Alive Hospice Falls Prey to Phishing Attacks

Two employees of Alive Hospice based in Tennessee, fell victim to a phishing attack. This potentially breached the patient data for 1 to 4 months. While reviewing its email system on 15th May, unauthorized access to the email accounts of two employees was discovered by the officials.

Once they discovered about the breach, the passwords of the impacted users' were changed by Alive Hospice for blocking third-party access, on the very first hand. They contacted the third-party forensic investigators for determining the nature and overall scope of the breach.

In the investigation, it was discovered that first email account got hacked around 20th December 2017, whereas the second email account got hacked around 5th April 2018. Both the email accounts analysis revealed that they contained patients' personal information. Individual(s) responsible for this attack may have accessed this information.

The information type which was accessed varied for every patient, and contained huge amount of sensitive information, which included patient's state identification cards or driver's licenses, their Social Security numbers, copies of birth and marriage certificates, their passport numbers, medical histories, financial data, digital signatures, IRS pin numbers, as well as the security questions along with answers.

Further investigation of the breach revealed that there were no proofs that could suggest the information on viewing or downloading of any data by attacker. Besides, there were no reports of any misuse of patients' PHI data. However, the attackers can use this type of information for various activities from medical fraud to sale on the dark web.

As per the officials, the investigation team is continuously working with Alive Hospice for identifying and establishing the resources to assist the impacted patients. Alive Hospice has notified all the impacted individuals regarding the breach by letters, and has offered free identity theft protection and credit monitoring services to those individuals, for one year.

The breach has set an example for the organizations to regularly monitor its systems. The monitoring process not only helps to identify the risk-prone and vulnerable areas, but also helps in deciphering abnormal activities beforehand, on the network. After discovering the breach, Alive Hospice has added extra features to secure its data.

» SPAMfighter News - 8/1/2018