• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Healthcare Data Incident

October 11, 2019 By Emil Hozan

In June 2019, The Methodist Hospitals, Inc. identified unusual activities within employee email accounts. They immediately started an investigation, working with third-party forensic investigators to assess the scope of the issue at hand. On August 7, 2019, the investigation revealed that two employees fell victim to a phishing email that allowed an unauthorized actor access to their email accounts.

One account showed unauthorized access on June 12, and from July 1 to July 8, 2019. The other account displayed unauthorized access from March 13 to June 12, 2019. Though there is no evidence of attempted misuse at this time, The Methodist Hospitals, Inc. could not rule out that sensitive data may have been accessed during these times.

The information that was involved includes, “…name, address, health insurance subscriber, group, and/or plan number, group identification number, Social Security number, driver’s license/state identification number, passport number, financial account number, payment card information, electronic signature, username and password, date of birth, medical record number, CSN number, HAR number, Medicare/Medicaid number, and medical treatment/diagnosis information.”

 

Key Takeaways and Lessons Learned

Phishing training is important, especially for HR and other employees who may work with outside parties. In fact, continued training and examples of real-life phishing emails may just help unsuspecting victims not fall prey to these attacks. Our own Trevor Collins explains a recent experience he had with a Netflix phishing email.

In addition, combining a multi-factor authentication solution with any able service is highly recommended. When used together, compromised passwords aren’t as big of a concern as they are without that additional approval factor. WatchGuard’s AuthPoint uses push notifications to inform users of login attempts. This action permits or denies access to said service. Stay safe and be vigilant, folks.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Healthcare, personal health information, Phishing

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use