Many people have dismissed the gigantic breach of the Ashley Madison site (which facilitates extramarital affairs) as a case of “they got what they deserved,” but the real issue is privacy, not purity.
The scope of the Ashley Madison breach is indeed mind-blowing: 36 million would-be adulterers from around the globe, and from every American zip code except for three too rural to have the Internet. Yes, your neighbors are among them – and it’s easy to feel puritanical contempt for all those involved. However, the Ashley Madison hack raises broader social and ethical issues.
Suppose there had been a massive healthcare breach that put private procedures on public display: vasectomies, mastectomies, mental health issues, transgender surgeries and the like. Americans have fought and died to protect our right to privacy.
Beyond privacy issues, consider safety concerns… recent experiments showing the compromise of medical devices illustrate just how serious the fallout could be if hackers acquired and publicized health information such as the personally identifiable information of people with pacemakers or insulin pumps.
Every time there’s a major data breach – whether the secrets are amorous, medical or financial – the words of poet John Donne ring true: “Don’t ask for whom the [cybersecurity] bell tolls; it tolls for thee.”
And therein lies the real danger of these high profile hacks- the fall out goes well beyond those whose data was originally compromised. Most members will understandably do anything to keep from being outed, but they’re not the only ones being targeted with spear-phishing emails and blackmail threats; thousands of individuals not connected in any way to the website are now the objects of vicious social engineering attacks playing up on fears of stolen identity and false membership details. There are even bogus sites luring spouses to “find out if your partner is an Ashley Madison subscriber.” They’re then tempted to click on dangerous links or open infected attachments – and the misery continues.
For organizations of all sizes – not just in healthcare – this is a time for increased security vigilance. There are countless spammers, phishers, blackmailers, and thieves who are trying to sneak Ashley Madison emails through your spam filters and other safeguards. Many of these have nothing to do with cheating, unless it’s to cheat your employees and company out of personal and financial data. All your employees – even the virtuous – need to immediately delete any email that references Ashley Madison in any way.
The best defense against malicious spear-fishing and other scams is to establish organization-wide information security processes and procedures, as well as ensure that your workforce training is up to date and ensuring that your staff are not at risk of falling prey to these types of schemes.
If the Ashley Madison breach forces your organization to tighten its info-security policies and procedures, then the whole “affair” will have a silver lining.
Contact us for more information about how we can help you improve your workforce training, policies and procedures or other aspects of your information risk management program.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017
- HIPAA Risk Analysis Tip – #WannaStopCrying - May 17, 2017
- HIPAA Risk Analysis Tip – Part 2 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 14, 2017