Roper St. Francis Healthcare Phishing Attack Sees 13 Accounts Compromised

A massive phishing campaign targeting Roper St. Francis Healthcare has seen attackers gain access to the email accounts of 13 staff members.

The phishing attack was discovered on November 30, 2018 and actions were taken to block access to a corporate email account. The investigation into the breach showed further email accounts had been accessed. The affected accounts were logged onto by the hacker between November 15 and December 1, 2018.

An external computer forensics consultancy was brought in to investigate the breach, which showed some of the compromised accounts included patient information including names, medical record numbers, health insurance data, details about services received from Roper St. Francis Healthcare, and for a restricted number of patients, Social Security numbers and financial details.

All impacted patients were contacted via mail on January 25, 2019 and have been offered complimentary credit monitoring services. While PHI may have been accessed, no reports have been received to suggest any PHI has been improperly used.

The HHS’ Office for Civil Rights (OCR) breach portal states that the compromised email accounts contained the personal and health information of 35,253 clients.

Phishing Attack at Minnesota Department of Human Services Affects 3,000

Minnesota Department of Human Services Commissioner Tony Lourey has revealed that the email account of a county employee has been compromised due to a response to a phishing email.

The account was logged onto by the hacker in September 2018. The account was used to send additional phishing emails to the employee’s contacts.

A review of the compromised account showed it included information such as names, phone numbers, email addresses, birth dates, and information regarding child protection services. Overall, the personal information of almost 3,000 people was potentially compromised. 30 people also had their Social Security number, driver’s license number and/or financial information obtained.

The phishing attack was discovered the next day and remote access to the account was disabled. The delay in sending notifications was due to the time taken to overlook the emails in the account.

Since the attack happened, a new tool has been used to block phishing emails and employees have been given more training.

Author: Maria Perez