– Arizona-based Magellan Health is notifying an undisclosed number of its current employees that their data was compromised after threat actors first exfiltrated sensitive data, before deploying a ransomware attack in April.
On April 11, the Fortune 500 company discovered it had fallen victim to a ransomware attack. Hackers first gained access to the Magellan Health network five days earlier, through a social engineering phishing scheme that impersonated a Magellan client.
Upon discovery, an investigation was launched with assistance from a third-party cybersecurity forensics firm. Officials said they determined that before the ransomware payload was launched, the cybercriminals exfiltrated a subset of data from a single corporate server, which included personal data from some of its employees.
The exfiltrated data included names, contact information, employee ID numbers, and W-2 or 1099 information, including Social Security numbers or taxpayer identification numbers. The hackers also leveraged malware to steal login credentials and passwords to a certain number of current Magellan employees.
The incident was reported to law enforcement authorities, including the FBI, and officials said they are currently working closely with those agencies around its investigation. Magellan has since bolstered its security protocols for its network, email environment systems, and personal data.
The attack mirrors recent reports of a spike in double extortion attempts, where hackers first gain access to a network and lie in wait on the victim’s system, stealing data and gaining intel, before launching the final ransomware payload. Check Point and the FBI reported healthcare entities are a prime target for these sophisticated attacks, especially throughout the COVID-19 pandemic.
SAINT FRANCIS HEALTHCARE PARTNERS’ REPORTS “SOPHISTICATED CYBERATTACK”
Saint Francis Healthcare Partners (SFHCP) in Connecticut reportedly fell victim to a “sophisticated cyberattack” in December, which potentially breached the data of about 38,529 patients.
First discovered on December 30, a hacker was able to gain access to some protected health information. However, the notification did not provide details on how access was obtained or where the compromise occurred.
Three months later on March 20, a forensic analysis revealed the extent of data involved in the incident that included patient names, medical histories, medical record numbers, clinical data, treatments, health insurance provider information, prescriptions, account numbers, diagnoses, dates of service, and a host of other sensitive information. Financial data and Social Security numbers were not impacted.
SFHCP officials said they are taking steps to enhance their data security practices.
RANSOMWARE ATTACK ON FLORIDA INTERNAL MEDICINE PROVIDER…
Protection of critical cyber systems: Canada introduces new legislation under Bill C-26
On June 14, 2022 the Government of Canada introduced Bill C-26, An Act Respecting Cyber Se…