Have you considered 23andMe as your Christmas gift to family and loved ones? I have, until, it was announced by 23andMe that their systems were compromised and millions of users had their data stolen by “hackers”. This data includes their names, addresses, billing information, genetic data, and data about their relatives and family tree. Truly, this is the purest form of identity theft as the literal genetic identities of users, and information about their family tree and ancestry were stolen. Also concerning is the fact that leaked user data may have been circulating for weeks or even months before the company caught the breach and moved to secure their systems. That is why Case Medical is ISO 27001 certified and keeps all our data secure in the cloud, protected from hackers.

The breach at 23andMe was primarily caused by weak passwords and poor security protocols. These weak passwords were used by employees of the company as well as users of the company’s services. Passwords that were simple like, “123456”, or passwords that were shared across multiple different websites and services. Even if a password is complex and unique, if it is used across multiple websites to make remembering logins easier, all it takes is one breach at any of those websites to put all of a user’s accounts at risk. Hackers know this, so once they obtain password data from the dark web, the use bots to test it on all the major web platforms. In the case of 23and Me, they were successfully able to access the data of millions of users. 23AndMe also did not have strong security protocols or intrusion detection. The breach went unnoticed for weeks and months; which is unacceptable given the sensitive nature of the information that the company stores.

Preventing cyber attacks starts with strong network security. Trusting systems are vulnerable systems and everything must be encrypted and protected by role-based user access control. Strong network firewalls and intrusion detection software also go a long way to preventing and detecting attacks. Training for all network users is also critical to prevent the use of simple passwords and password sharing across multiple websites/platforms. Furthermore, policies should be implemented that force passwords to change on a regular basis, so if a breach does occur, there is probability that the leaked passwords will be expired and will not work and access to active passwords can be cut off quickly. At Case Medical, we are ISO 27001 certified, which means we follow all of the above and more (learn more by reading our previous blog post

Since 2016, CaseTrak360 has been ISO 27001 certified. This means that since that time, all development has been secure, all servers are safe/resilient, and all data is protected. This translates into CaseTrak360 being an incredibly tough and reliable program that is virtually immune to cyber security risks. Users of CaseTrak360 can be confident that when they need to use the software, it will work, regardless of the conditions of their own local network. Given that CaseTrak360 is a medical application, this reliability is extremely important; especially given the increased cyber-attacks on medical facilities like ransomware. Furthermore, CaseTrak360 is audited annually by a certified, third-party auditor, to ensure that it is maintaining the rigorous requirements of the ISO 27001 standard. Users of CaseTrak360 can be confident that they are using a product that meets the highest standards for data security. In our modern era of high cybercrime and risk, it is a necessity to follow standards like ISO 27001 to keep data protected and resilient.