A a few-healthcare facility health process in West Virginia has become the victim of a organization email compromise (BEC) scam that began with a phishing attack.
Monongalia Wellness Method, Inc. (MHS) experienced no notion that its cybersecurity defenses experienced been penetrated till a seller described not acquiring a payment from the healthcare supplier on July 28, 2021.
An investigation was released, which established that menace actors had compromised many email accounts belonging to MHS staff between May perhaps 10, 2021, and August 15, 2021, getting unauthorized access to e-mails and attachments.
Threat actors applied one account belonging to an MHS contractor to impersonate Monongalia Health Technique and try to fraudulently obtain cash by wire transfer.
Monongalia Wellbeing Procedure, whose affiliated hospitals are Monongalia County General Hospital Corporation, Preston Memorial Hospital, and Stonewall Jackson Memorial Hospital Organization, issued a info security observe Tuesday.
In the notice, MHS claimed that although the danger actors had not accessed the healthcare provider’s electronic wellbeing data process, some client and personnel information that was saved in the compromised email accounts experienced been breached.
This data involved names, Medicare wellbeing coverage assert numbers (which could have Social Security quantities), addresses, dates of beginning, affected person account figures, wellness insurance plan member ID quantities, clinical record numbers, dates of services, provider names, claims details, professional medical and clinical therapy details, and/or status as a recent or previous MHS client.
MHS has begun mailing observe letters to people whose information may perhaps have been involved in the security incident.
“From a technology viewpoint, employing verification of domains and senders’ email addresses, although not commonly applied, is a rapid take care of to authenticate domains and emails to decrease the risk of an attack by a ‘doppelganger domain,’” commented KnowBe4’s security recognition advocate, James McQuiggan.
He included: “For the human ingredient, a robust security consciousness system educates employees to be knowledgeable of the crimson flags, location faux email messages, test the email address, and validate the user by explicitly asking by yourself if you have been expecting the email.”
MHS explained that it “is continuing to overview and enrich its current security protocols and practices, together with the implementation of multi-factor authentication for remote accessibility to its email system.”
Some parts of this article are sourced from: