Finance

Insurer Struggles to Fix Security Flaws after Whistle-blower Alert

10 - 17 December 2019

A US insurance company is racing to address multiple security vulnerabilities in its IT systems after neglecting vulnerability management for years.
Cyber_News_Finance

An insurance company in the US, Blue Cross and Blue Shield Minnesota, is racing to address multiple security vulnerabilities in its IT systems after neglecting vulnerability management for years. An internal whistle-blower revealed that the number of software vulnerabilities classified as critical or severe peaked at around 200,000 inside roughly 2,000 critical servers. These servers can contain sensitive data such as personally identifiable information (PII), protected health information (PHI) and financial data. An additional 2 million vulnerabilities were detected on the insurer’s 6,000 employee workstations. Blue Cross and Blue Shield Minnesota has placed emphasis on reducing these vulnerabilities to minimise the attack surface at its critical servers and endpoints. 

References:

Insurer Races to Fix Security Flaws After Whistle-blower Alert

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence