Lake Erie College of Osteopathic Medicine in Pennsylvania is the latest in a growing list of educational institutions to fall victim to a breach, according to The Associated Press.
The breach was exposed when it was discovered that student names and Social Security numbers had been posted online. Instead of being discovered by the school’s security team, however, the information exposure was reported by a student at the school who found the information when he or she was online.
College spokesperson Pierre Bellicini said the breach could be traced to a company that provides the school’s students with health insurance. That company, Hubbard-Bert, is now providing a year of credit monitoring to those impacted by the exposure.
Fallout From the Breach May Not End Here
If precedent is any indicator, the repercussions from this breach could go well beyond what’s already happened. In an age when cyberattacks pose a constant threat, users have an understandably tenuous trust in the enterprise security of companies housing their information. When that trust is put to the test, there can be consequences.
Such is the case for the University of Pittsburgh Medical Center, which is facing a weighty class action lawsuit stemming from a breach, according to WTAE. The breach occurred in April and resulted in compromised information for up to 27,000 employees affiliated with the hospital.
The lawsuit states that the exposure of confidential information represents an institution shirking its responsibility to protect the private information of employees.
According to the lawsuit, the hospital “had a duty to protect the private, highly sensitive, confidential personal and financial information and the tax documents.”
The fact that the breach happened suggests the UPMC “failed to safeguard and prevent vulnerabilities from being taken advantage of,” the lawsuit stated.
If the lawsuit’s demands are met, the UPMC will be mandated to provide identity theft insurance, credit restoration services, and credit and bank monitoring services to affected parties for 25 years. Considering that the number of breach victims totals 27,000, this will end up costing the hospital a pretty penny.
If there’s one lesson to be learned from this example, it’s that every enterprise facing a breach has a long and difficult road ahead of it. By implementing a strong enterprise security infrastructure, however, a company can take a proactive step toward protecting its identity and never falling into a compromising situation.