All is relatively well here at
Woesnotgone Meadow, where everyone has above average bandwidth.
In the Meadow, our residents generally are healthy. Occasionally, we have an issue
when someone gets sick or hurt. Last May, Jerry slipped on ice and fractured
his ankle. When these occur, there may be a brief or longer visit at a
healthcare facility. These facilities over the last few years have been a
target for attackers, as they attempt to breach their system. One such
institution is the Roper St. Francis Healthcare facility.
The Roper St. Francis Healthcare facility is based in Charleston, SC. The healthcare
facility was targeted for a phishing attack on a rather large scale. The types
of attacks have been relatively steady and popular over the last five years. In
this case, there were 13 employee email accounts that were successfully
compromised. The successful attack was detected on November 30, 2018. In this
case, it is fortunate that the hospital’s operations were not affected. Also,
the hospital’s electronic medical records (EMR) were not accessed.
Once detected, the hospital responded quickly. One of the first moves was to block
access to corporate accounts. They then began the forensic review. The review
noted the compromise was open and active from November 1, 2018, through
December 1, 2018. The end date is the day after this was discovered. The
hospital also contracted with a third party for a thorough forensic review. The
third party in-depth review indicated a number of the compromised email accounts
did contain confidential data and information. This data included the patient’s
name, medical record numbers, health insurance information, and medical record
information. For a portion of these, the patient’s social security number and
financial information were also exposed.
The affected patients were notified by mail on January 25, 2019. The hospital also
posted a notice on its website on January 29, 2019. The affected patients were
offered complimentary credit monitoring services. Internally the healthcare
facility is strengthening the email cybersecurity and providing continuing
education for this type of attack. These steps are prudent and necessary to
prevent, as much as possible, for this to occur again.
This successful attack once again shows the weakest link, in general, is the use.
There also needs to be better and regular training to watch for this, along
with a more robust defense.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are
always using the latest version.
Resources
Balchunas, C. (2019, February 4). Roper st.
francis phishing attack: What did hackers get access to? Retrieved from https://abcnews4.com/news/local/roper-st-francis-phishing-attack
Davis, J. (2019, February 4). Roper st. francis,
valley professionals phishing attacks breach patient data. Retrieved from https://healthitsecurity.com/news/roper-at-francis-valley-professionals-phishing-attack-breach-patient-data
Dissent. (2019, February 4). SC: Roper st.
francis notifying patients after employee fall for phishing attack. Retrieved
from https://www.databreaches.net/sc-roper-st-frances-notifying-partients-after-employees-fall-for-phishing-attack/
HIPAA Journal (2019, February 4). 13 accounts
compromised in roper st. francis healthcare phishing attack. Retrieved from https://www.hipaajournal.com/13-accounts-compromised-in-roper-st-francs-healthcare-phishing-attack/
Phillips, P. (2019, January 29). Roper st. francis
healthcare notifies patients after employee emails compromised. Retrieved from http:///www.live5news.com/2019/01/29/roper-st-frances-healthcare-notifies-patients-after-employee-emials-compromised/
Staff Report. (2019, February 5). Roper st. frances employee
emails compromised. Retrieved from https://charlestonbusiness.com/news/health/75936/
No comments:
Post a Comment