A recent large-scale, sensitive-data leak of more than 5.5 million sites unleashed a LOT of personal information across the Web.
Tavis Ormandy, a Google security researcher spotted and reported a security issue with CloudFlare, a multibillion-dollar startup that runs a popular content delivery network. CloudFlare is used by more than 5.5 million sites, meaning a countless number of people have been affected by this leak.
The information leaked, as reported by FORTUNE, included “private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings.” A wide array of sites were affected.
Some sites include Uber, Yelp, and FitBit. Many of the affected sites used HTTPS, a security measure created to help keep hackers from accessing information in transit. You can visit github.com for a larger list of sites.
Thankfully, CloudFlare responded quickly to Ormandy’s notification and within hours, the security team disabled several features that had caused the problem. However, it took a full week for the security team to completely remediate that issue. Many search engines stored the leaked data in their web crawlers’ caches and the security team worked with search engine employees to scrub the caches.
What does this have to do with HIPAA compliance?
With the requirement for so many usernames and passwords, many people tend to use the same password, or a similar string of passwords. Now that your login credentials could be held by a hacker, you will want to change your passwords, especially for work accounts. Depending on how a work account is accessed by a hacker, it could look like you accessed the information, creating more issues for you and your organization.
For a better understanding of password management and cybersecurity practices in HIPAA Compliance, start using our online HIPAA compliance tool today!