Salvaging Security: MJ Freeway Struggles To Recover From Data Breach01/25/2017
Understanding the MJ Freeway attack is the key to avoiding future attacks, protecting privacy, and safeguarding public health
Cyberattacks are always dangerous, and when they affect the medical industry, they severely compromise public health and confidentiality. The recent attack on MJ Freeway demonstrates just how sensitive medical data is, reinforcing the need for effective data storage and security:
MJ Freeway is a Colorado-based tracking software company that caters to medical marijuana dispensaries across the United States. On 8 January 2016, the company suffered a severe hack, losing records from more than a thousand of their clients in 23 different states. Such an attack would severely disrupt any business but has been particularly damaging for cannabis dispensaries, as state regulations require them to provide clear records of all sales and inventory changes. Though some affected clients were able to continue business using traditional tracking methods, many had to shut down, depriving their customers of treatment.
In addition to short-term market disruption, the attack also may have compromised the privacy of millions of medical marijuana patients. Because of the negative perceptions associated with cannabis, many medical marijuana users do not reveal their treatments in public. If the attackers stole patient information, they could publicize it at any time. MJ Freeway insists that its client data is encrypted, but many clients are unconvinced, pointing out that the attackers could have stolen the encryption codes. If this is true, the attackers could continue to do damage for months or years in the future.
Whatever ultimately results from the MJ Freeway attack, it serves as a wake-up call for all businesses that handle sensitive information. To minimize your firm’s risk and keep clients’ data safe, remember to:
- Rely On Redundancy– It’s essential to backup vital information in a separate system that is isolated from your primary storage, but can be easily accessed when it is needed. This will allow you to quickly restore service after an attack, minimizing the length and cost of disruption.
- Decrypt Diligently– The information needed to decrypt sensitive data should always be kept separate from the encrypted data itself. This way, even if an attacker is able to steal your data, you can be confident that they will not be able to read any of it.
- Modernize Methodically– Hackers are constantly developing new, more efficient ways to attack you. Old security measures thus quickly become obsolete, requiring you to install new software. Whenever an update is available for your operating system, make it, especially if it relates directly to security.
- Streamline Security– Cybersecurity methods are most useful if you develop a single, consistent policy for all your employees. Set clear rules for the activities employees can perform on company devices or over the office WiFi, and vigorously enforce them. This prevents individual carelessness from compromising your security.