sun doth move; Doubt truth to be a liar; But never doubt I love.”
For more information about local cybersecurity incidents and how they may affect your business, municipality, or organization, contact TRINUS and we’ll be happy to help out with some stress-free IT.
Be kind, courtesy your friendly neighbourhood cyberman.