Bupa International Hit by Insider Data Breach

Healthcare giant, Bupa, has admitted a security incident. According to a statement, an employee of its international health division had inappropriately copied and removed customer information, including names, dates of birth and.nationalities. Bupa says that customers have been contacted to alert them to the breach and to remind them to stay vigilant.

Commenting on this, Itsik Mantin, director of research at Imperva, said: "Although people tend to associate breaches with hackers, the truth is that many data breaches involve inside work, as was this breach which happened, according to Bupa, by an employee.

"This is not surprising given that Verizon DBIR 2017 report  indicates that 1 out of 4 data breaches are attributed to insiders and, in the healthcare domain, the situation is even worse with 2 out of 3 breaches involving insiders and third-parties.

"As we’ve seen in past high-profile cases, data breaches caused by careless, malicious or compromised insiders are real and serious. Because the problem begins with users that have legitimate access to enterprise data, attacks from the inside can be present for long periods of time before finally being detected. What’s more, costs associated with loss of data can run in the millions and lead to customer loss, brand damage and stock price decline.

"To mitigate the risk, organisations should ask themselves where their sensitive data lies and invest in protecting it. Businesses can employ solutions, especially those based on machine learning technology that can process and analyse vast amounts of data, to help them pinpoint critical anomalies that indicate misuse of enterprise data and that also help them to quickly quarantine risky users to prevent and contain data breaches proactively."