Magellan Health Data Breach Victim Tally Reaches 365K Patients

[InfoSec News <alerts () infosecnews org>]

https://healthitsecurity.com/news/magellan-health-data-breach-victim-tally-reaches-365k-patients

By Jessica Davis
Health IT Security.com
July 7, 2020

July 07, 2020 - The extent of the ransomware attack that hit Arizona-based 
Magellan Health in April became clear this week, with eight Magellan Health 
affiliates and healthcare providers reporting breaches stemming from the 
incident to the Department of Health and Human Services. The breach reporting 
tools shows about 365,000 patients were affected.

In April, the Fortune 500 company was reportedly the victim of a sophisticated 
cyberattack, in which hackers first exfiltrated data before deploying the 
ransomware payload. By leveraging a social engineering phishing scheme that 
impersonated a Magellan client, the attackers were able to gain access to the 
system five days before the ransomware attack.

The investigation determined hackers first installed malware able to steal 
employee credentials and passwords to gain access to the affected server. 
Patient data was also compromised in the event, including health-related 
information such as health insurance account data and treatment information.

The attack was contained to a single corporate server, which compromised the 
data of current employees and a trove of sensitive patient data, from Social 
Security numbers and W-2 information, to taxpayer identification and employee 
ID numbers.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/