2 min read

Montana hospital leaks 129,000 patient records in sophisticated phishing scam

Filip TRUȚĂ

October 23, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Montana hospital leaks 129,000 patient records in sophisticated phishing scam

A healthcare provider in Kalispell, Montana has suffered an embarrassing data breach resulting in the leak of 129,000 health records, exposing patients to identity theft and fraud.

Kalispell Regional Healthcare learned of the breach in June, but an investigation suggests the phishers started collecting patient records as early as May 24. A notice sent to patients by the healthcare institution, obtained by local news outlet Flathead Beacon, reveals that the phishing attack was targeted and coordinated.

Multiple employees had unknowingly provided their email login credentials to the phishers. The scammers were then able to access patients” personal information, including name, address, medical record number, date of birth, telephone number, email address, medical history and treatment information, date of service, treating and referring physician, medical bill account number and/or health insurance information. The hospital says as many as 250 patients may have had their Social Security numbers accessed as well.

Chief Executive Officer and President Craig Lambrecht said in the letter to patients that the attack was “highly sophisticated.” Upon learning of the scam, KRH immediately disabled the employees” accounts, notified federal law enforcement and launched an investigation with the help of a reputable, New York-based digital forensics firm.

The letter says KRH is offering free credit monitoring services to those affected – as it should in the wake of such a serious data breach – and tells patients how to enroll for monitoring.

Cybercrooks targeting hospitals typically aim for one of two scenarios: extort the healthcare unit (i.e. ransomware); or exfiltrate health records to sell on the dark web to fraudsters. The reason why KRH is shouldering the credit monitoring expense is, of course, to protect patients from fraud.

KRH Director of IT Melanie Swenson said in an Oct. 22 media interview that the unit is very well equipped to prevent and handle cyber-incidents, conducting annual threat assessments and compliance audits. Each year the hospital takes steps to bolster its cybersecurity as cybercriminals become more sophisticated. Nevertheless, by virtue of basic day-to-day operations and “allowing the employees to do their job, there”s always a little window of vulnerability,” Swenson said.

Many studies conducted in recent years underscore the need to conduct regular staff training to spot cyber threats. Phishing remains one of the most prevalent attack avenues for cybercriminals everywhere as employees are typically the first line of defense and, at the same time, the weakest link in an organization”s IT infrastructure.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read