At a glance.
- Update on Mon Health data breach.
- Michigan Medicine discloses compromise of medical data.
Update on Mon Health data breach.
US healthcare services provider Monongalia Health System (Mon Health), based in the US state of West Virginia, has begun notifying potentially compromised individuals about a cyberincident first detected in December. It has been determined that the threat actors gained access to the organization’s network between December 8 and December 19, and about two weeks later it was confirmed that patient, employee, provider, and contractor data had been exposed in the attack. Security Week notes that although Mon Health has not disclosed exactly how many individuals were compromised, the health system’s report to the US Department of Health and Human Services in December placed the number at around 400,000 victims. The exposed data include names, addresses, birth dates, Social Security numbers, health insurance claim numbers, and medical treatment information.
Michigan medical center experiences employee email account breach.
And in yet another US healthcare breach, academic medical center Michigan Medicine (formerly the University of Michigan Health System) has disclosed that an intruder gained unauthorized access to an employee email account, resulting in the exposure of the medical data of nearly three thousand patients. The attacker infiltrated the account on December 23 and began using it to distribute phishing emails, but the employee did not become aware of the suspicious activity until January 6, at which time they reported the incident to the IT department. The account was immediately disabled and an investigation was launched. “No evidence was uncovered during our investigation to suggest that the aim of the attack was to obtain patient health information, but data theft could not be ruled out,” Michigan Medicine’s statement reads. As such, victims have been advised to be on the alert for any suspicious activity in their insurance statements.
Erich Kron, security awareness advocate at KnowBe4, commented on the criminal uses to which compromised email accounts may be put:
“The use of a compromised legitimate email account is a gold mine for cybercriminals. Once in an email account, the bad actors will often use the accounts to spread malware, issue fraudulent invoices to customers, demand funds transfers or steal information. These attacks from legitimate accounts are very effective because these bad actors will often continue previous email conversations with other people in earlier email chains, many email protections focus on email from external sources, and there is an automatic sense of trust when you receive an email from within your own organization.
"In this case, Michigan Medical appears to have handled the issue well, releasing information in a straightforward and easy to understand manner stating facts about what happened, what they do know and what they do not, and what they are doing about it.
"Because most email account compromises come from clicking on a link in a phishing email, or due to employees reusing passwords across multiple accounts or using simple, easy to guess passwords, organizations can reduce the risk of this sort of attack being effective through training and education. Employees should be taught how to spot and report suspected phishing emails, while also being tested with simulated attacks on a regular basis. They should also undergo training related to proper password hygiene. In addition, enabling Multi-Factor Authentication (MFA) can add additional security to accounts and make it harder for cybercriminals to gain access.”