Insurer Struggles to Fix Security Flaws after Whistle-blower Alert
An insurance company in the US, Blue Cross and Blue Shield Minnesota, is racing to address multiple security vulnerabilities in its IT systems after neglecting vulnerability management for years. An internal whistle-blower revealed that the number of software vulnerabilities classified as critical or severe peaked at around 200,000 inside roughly 2,000 critical servers. These servers can contain sensitive data such as personally identifiable information (PII), protected health information (PHI) and financial data. An additional 2 million vulnerabilities were detected on the insurer’s 6,000 employee workstations. Blue Cross and Blue Shield Minnesota has placed emphasis on reducing these vulnerabilities to minimise the attack surface at its critical servers and endpoints.
References:Insurer Races to Fix Security Flaws After Whistle-blower Alert
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services