It has been revealed that Chase Brexton Health Care suffered a phishing attack in August after a number of employees received a “bogus employee survey”. Four employees took the bait and completed the survey, which gave the attacker access to their accounts.
A statement from Chase Brexton said:
The unknown perpetrator(s) logged in to these four Chase Brexton employees’ accounts and used their login information to re-route the employees’ paychecks to the unknown perpetrator(s) bank account.
Upon discovery of the breach, access to the compromised accounts was terminated with immediate effect. It is not thought that any patient information included in those accounts was inappropriately accessed.
The statement continued:
Chase Brexton does not believe that the unknown perpetrator(s) looked at any emails that were not related to payroll, however, there is no way to know which messages in the email were or were not read. It was determined that these email boxes did contain personal health information from several patients, including the following: patient name, patient ID number, date of birth, address, provider name, diagnosis codes, line of service, service location, visit description, insurance, and medication information.
Chase Brexton has taken the incident very seriously. It has changed passwords on the affected accounts, hired an investigator, increased email filters, carried out staff training, and increased security protocols. Those potentially affected by the incident have been informed, as have the relevant authorities. As a precautionary measure, those at risk are being offered “identity repair services”. Advice given to potential victims is to monitor accounts and to look out for any “irregular activity”.
The most important line of defense against a phishing attack is the person who receives the email. If your staff are able to identify and correctly respond to a malicious email, the danger can be mitigated. With phishing attacks on the increase, particularly in the healthcare sector, this example highlights the importance of training staff.
Protect your organization and educate your staff
No matter how effective your spam filter is, a spoof email could bypass it, making your staff the last line of defense against fraud. It is therefore vital that they are aware of the risks of phishing emails. E-learning courses are an efficient, cost-effective method of training with minimal disruption.
Our Phishing Staff Awareness Course gives your staff an introduction to understanding and spotting phishing scams, and helps reduce the chance that an employee will hand over confidential information or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.