2 min read

Montana hospital leaks 129,000 patient records in sophisticated phishing scam

Filip TRUȚĂ

October 23, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Montana hospital leaks 129,000 patient records in sophisticated phishing scam

A healthcare provider in Kalispell, Montana has suffered an embarrassing data breach resulting in the leak of 129,000 health records, exposing patients to identity theft and fraud.

Kalispell Regional Healthcare learned of the breach in June, but an investigation suggests the phishers started collecting patient records as early as May 24. A notice sent to patients by the healthcare institution, obtained by local news outlet Flathead Beacon, reveals that the phishing attack was targeted and coordinated.

Multiple employees had unknowingly provided their email login credentials to the phishers. The scammers were then able to access patients” personal information, including name, address, medical record number, date of birth, telephone number, email address, medical history and treatment information, date of service, treating and referring physician, medical bill account number and/or health insurance information. The hospital says as many as 250 patients may have had their Social Security numbers accessed as well.

Chief Executive Officer and President Craig Lambrecht said in the letter to patients that the attack was “highly sophisticated.” Upon learning of the scam, KRH immediately disabled the employees” accounts, notified federal law enforcement and launched an investigation with the help of a reputable, New York-based digital forensics firm.

The letter says KRH is offering free credit monitoring services to those affected – as it should in the wake of such a serious data breach – and tells patients how to enroll for monitoring.

Cybercrooks targeting hospitals typically aim for one of two scenarios: extort the healthcare unit (i.e. ransomware); or exfiltrate health records to sell on the dark web to fraudsters. The reason why KRH is shouldering the credit monitoring expense is, of course, to protect patients from fraud.

KRH Director of IT Melanie Swenson said in an Oct. 22 media interview that the unit is very well equipped to prevent and handle cyber-incidents, conducting annual threat assessments and compliance audits. Each year the hospital takes steps to bolster its cybersecurity as cybercriminals become more sophisticated. Nevertheless, by virtue of basic day-to-day operations and “allowing the employees to do their job, there”s always a little window of vulnerability,” Swenson said.

Many studies conducted in recent years underscore the need to conduct regular staff training to spot cyber threats. Phishing remains one of the most prevalent attack avenues for cybercriminals everywhere as employees are typically the first line of defense and, at the same time, the weakest link in an organization”s IT infrastructure.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Common Credentials Criminals Use in IoT Dictionary Attacks Revealed Common Credentials Criminals Use in IoT Dictionary Attacks Revealed
Silviu STAHIE

November 30, 2021

3 min read
Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown
Filip TRUȚĂ

November 29, 2021

2 min read
Social media firms will be forced to unmask online trolls, says Australia Social media firms will be forced to unmask online trolls, says Australia
Graham CLULEY

November 29, 2021

2 min read