Patients of Centura Health Informed about Dangerous Hack
Colorado (US)-based Centura Health (CH), an organization without profit motive, and the owner of Mercy Regional Medical Center, recently dispatched letters to approximately one thousand patients cautioning that there might've occurred one security hack that stole their private data, thus published durangoherald.com, April 28, 2014.
It was noticed that the event took place 11th February, 2014; however, CH became aware about it 21st February, 2014.
It was learnt that the hacked data consisted of patients' Social Security Number, full name, birth-date, address, Medicare beneficiary code, along with phone number. It also contained patients' clinical information, like date-of-treatment, treating doctor's name, diagnosis detail along with medical record details.
Possibly, the hackers infiltrated patients' personal details via carrying out an advanced phishing e-mail assault, which hit the employees of CH. Like always, the hackers attempted at getting the usernames and passwords of the employees during February 2014 after impersonating a credible entity through the e-mail.
A few employees thinking the requests were real answered the e-mails, CH stated in a news release.
As per the organization's website, there wasn't any clue if anybody ever saw else utilize the details written inside the e-mails in any manner. Still, when CH became aware about the hack, the organization lost no time in enforcing the required protective measures so any further incident could be prevented.
Accordingly, the assault was immediately aborted, an investigation was started, a forensics expert hired, education reinforced among staff members about phishing e-mails as well as the measures implemented were carried on to make user login validation stronger.
Now, it's not the first time that a healthcare entity has been targeted with phishing attack; however, CH's case represents simply the most recent incident involving an advance social engineering tactic targeted at certain handful of employees.
Towards the end of March 2014, Tacoma, Washington's Franciscan Health System (FHS) informed 8,300 patients that their data had been hacked in one phishing assault. Just like FHS, Centura stressed that such attacks might appear harmless at a glance, however, it was necessary for being sure if an e-mail was really genuine else from an attacker, therefore employees required maintaining vigilance.
» SPAMfighter News - 5/6/2014