How To Follow Best Security Practices in Light of France’s Data Breach

Posted on the 26 May 2022 by Jitendra Vaswani @JitendraBlogger

Companies are struggling to remain ahead of the game and protect their resources from hazardous hackers and online attacks as cyber-attacks get more sophisticated. A recent example is France's Health Insurance incident, in which a major insurance company was hacked, exposing the private information of over 500,000 individuals.

What may appear to be unavoidable cyberattacks can be avoided by deploying appropriate security measures throughout your organization's networks.

Theft of Patients' Information

After employee email addresses were hijacked, 19 staff accounts belonging to the French National Health Insurance portal, "Amelipro," were hacked on March 17, 2022. Approximately 510,000 patients' data, including names, birthdates, social security numbers, and other personal information, was stolen as a result of the incident.

The hackers obtained such sensitive identifying information by first infiltrating the email accounts of healthcare workers, likely through a spear-phishing attempt. Spear is a type of social engineering attack in which attackers take advantage of human error to get people to do things they shouldn't.

Hackers target a specific firm using specialized phishing communications, such as emails or URLs that appear like known sites, in order to deceive personnel. Workers are then duped into inputting their personal credentials, believing they are accessing a private work site or responding to an email from a coworker.

The most astonishing feature of this case appears to be that the hackers didn't even need to get past Amelipro's protection to gain access to their system. The hackers were able to access the private insurance site and obtain sensitive information simply by entering in with stolen credentials after first acquiring employees' account passwords through spear-phishing.

After gaining access to the portal, the fraudsters are likely to have employed methods such as crawling and scraping to gather patient data. Crawling is a method of scanning websites by navigating from page to page and mapping out the URL metadata. The hackers then copied and retrieved the information via scraping, gaining access to thousands of pieces of personal information in a matter of hours.

Preventing the Next Attack on Your Business

There are various best practices to apply throughout your network to keep your organization secure from attacks like the French Health Insurance compromise.

Web Filtering Helps Stop Phishing Attacks

Phishing attacks are among the most common cyber threats that businesses face across the world. User training and business awareness are critical initial measures in ensuring that your employees recognize warning flags when reading questionable emails and websites.

Web Filtering as part of your Secure Web Gateway is essential for online security since web filtering rules block harmful sites and can stop phishing attacks at their source.

Using User Authentication and Identification

Poor user identification and authentication are frequently the sources of common internet vulnerabilities. Hackers' access to private portals without adequate multi-factor authentication (MFA) requires simply the user's email and password without any verification, making it considerably easier to attack sites.

Using MFA, which combines user IDs and passwords with other forms of identity, users' accounts are much less likely to be hacked.

Zero Trust provides additional security.

The Zero Trust concept of "trust no one, always verify" is becoming more popular as a way to safeguard businesses from cyber threats. User access is segregated with Zero Trust so that each employee has access to only the resources they need for their job, not the entire network. This minimizes the attack surface and makes it far more difficult for hackers to gain access to sensitive data.

The Solution for Perimeter 81

Perimeter 81's complete security toolkit makes it simple to keep track of your network's security. Advanced technologies like Zero Trust Application Access (ZTAA) and Secure Web Gateway (SWG) ensure that your organization is safe from online threats in today's changing threat landscape.

You may secure your firm by employing best practices like multi-factor authentication and web filtering rules, which reduce the possibilities of data breaches.