Lessons to learn from Yahoo data breach

December 8, 2016

Yahoo’s recent data breach of over one billion user accounts emphasizes the importance for health care organizations to take a proactive approach to cyber security.

The breach went undetected for three years and is considered the largest in history. It is an example of how an undetected breach can spiral out of control.

Contributing to Yahoo’s inabilities to detect the breach, cyber security professionals told USA today that Yahoo lacked a concern for security and were arrogant with their assumption they could manage their security without external help.

“No doubt, there’s an apparent discrepancy between what organizations believe about the adequacy of their cyber security and what the reality is,” says TMLT manager of consulting services, John Southrey.

Undetected cyber breaches are common in the health care industry because many organizations take a “wait and see” approach to data security.

In a KPMG survey of 223 U.S. healthcare executives, 25% stated they don’t have or don’t know their capabilities to detect if their organization’s systems are hacked. (1)

A medical practice (or any connected business) needs a well-designed cyber security strategy that allows for timely detection of intrusions to narrow the window of opportunity for an attacker to exploit their data.

TMLT can help through its fee-based cyber risk management resources. Recently, we expanded those resources by partnering with eSentire, an established IT firm that offers a high-level form of cyber security via managedthreat detection and incident response.

Read more about Yahoo’s breach in USA Today’s article.


  1. In a survey of 223 US-based health care executives conducted by KPMG, only 13% reported tracking known cyber security attacks daily. Additionally, 25% stated they do not have or do not know their capabilities, in real-time, if their organization’s systems are being compromised. KPMG. Health Care and Cyber Security — Increasing Threats Require Increased Capabilities. 2015. Available at http://www.kpmg-institutes.com/institutes/healthcare-life-sciences-institute/articles/2015/08/health-care-and-cyber-security.html. Accessed December 8, 2016.
Previous Presentation
Authentication best practices
Authentication best practices

Health care entities are taking a closer look at ways to strengthen and safeguard their authentication meth...

Next Article
Authentication — A vulnerability in your practice?

Under the ever-present threat of an attack by cyber criminals, health care entities are taking a closer loo...

Podcast: Tech, Telemedicine, Tomorrow