Phishing attacks have long since plagued the healthcare industry, however, as of late, they have rapidly grown in both frequency and scope. Recent healthcare phishing attacks are discussed below.
What are Healthcare Phishing Attacks?
Healthcare phishing attacks occur when hackers gain access to an organization’s sensitive data through an employee’s email account. This is accomplished by sending an employee, or multiple employees, emails impersonating a trusted entity in the hopes of gaining the employee’s login credentials. As hackers have become more sophisticated in drafting phishing emails, the number of these types of incidents have skyrocketed, especially in the healthcare space.
Phishing and Ransomware
Often, once a hacker gains access to a company’s sensitive data, they either maliciously encrypt the files, or exfiltrate the data. They then demand ransom from the company in exchange for the return of files. In some instances, when the targeted company fails to pay ransom, the hackers will then target individuals whose information was compromised in the attack. The FBI largely opposes paying ransom in these instances as payment does not guarantee that files will be returned, and does not prevent files from being sold on the black market.
Ransom Paid for the Return of Files
Harvard Eye Associates, a surgical eye care provider, was notified on January 15 that their storage vendor had been targeted by a ransomware attack. The hackers exfiltrated data stored on the storage vendor’s network, exfiltrating the data and demanding ransom. As a result of the incident, the hacker potentially accessed the protected health information (PHI) of 29,982 of Harvard Eye Associates’ patients. PHI contained in the exfiltrated files included patient names, addresses, phone numbers, email addresses, dates of birth, medical histories, health insurance information, medications, and treatment information.
After consulting the FBI and a cybersecurity firm, the storage vendor decided to pay the ransom. Upon receiving payment, the hackers returned the stolen files and assured them that they had not made copies of the data.
Healthcare Phishing Attack Affects 34,000 Patients
Grand River Medical Group suffered a phishing attack potentially compromising the PHI of 34,000 patients. Upon discovering the incident, they hired a forensic analysis firm to conduct an investigation to determine whether or not any data had been accessed. Although they could not find any evidence that it had been accessed, they could not rule out the possibility. PHI potentially accessed in the incident included patient names, Social Security numbers, birth dates, addresses, medications, and treatment information. As such, they are offering one year of complementary identity theft protection for patients potentially affected by the attack. To prevent future attacks, Grand River isolated the compromised email account and reset passwords.
Healthcare Phishing Attack Affects 15,600 Patients
On January 5, Granite Wellness Centers discovered that they had suffered a ransomware attack. Upon discovery, they immediately took action by taking their affected systems offline. PHI potentially compromised by the incident included patient names, birth dates, dates of care, health data, and health insurers. Granite Wellness is in the process of restoring files from their backups and is implementing advanced security measures to prevent similar incidents from occurring in the future.
Healthcare Phishing Attack Affects 2,500 Patients
Hackley Community Care suffered a healthcare phishing attack, potentially exposing the PHI of 2,500 patients. It is unclear what types of PHI were contained in the compromised email account, however, Hackley is offering affected patients one year of complimentary credit monitoring services.