Phishing is perhaps the main data safety threat confronted by healthcare companies. The last few weeks have seen many attacks informed by healthcare companies, with the newest healthcare phishing attack among the most severe, having impacted up to or equal to 16,562 patients.
Chase Brexton Health Care informs that the attack happened on August 2 and August 3, 2017, when several phishing electronic mails were transported to the inboxes of its workers. Phishing attacks usually take the shape of fake invoices and false package delivery notices, even though these emails were supposed to be reviews. After workers completed the reviews they were needed to insert their login info. Four workers fell for the trick and disclosed their user account identifications.
The phishing attack was found on August 4 and access to the workers’ accounts was obstructed. Nevertheless, on August 2 and 3, the reports of those workers were accessed and the assailants re-routed worker payments to their own bank accounts.
Although the purpose of the phishing attack didn’t seem to be to access patient info, it’s probable that a few patients’ PHI was seen and possibly thieved. Chase Brexton Health Care has alerted patients of the breach and notified them that PHI access isn’t doubted, even though out of an abundance of care, patients are being provided free identity thievery repair facilities.
The kinds of information possibly undermined was restricted to names, dates of birth, addresses, provider name, patient ID numbers, service location, diagnosis codes, line of service, medication details, visit descriptions, and insurance information.
The inquiry into the attack is ongoing, and although particulars of the assailants’ bank account are identified, the people accountable for the attack haven’t been known. A third-party has been hired to carry out an inquiry into the attack.
Besides obstructing access to the undermined accounts by altering passwords, Chase Brexton Health Care has applied a new electronic mail junk filtering solution to enhance defense against phishing attacks, workforce have received extra training, and new safety rules have been applied.