Hackers Possibly Had Access to 42,000 Patients Health Data for a Month After Phishing Attack

May 30, 2018


The Ohio Healthcare Supplier Aultman Health Foundation has found a few of its workers have been deceived by a phishing attack that led to the threat actors behind the operation gaining access to numerous electronic mail accounts.

A phishing attack was noticed on March 28, prompting a complete inquiry of the breach. The probe exposed some workers had fallen for the phishing cheat in mid-February. More accounts were then undermined, with access to the affected accounts carrying on until late March when a password reset was carried out.

The safety breach was restricted to electronic mail accounts and the healthcare supplier’s medical record system was not undermined, although the electronic mail accounts did have a variety of health and private information of 42,600 patients of Aultman Hospital, 25 doctor practices, and workers and prospective workers who had earlier been tested by the AultWorks occupational medicine department.

People who had been evaluated by the AultWorks professional medicine department had information such as medical histories, physical examination information, hearing and breathing test information, and demographic information revealed, and in some instances, Social Security numbers and driver’s license numbers. SSNs and driver’s license numbers were only disclosed for people whose companies shared that information with the occupational medicine department, such as those who use SSNs to identify specific people. People whose SSN or driver’s license number was possibly undermined have been offered a year of credit checking facilities without charge.

There has been a flurry of phishing attacks on healthcare companies in the United States in recent months, with many attacks leading to data breaches. These attacks emphasize the requirement for healthcare suppliers to upgrade anti-phishing fortifications, including the use of extra technological controls like junk filters and behavioral checking systems as well as providing regular safety consciousness training to assist workers to find possibly hateful electronic mails and to eliminate dangerous behaviors.

In addition to carrying out a password reset, Aultman Health Foundation has provided additional training to workforce to improve resistance to phishing attacks, added new safety features to electronic mail accounts, and limits have been put in place to make sure workers can only set difficult passwords. The interval between the attack and its discovery has also encouraged Aultman Health foundation to improve its safety checking processes.