Landry’s has been in the news recently because like so many other companies, they recently fell victim to a successful hacking attack. The company has released additional details about the incident, and it sheds some light on the root causes of the problem they faced.
In their particular case, the hack manifested itself in the form of malware installed on POS machines at selected properties the company managed. The rogue software on these machines allowed the hackers to scan the data on the magnetic stripes of credit cards to pull numbers, expiration dates, and other sensitive financial information.
As for root causes, given the widely dispersed nature of the breach, which occurred worldwide, at scattered locations, the conclusion is that the breach itself was a decentralized attack, and preyed upon the weaknesses of specific locations. The biggest single contributing factor at those locations proved to be merchants who were operating equipment tied to outdated and not updated operating systems.
Some of the locations were found to be using OSs for which Microsoft no longer provides security patches, while others were found simply to be slow to implement existing security patches to their software. Both cases underscore the very real need, and the difficulty in getting merchants to make the switch and upgrade to more protected systems.
Since the breach occurred, Landry’s has implemented new policies and has put a new emphasis on rolling out greater, end-to-end security features designed to minimize the chances of something like this occurring again. This, however, is small comfort to their customers who have already been impacted.
It also underscores the sad reality that even to this day, most companies are in reactive mode, rather than proactive mode where security threats are concerned. There’s a dangerous habit on display of doing nothing until a breach occurs, then rushing to plug the security holes.
We’ve seen the same thing with Healthcare organizations across the country. There is a dangerous attitude of, “It won’t happen to me.” Then, like the Hollywood Presbyterian Hospital, they become the victim of a cyber attack. We are living in a time where we can no longer afford to sit back and wait for something bad to happen. It is absolutely crucial to take a proactive approach to security. The tools are available to us to protect our data. There is no excuse for allowing a lapse in security, and OCR has levied hefty fines on organizations for failing to protect PHI.
Fill In The Form Below for industry news, and information about our services, events, webinars and more.