Quest Diagnostics has now joined the ranks of Marriott, Equifax, Anthem, Home Depot, Yahoo!, and Target – companies that will forever be tarnished by the stigma of a major data breach. On Monday, June 3, Quest Diagnostics reported that it had recently been breached, resulting in the possible compromise of approximately 12 million patients' personal information, including Social Security numbers and credit card information. Adding insult to injury (as well as serious financial and brand damage), it wasn't even Quest's systems that were breached! Quest contracts some of its billing services to American Medical Collection Agency (AMCA) and it was AMCA's systems that were actually breached. But it's unlikely that AMCA will get its 15 minutes of infamy – this incident will forever be known and reported as the "Quest Diagnostics data breach", much like the 2013 Target Data Breach isn't known as the "HVAC Maintenance Data Breach".
The important lesson here is that you can't address cybersecurity in a microcosm. Your cybersecurity strategy must proactively extend across your entire supply chain, value chain, and/or ecosystem. Security and privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), among others, mandate a comprehensive strategy that also addresses security and privacy requirements for your vendors, suppliers, service providers, partners, and other third-party entities with whom you do business.
Valorem Reply's Cybersecurity Assessment offering uniquely incorporates the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework which addresses 23 functional categories of cybersecurity strategy – including Supply Chain Risk Management. We not only look at your technology, but also the people and processes behind it, to help you build an effective cybersecurity strategy to prepare for modern threats.
Contact us today to learn how Valorem Reply’s Cybersecurity Assessment can help you baseline your security, privacy, and compliance posture and plan your cybersecurity roadmap to success – before a data breach exposes the weakest link in your supply chain.