John Hultquist, Ben Read, Oleg Bondarenko, and Chi-en Shen of FireEye explain: In early 2019, FireEye Threat Intelligence identified a spear phishing email targeting government entities in Ukraine. The spear phishing email included a malicious LNK file with PowerShell script to download the second-stage payload from the command and control (C&C) server. The email was…
Category: Phishing
WA: RS Medical notifies patients because an attacker potentially had access to their information
On April 7, RS Medical disclosed an incident that had the potential to compromise patient information. A copy of the notification from the Vancouver, Washington entity, obtained by DataBreaches.net, indicates that the attacker may not have been particularly interested in patient information, though: The primary purpose of the breach, as determined by internal investigation, was…
25% of Phishing Emails Sneak into Office 365: Report
Kelly Sheridan reports: One in every 99 emails is a phishing attack, and a new study shows 25% of those phishing attacks bypass default security measures built into Office 365, researchers reported today. The data comes from Avanan’s Global Phish Report, which analyzed 55.5 million emails sent to Microsoft Office 365 and Google G Suite…
Two newly revealed phishing attacks in 2018 potentially compromised 41,000 patients’ ePHI
Every time I think I’m ready to total out the March data on health data attacks or incidents, another incident pops up belatedly on HHS’s site. This time, there were two reports that I had to add yesterday. One was a report from Palmetto Health in South Carolina (now part of Prisma). Palmetto reported that…
MA: Baystate Health suffers data breach affecting 12,000 patients
AP reports: A Massachusetts hospital says a data breach exposed information about some 12,000 patients. Baystate Health of Springfield said Monday that a phishing incident resulted in unauthorized access to the email accounts of several employees between Feb. 7 and March 7. The hospital says the accounts included patient names and dates of birth, certain…
Health data breaches due to external actors continue to predominate recently.
Because I’m at a conference, it’s been hard to update a lot, but here are a few of the health data breaches I’ve spotted this week: Main Line Endoscopy Centers in Pennsylvania announced that it recently mailed notifications to patients whose personal information was in an employee’s email account a t the time that the…