29 Michigan health system employees fall victim to phishing attack, exposing patient data

[Destry Winant <destry () riskbasedsecurity com>]

https://www.beckershospitalreview.com/cybersecurity/29-michigan-health-system-employees-fall-victim-to-phishing-attack-exposing-patient-data.html

Twenty-nine employees at Munson Healthcare fell victim to a phishing
attack that allowed an unauthorized third party access to patient
data, according to the Cadillac News.

In a news release, the Traverse City, Mich.-based health system said
officials had noticed suspicious activity in employee email accounts.
After an investigation in January, Munson Healthcare determined that
the unauthorized third party had access to the email accounts between
July 31 to Oct. 22, 2019.

It's unclear how many patients were affected. Patient data that may
have been exposed included names, dates of birth, insurance
information and treatment information. A limited number of financial
account numbers, driver's license numbers and Social Security numbers
may have also been affected.

Munson Healthcare did not discipline any of the employees for the
phishing attack, according the Cadillac News. Rather, employees
underwent additional cybersecurity training. Munson Healthcare also
implemented additional technical safeguards to ensure a similar
incident doesn't happen again.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange