28,000 Patient’s PHI Got Exposed as a Result of MJHS Phishing Attack

In a few weeks before, it has been a wave of phishing attacks on the information of healthcare companies. Due to the enhances threats, the Department of Health and Human Services’ Office for Civil Rights issued notice to the healthcare companies, empathizing them to increase their security checks using regular training sessions of the workers and implementation of new rules.

Phishing attack is one of the attack in which malware is successfully transferred to the devices and this results in the stealing of sensitive information. The email accounts hold a huge information about the patients, it is the information that can be used to commit different crimes and frauds. Such attack plans have been conducted in different time to access to the email accounts and retrieve the data successfully.

In this case of MJHS, the main purpose of the suspicious actor is still not known. Luckily the sudden and rapid identification of the theft and attack rendered the activities of the attacker and provide him little space to work. The affected email accounts were recovered quickly before it’s working to sent emails, but it is possible that attacker may view the PHI of patients.

On 6th June, 2017 MJHS came to know that the attacker got access to email accounts of various working people in Elderplan Inc. While on 14th of June 2017, they ensured that the attacker got access to only on one email account of an employee working in MJHS.   For this issue, MJHS called a third party for the sake of investigation and estimation either any email got accessed or sent to any other account? The third party was unable to found that how any criminal activity to gain access to MJHS and Elderplan’s accounts was possible even within the short time period.

The email investigation in different accounts stated that the information was about the names, the Medicare numbers, diagnoses, and dates of treatment, insurance information and the places of the treatment. MJHS informed the affected people about phishing attack, the organization also offered them credit monitoring services for a year via Kroll.

Further, MJHS also informed to the people that they did not get any proof of stolen, viewed or misuse of the PHI. Now the Phishing attack’s information has been forwarded to Office for Civil Rights. According to the report, among the affected people 22,000 were Elderplan members while 6000 were the MJHS patients.