Aultman Health Foundation has revealed that more than 42,000 patients’ personal data may have been breached after a number of employees’ email accounts were accessed by unauthorized individuals.
The incident was first noticed on March 28, 2018. An investigation was immediately launched, and later revealed that the unauthorized access had occurred in mid-February and late-March of 2018.
Data within the affected email accounts included names, addresses, dates of birth, Social Security numbers, driving license numbers, and medical histories.
Upon discovery, the compromised email accounts’ passwords were reset. In addition to this, security features on email accounts are being increased, security monitoring procedures have been strengthened, and staff are receiving security training.
At this time there is no evidence to suggest that any of the compromised data have been used inappropriately. Those affected are being informed and have been advised of precautionary measures they can take to protect their information. Complimentary credit protection is being provided for those who had their Social Security numbers or driving licenses breached.
With phishing attacks on the increase, particularly in the health care sector because of the volume of personal data that organizations hold, this example highlights the importance of training.
The most important line of defense against a phishing attack is the email recipient. If your staff are able to identify and correctly respond to a malicious email, the danger can be mitigated.
Increase phishing awareness
Our Phishing Staff Awareness Course gives your staff an introduction to phishing scams, and helps reduce the chance that an employee will hand over confidential information, or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.
To determine how vulnerable your organization is to the threat of phishing, consider running a Simulated Phishing Attack. This service provides an independent assessment of employee susceptibility, and benchmarks your security awareness campaigns.