Risk & Repeat: A troubling trend of poor breach disclosures
This Risk & Repeat episode covers three data breach disclosures from Dish Network, Gentex Corporation and Clarke County Hospital and the troubling trends that connect all three.
The transparency of data breach disclosures can vary widely, and that has never been more clear than recent notifications belonging to Dish Network, Gentex Corporation and Clarke County Hospital.
Popular satellite television provider Dish Network last week provided additional details regarding a ransomware attack the company suffered in February. In a new letter sent to those whose personal data was affected, Dish revealed that although no customer data was affected, "certain employee-related records and personal information (along with information of some former employees, family members and a limited number of other individuals) were among the data extracted."
Dish also said it was not aware of any data misuse, and that "we have received confirmation that the extracted data has been deleted." Dish did not clarify its statement further either to TechTarget Editorial or its breach notification letter, but the statement suggests the provider paid the ransom to threat actors. If that was the case, it is unknown how Dish could ensure cybercriminals no longer have stolen personal data.
Meanwhile Gentex Corporation, a Michigan-based technology and manufacturing company, suffered an apparent ransomware attack several months ago, but did not confirm it had occurred until earlier this month. Gentex told TechTarget Editorial that the breach occurred "several months ago, and we have communicated to all affected parties."
And the Iowa-based Clarke County Hospital suffered a ransomware attack but did not acknowledge it until nearly a month after it occurred, despite Royal ransomware operators reportedly leaking sensitive patient data as early as a week after the attack occurred. Despite this, the hospital said in its breach notification that "CCH has found no evidence that your information has been misused."
On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss all three recent breach disclosures as well as the troubling trends that tie them all together.
Subscribe to Risk & Repeat on Apple Podcasts.
Alexander Culafi is a writer, journalist and podcaster based in Boston.