Magellan Health is notifying an undisclosed number of employees who information may have been exfiltrated in a ransomware attack.
The attack began with a phishing attack on April 6 that impersonated a Magellan client. On April 11, Magellan discovered the breach, and called in Mandiant to investigate. Their investigation revealed that the attackers had exfiltrated a “subset of data from a single Magellan corporate server.” In “limited instances,” the attacker also used a piece of malware designed to steal login credentials and passwords.
Magellan is unaware of any misuse of the data, and from their description in their letter, it does not sound like any patient data was involved. As they describe it, the exfiltrated records include employee information such as “name, address, employee ID number, and W-2 or1099 details such as Social Security number or Taxpayer ID number and, in limited circumstances, may also
include usernames and passwords.”
As part of its mitigation efforts, Magellan is offering those affect a complimentary three year membership of Experian’s® IdentityWorksSM that provides identity restoration services as part of its package.
Magellan’s notification did not indicate what type of ransomware was deployed.