RS Medical notifies the patients after experiencing Phishing Attack
Manufacturer of pain relief device based in Vancouver, WA, RS Medical on April 7, 2019, revealed about an incident having potential to compromise the patient information. A phishing attack has been experienced by the manufacturer of pain relief device (i.e. RS Medical), as a result of which an unauthorized individual has accessed email account of an RS Medical employee.
The aim of this phishing attack look as if to gain access of a company account in order to send the phishing emails, instead of obtaining the sensitive patient information. Notification from RS Medical based in Vancouver, Washington, said that "the primary purpose of the breach, as determined by internal investigation, was to obtain an Outlook account from which to launch 10,000 phishing emails".
RS Medical says that after gaining employee credentials and then testing the login so as to ensure that it worked, a phishing attack was launched by the attacker. The attacker has sent around ten thousand phishing emails from the compromised employee email account. As the attacker has sent so many phishing emails from that compromised employee email account, this has alerted the company about the employee email account breach.
The email account breach has been detected inside 2 hours after the account was accessed, and so the password of the compromised email account was changed in order to lock out attacker.
Joseph Basham, the Privacy Officer of RS Medical, writes that "the time the U.P. [unauthorized person] had access to the account totaled less than 2 hours. The likelihood that any PHI was acquired or viewed is low but cannot be disproven".
While access of PHI (Protected Health Information) has not been suspected, it cannot be ruled out either with high level of certainty. As the access cannot be disproved, so the RS Medical has sent notification letters to all the individuals whose Protected Health Information was included in that compromised employee email account. The exposed PHI included names, phone numbers, dates of birth, diagnosis codes, home addresses, and details of medical supplies and equipment that are provided by the RS Medical.
Breach summary on breach portal of HHS' Office for Civil Rights indicates that 1,911 individuals have been affected by this phishing attack.
» SPAMfighter News - 5/3/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!