Due to a phishing attack on August 7, 2019, UAB Medicine is informing its patients regarding the potential access of a number of employee email accounts of UAB Medical Center in Birmingham, AL.
When UAB became aware of the breach, the security team modified the passwords of the breached email accounts to block further unauthorized access. UAB Medicine also engaged a top-notch cybersecurity firm to look into the breach.
After analyzing the breached email accounts, the results showed that account held the protected health information (PHI) of 19,557 patients. The information included names plus at least one information from this list: birth date, medical record number, diagnoses, treatment records and dates and location of service. Some patients also had their Social Security numbers exposed.
Even though UAB Medicine employees had been trained on security awareness and identifying phishing email messages, a number of employees still responded to the phishing emails and disclosed their email account login information. The attackers utilized that data to gain access to the email accounts of the employees not to mention the payroll system. The health system stated that the attackers sent a phony business survey via email which appeared to have been sent from the email account of an executive of the health system.
It looks like that the reason for the attack was to get access to the payroll system and attempt to reroute the employees’ payroll deposits. UAB discovered the attack and prevented the potential rerouting of payroll deposits. Though it is likely that the attackers saw or copied patient records, UAB found no proof of unauthorized access or data exfiltration. There was no report obtained either that say the PHI of patients was misused.
The persons affected by the breach were advised to beware of fake transactions on their statement of accounts and explanation of benefits. They were given one-year complimentary subscription to credit monitoring and identity theft protection services. UAB took the necessary steps to reinforce email security and stop similar breaches from transpiring again.