ECIST notifying individuals about possible personal information breach

East Central Indiana School Trust (ECIST) has begun notifying over 3,200 individuals about exposure of some of their PHI (Protected Health Information) due to the recent phishing attack.

ECIST's ongoing investigation on this recent phishing email incident determined that on May 19 of this year, one ECIST employee became victim of a phishing email and reveals his/her email account credentials, thus providing the attacker access to his/her email account. This breach was discovered on May 22, and the compromised email account was secured promptly.

The investigation has been launched with assistance of one third-party computer forensics firm, in order to assess scope of this incident and determine whether the patient information has been stolen or compromised in the attack.

The investigation has revealed that one unauthorized person was having access to that compromised employee email account in between May 19, 2019, and May 22, 2019. Further, the officials said that they determined the unauthorized person has possibly viewed some email messages in that compromised email account.

ECIST conducted a complete search of those email messages and then determined on Jul. 5, 2019, that some emails or attachments provide information about the services ECIST performs as trust, including the information on a few of their members' employees along with their dependents. The compromised data contains the names of employees' and dependents', dates of birth, medical information, driver's license numbers, Social Security numbers, health insurance information, and/or prescription details.

ECIST began mailing the letters on Sep. 3, 2019, to those individuals whose information has been found in the compromised employee email account. Moreover, ECIST is offering free identity protection and credit monitoring services to those individuals, whose driver's license or Social Security number was present in the compromised email account. ECIST in their notice also said that "we apologize for any concern or inconvenience this incident may cause. We are committed to protecting the confidentiality and security of the information we receive".

ECIST further said that this incident didn't affect all Members' employees of ECIST, but only those individuals who had their information in the compromised email account.

To prevent this kind of attack from taking place in future, ECIST has been implementing additional procedures for expanding and strengthening their security processes. Besides, ECIST is also providing continued education as well as training to their staff.

» SPAMfighter News - 9/20/2019