All is well here at Woesnotgone Meadow, where everyone has
above average bandwidth.
In the Meadow, the residents and families may need to use
county resources every now and again. These various services are readily
available. In the Grand Rapids, MI area there is an agency providing mental
health services. The services are provided by the Kent County Community Mental
Health Authority. The organization is also known as Network 180.
Attack Method
The system was breached on October 28, 2018. The breach was
open for approximately 9 days. The county agency was targeted for a phishing
campaign. This has been seen in abundant
numbers over the last few years as more phishers come online, and users
continue to be click-happy. The phishing emails were above average in
composition and form, as these were created from a legitimate source. Three
employees, lured by the emails, clicked the link or attachment.
Once detected, there was a full investigation. The
investigation was managed by the HIPAA Privacy Officer, HIPAA Security Officer,
IT Department, and HIPAA Legal Counsel. The issue was reported to HHS. The
investigating team, through their efforts, could not definitely state whether
the data was viewed or accessed.
Data
The attackers focused on data and other valuable points in
the system. With this attack, the subject data was encrypted email accounts
(names, addresses, dates of birth, Medicaid, and Medicare ID numbers, Network
180 internal ID numbers, waiver support application ID numbers, provider names,
schools attending or attended, demographic data, names of the patient’s
relatives, ethnicity or race, and patient’s health care provider(s). For
approximately 20 of the 2284 patients, the social security numbers were also
compromised.
Thanks for visiting Woesnotgone Meadow, where the encryption
is strong, and the O/Ss are always using the latest version.
Remediation
The successful attack required a mass password reset. The
organization also needed to update their cybersecurity measures.
Resources
Davis, J. (2019, January 10). Phishing attack hits kent
county community mental health. Retrieved from https://healthitsecurity.com/news/phishing-attack-hits-kent-county-community-health
Dissent. (2019, January 8). MI: Kent county community mental
health authority notifies 2,284 patients after phishing attack. Retrieved from https://www.databreaches.net/mi-kent-county-community-mental-health-authority-notifies-2284-patients-after-phishing-attack/
Hackbusters. (2019, January). Phishing attacks at mental
health organization affects 2284 clients. Retrieved from http://www.hackbusters.com/news/stories/4248385-phishing-attacks-at-mental-health-organization-affects-2284-clients-health-data-management
No comments:
Post a Comment