Blog Case Study: UnityPoint Health Breach
UnityPoint Health, a multi-hospital group who serves Iowa, Illinois, and Wisconsin, is now entertaining the unfortunate task of informing over 1.4 million patients to the second data breach the organization has suffered this year alone. To be clear, it’s not just the second breach; it’s the second breach initiated through a phishing attack.
The first breach, in April of this year, had employee email accounts phished which lead to the compromise of birth dates, Social Security numbers, medical record numbers, treatment information, diagnosis data, lab results, medications, providers, insurance information and important medical appointments.
The second breach also targeted employees, while adding debit/credit card payment information to the already staggering list of exposed information.
According to the release to patients, the UnityPoint Health’s business email system was hit by a series of targeted phishing attacks that appeared to be sent from a high-level executive at UnityPoint Health to employees. One, you read that right, one employee fell for the attack, granting hackers full access to all internal email accounts from March 14th to April 3rd.
After a forensic investigation, law enforcement believes the attack was financially motivated; with hackers likely trying to use the email system to divert vendor or payroll payments for their financial gain.
In response to the breach, UnityPoint states they have implemented a multi-factor authentication system to verify the users before accessing their accounts. Besides this, the organization has reset all passwords of the compromised accounts, conducted mandatory phishing education to all employees and added additional security tools to aid in the identification of suspicious emails.
Unfortunately, as they say in medicine, prevention is always superior to a cure. UnityPoint is now faced with two class-action lawsuits that will inevitably cost the organization far more than any preventative cyber-security measures that should have been taken years earlier.
At Packetlabs, it’s our firm belief that information security, in any organization, should be considered as integral as insurance where risk is involved. Contact us to learn more about how we can help.
Featured Posts
June 12 - Blog
What is an Initial Access Broker?
What is an initial access broker? With the emergence of Ransomware as a Service, operators often rely on initial access brokers to obtain an initial foothold on the network. Learn more today.
May 31 - Blog
New Ransomware Technique Emerges: Fake Ransomware Support
A new ransomware scam uses fake tech support tricking victims into paying for their files back: a novel technique designed to socially engineer victims among a number of fake ransomware attacks.
May 23 - Blog
Attack Surface Mapping for Proactive Cybersecurity
What is the Attack Surface and why does it matter? This article outlines the process of Attack Surface Mapping to ensure a comprehensive and proactive cybersecurity program.
