Two phishing attacks on Minnesota DHS breach 21,000 patient records
For more than a month, two separate employee accounts were compromised by the cyberattacks before the IT department discovered the hack.
Source: Healthcare ITNews | By Jessica Davis October 12, 2018
Two employees of the Minnesota Department of Human Services fell for phishing attacks, which potentially breached 21,000 patient records over the course of more than one month.
The first email compromise began on June 28, the second on July 9, but officials said the IT department did not discover the hack until August. The subsequent investigation could not determine whether the hackers were able to access or copy the emails. Both accounts were secured upon discovering the hack.
Most of the patients impacted by the breach had interacted with the State Medical Review Team, while others had received services from the DHS Direct Care and Treatment facilities. The emails in question contained names, addresses, phone numbers, Social Security numbers, employment information and other personal data.
Other employees may have also been targeted by the phishing campaigns and officials have yet to confirm whether any other employee clicked on the malicious links. Minnesota DHS is still investigating the breach.
Attempted phishing campaigns targeting Minnesota’s executive agencies, including DHS, have increased in the past several months, according to officials. DHS is continuing employee education around email best practices and security event response.
Phishing attacks have plagued the healthcare sector throughout the year, and far too often, it takes at least a month for those victims to discover it. Just this month, California-based Gold Coast Health Plan began notifying 37,000 patients that a phishing attack breached their data for more than a month.
In July, another state agency, Manitowoc County, breached PHI for three months after a hacker hijacked an employee email account using a phishing scheme.
Employee education helps staff better recognize these malicious emails, but often hackers use highly targeted methods that make it tough to detect. Detection is crucial when a hacker is successful, which takes solid network monitoring and access control management tools.