Morehead Memorial Hospital has announced that it fell victim to a phishing attack after two employees’ email accounts were compromised.
Data said to have been compromised included former employees’ and patients’ treatment overviews, health plan information, health insurance payment summaries, and a limited number of Social Security numbers. There is no evidence at this time to suggest the information has been misused. All those affected were notified on September 15, 2017, by a letter that explained what had happened and offered free identity monitoring services for a year.
Upon discovery of the incident, Morehead Memorial Hospital “cut off access to the affected accounts, issued a network-wide password reset, and engaged top-tier forensic consultants to conduct a full investigation.” The relevant authorities have also been informed and an investigation will commence in due course.
In a statement Morehead Memorial Hospital said:
To help prevent an attack like this from recurring, we are enhancing additional security measures to protect our systems, and we are providing additional training to our staff so that they are better prepared to identify potentially fraudulent communications.
Those affected have been advised to carefully review their credit reports as a precaution and to contact the credit agency immediately if they notice anything untoward.
Phishing attacks are increasingly popular within the health care sector because of the volume of personal data that organizations hold. Phishing attacks are generally increasing in volume and sophistication, so it is essential to provide employees with sufficient training.
How to protect your organization from phishing attacks
No matter how effective your spam filter is, a spoof email could bypass it, making your organization’s staff the last line of defense against fraud. It is therefore vital that your staff are aware of the risks of phishing emails. E-learning courses are an efficient, cost-effective method of training all your staff with minimal disruption.
Our Phishing Staff Awareness Course gives your staff an introduction to understanding and spotting phishing scams, and helps reduce the chance that an employee will hand over confidential information or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.