Securing information such as health benefits and health information is one of the most critical aspects of security that an organization can invest in to protect its employees. While it is becoming more common for third-party vendors to manage this kind of data to reduce risk, any health-related information should be protected by limiting access to minimize the employees’ risk of identity theft or extortion. Implementing encrypted data stores can be a worthwhile investment to protect data at rest. Correcting user permissions to mitigate data access can also limit an attack’s scope, depending on the attacker’s intentions. Auditing sensitive file and folder access to set off alarms when unusual accounts are used to read files containing employee personal information is also a security measure worth considering.
References:
https://www.bleepingcomputer.com/news/security/belden-says-health-benefits-data-stolen-in-2020-cyberattack/
https://www.bleepingcomputer.com/news/security/belden-networking-giants-company-data-stolen-in-cyberattack/