Phishing attack the cause of security breach

Beacon Health System of Indiana, which includes two hospitals: Elkhart General Hospital, Elkhart, and Memorial Hospital, South Bend, recently had to notify patients about a security breach.  The breach was caused by a phishing attack targeting employee emails.  An investigation showed that some of the emails were compromised as early as 2013 and the breach was not discovered until March 2015. Among the information accessed were names, Social Security numbers, birth dates, and drivers license numbers.

At this point it goes without saying as to how valuable that information is to cybercriminals. This is why the number of malicious attacks on the entire healthcare ecosystem continues to rise. Notable hacks have targeted everyone from large national insurance companies like Anthem to smaller regional hospital systems and even clinic networks. The thing tying many of these attacks together is the method. Beacon, like Anthem, was the victim of a phishing attack. As the large providers and entities strengthen their security protocols and monitoring, cybercriminals will begin to move down the food chain to seek out easier targets that provide access to critical personal information.

Currently Beacon Health is responding with an ongoing investigation. They are reviewing policies and procedures as well as implementing additional measures to prevent a similar incident from occurring. All potentially impacted individuals are being notified and offered a free year of identity and credit monitoring and restoration services.

The question you have to ask is do you want to clean up a mess? Do you want to have to deal with the compliance costs and negative PR associated with a breach? Or would it make more sense to prevent one through a modest investment in training.

If you’re interested in learning more about ITPAC’s Phishing Testing and prevention training, give us a call today or visit