Aspire Health provides in-home services for patients with critical illness residing in Nashville, TN. Aspire Health had a phishing attack resulting to the unauthorized access of the email account of one employee. Using the accessed email account, the attacker emailed 124 messages to a different email account. Many the sent messages contained the patients’ protected health information (PHI) plus sensitive and private information and records.
Aspire Health’s spokesman stated that the administrators already mailed breach notifications to a number of of its patients, but the actual number of affected patients who received the notifications was not mentioned. There is no post yet on the Department of Health and Human Services’ Office for Civil Rights’ regarding the data breach on its breach website portal.
Much like a lot of phishing attacks, the employee got a message in his email inbox that has a hyperlink to a website where he was tricked to disclose his login details. The web page was merely made on August 28, 2018. It seems that it originated from the Russian Federation. The employee accessed the site on or around September 3, 2018 and he found out that his email account was compromised on September 3. The site has been tagged as likely malicious by Google.
The breach was investigated not just to figure out if PHI was accessed but to know who is to blame for the attack. A federal court motion had to be filed in order to get Google to disclose more facts concerning the hacker.
The hacker forwarded the messages to a Gmail account and Aspire Health is convinced that Google has the important information that will identify the hacker and know if the forwarded messages were opened. As per The Tennessean, Aspire Health attempted to get Google to give the information regarding the website owner and the email account subscriber but Google preferred to have a subpoena.
Aspire Health may become successful in identifying the attacker; but it would be more challenging to bring the person to justice.