An incident at Rightway Healthcare resulted in a breach of sensitive health information of almost 5,000 Okta employees. It’s the latest in a series of security woes for the IAM provider.
This is the latest in a series of security woes to hit Okta or its customer environments since late July. Although this latest incident involves a third-party vendor, it underscores the need for security diligence across all systems.
“Third-party risk is hard for any organization to manage and in this case it was a third-party, not Okta, that was breached,” John Bambenek, principal threat hunter at Netenrich, said via email. “I should hope for their employees’ sake that they are taking this event seriously, and looking at what they can do to shore up the sensitive data that they are having their third-party vendors process on their behalf.”
The Rightway breach comes less than two weeks after Okta reported a threat actor intruded its support system with a stolen administrator account credential, resulting in multiple downstream attacks against Okta customers.
“Even though the breach originated from a third-party vendor, Rightway Healthcare, it still underscores the need for robust security measures and ongoing vigilance,” said Sarah Jones, cyber threat intelligence research analyst at Critical Start, in an email. “The ability to protect employees and customers is interconnected.”
The single sign-on provider is a high-profile target with 18,400 business customers. In 2022, Okta was hit by a phishing attack, a breach and had its GitHub source code stolen.
“We were not provided complete details about this cyberattack from Rightway,” an Okta spokesperson said via email. “All they shared was that a threat actor carried out the attack by gaining access to a Rightway employee’s cell phone, which was then used to change credentials and access the files.”
The attack exposed the personal information of almost 5,000 current and former employees that worked at Okta between April 2019 through the end of 2020. Dependents on Okta employees’ healthcare plans were also impacted, but Okta declined to say how many the incident affected.
Okta had 5,806 employees as of July 31, according to a form 10-Q filed with the Securities and Exchange Commission for the quarter ending July 31. Okta directly informed current and former employees impacted by the third-party attack on Wednesday, and “we are reviewing our relationship with Rightway,” Okta’s spokesperson said.
Okta disclosed the breach almost three weeks after Rightway informed Okta, but noted that timing fell within the 30-day regulation for notification. “There were 27,000 records to sort through and deduplicate, which can be manual and take time,” the Okta spokesperson said.
