Lessons to Learn From Yahoo Data Breach

December 8, 2016

Yahoo’s recent data breach of over one billion user accounts emphasizes the importance for health care organizations to take a proactive approach to cyber security.

The breach went undetected for three years and is considered the largest in history. It is an example of how an undetected breach can spiral out of control.

Contributing to Yahoo’s inabilities to detect the breach, cyber security professionals told USA today that Yahoo lacked a concern for security and were arrogant with their assumption they could manage their security without external help.

“No doubt, there’s an apparent discrepancy between what organizations believe about the adequacy of their cyber security and what the reality is,” says TMLT manager of consulting services, John Southrey.

Undetected cyber breaches are common in the health care industry because many organizations take a “wait and see” approach to data security.

In a KPMG survey of 223 U.S. healthcare executives, 25% stated they don’t have or don’t know their capabilities to detect if their organization’s systems are hacked. (1)

A medical practice (or any connected business) needs a well-designed cyber security strategy that allows for timely detection of intrusions to narrow the window of opportunity for an attacker to exploit their data.

TMLT can help through its fee-based cyber risk management resources. Recently, we expanded those resources by partnering with eSentire, an established IT firm that offers a high-level form of cyber security via managedthreat detection and incident response.

Read more about Yahoo’s breach in USA Today’s article.


  1. In a survey of 223 US-based health care executives conducted by KPMG, only 13% reported tracking known cyber security attacks daily. Additionally, 25% stated they do not have or do not know their capabilities, in real-time, if their organization’s systems are being compromised. KPMG. Health Care and Cyber Security — Increasing Threats Require Increased Capabilities. 2015. Available at http://www.kpmg-institutes.com/institutes/healthcare-life-sciences-institute/articles/2015/08/health-care-and-cyber-security.html. Accessed December 8, 2016.
Previous Article
Need to Step Up Your Cyber Security Monitoring? TMLT and eSentire Can Help

For physicians or groups who want a higher level of cyber security monitoring, TMLT is now partnering with ...

Next Article
Risk Alert and Closed Claim Study — Wernicke's Encephalopathy after Bariatric Surgery

The TMLT claims and risk management departments have seen an alarming increase in the number of claims file...

WEBINAR: Budgeting for HIPAA & Cyber Security

Learn More