A phishing attack on East Central Indiana School Trust (ECIST) is the reason for the compromise of some protected health information (PHI) of more than 3,200 men and women.
On May 19, 2019, an ECIST staff was tricked into revealing his/her email account credentials that an attacker employed to access that person’s email account. ECIST discovered the breach on May 22, 2019 and made the account secure.
A third-party computer forensics team looked into the breach and revealed if there was a theft or compromise of patient data for the period of the attack. The forensics team didn’t see any information that the attacker accessed or downloaded email messages in the account, yet the probability that the information was accessed or compromised cannot be sure.
The data in the email account that was exposed included the names of employees and their dependents, Social Security numbers, birth dates, driver’s license numbers, prescription data, medical insurance data, and certain healthcare data.
ECIST already notified the HHS’ Office for Civil Rights regarding the breach, which likely affected about 3,259 trust members’ employees along with their dependents.
Phishing Attack on Fraser
A phishing attack occurred on Fraser, an autism and early childhood mental health service provider located in Minnesota, impacted only one staff’s email account on August 6, 2019.
Fraser discovered the phishing attack immediately and secured the compromised email account after only a couple of hours. Fraser started a breach investigation with the assistance of its IT vendors and established that the attacker accessed customer information.
A Fraser waitlist spreadsheet was discovered in the affected email account. It is made up of the names of customers, internal ID numbers, home cities, ZIP codes, remarks regarding scheduling choices, and specific treatments for which customers obtained referrals.stigation with the assistance of its IT vendors and established that the attacker accessed customer information.
Fraser is updating its processes for the internal sharing of client data and its systems are going to be carefully monitored to make sure that its security solutions are performing appropriately.
The HHS’ Office for Civil Rights breach website says that the breach probably impacted 2,890 men and women.