Multiple Email Accounts were compromised in phishing attack on NCH Healthcare System

A phishing attack has been experienced by NCH Healthcare System based in Naples, Florida, in which the patient information might have been compromised.

The NCH Healthcare is now investigating scope of this recent cyberattack on their payroll system. On Jun. 14, 2019, the NCH Healthcare has discovered suspicious activity in their payroll system, and then called a third-party computer forensics firm in order to investigate this breach.

On July 2, 2019, the investigation has revealed that email accounts of numerous employees were compromised because of responding to phishing emails, thus allowing the hacker to have access of those compromised employee email accounts. So, the unauthorized entity may have possibly accessed or copied data of those compromised employee email accounts during the phishing incident.

In email phishing, an attacker disguises as a trusted and reliable entity for sending email to a person who might open it and then provide the sensitive or personal information, like a password.

In an email, Kelly Daly, the NCH compliance officer, has said that 73 employees became victim of the phishing scheme however the security measures of NCH prevented it from being more widespread. The NCH has around 5,000 employees. The officials said that they are still reviewing data from the email accounts, so as to confirm the records that were possibly compromised.

NCH said in their website post that "while NCH has no evidence of actual or attempted misuse of information present in the employee email accounts, in an abundance of caution, NCH is currently undertaking a comprehensive review of the data in those email accounts to confirm what records may be compromised".

The officials are preemptively informing the patients about the possible compromise, while continuing investigating what kind of information is there in the impacted email accounts. Once the investigation is over, the patients will receive the details on impacted data.

The patients have been also recommended to carefully monitor their accounts along with explanation of the benefits statements for signs of the fraudulent activity. In addition, the hospital system also is encouraging the employees to report any kind of suspicious activity to their credit card company or bank.

NCH is currently reviewing the existing security policies as well as procedures, and will report this security incident to appropriate federal and state regulators.

» SPAMfighter News - 8/29/2019