Medical equipment supplier Solara has begun notifying affected parties of a breach that they discovered on June 28th, 2019. The company launched an investigation after the discovery and found that some employee Office 365 accounts were compromised during the breach that occurred between April 2nd and June 20th, 2019. It is believed that the breach was a result of an email phishing campaign. Stored information on the 365 accounts at the time of the breach may have been accessed by the actors. After a further look, it was determined that the information varied depending on the individual, but likely included first and last names and at least one of the following data elements: name, address, date of birth, Social Security number, Employee Identification Number, medical information, health insurance information, financial information, credit or debit card information, driver’s license, passport information, password PIN or account login information, billing and claims information, and Medicare ID / Medicaid ID. All the proper parties were notified of the breach and Solara has agreed to provide free credit and identity monitoring.
Since phishing is still the most effective tactic used by attackers, a robust security approach should assume that some employees will eventually be tricked into providing credentials or executing a script in a malicious document, giving the attacker an initial foothold into the network. It is imperative to implement defense-in-depth, using tools such as endpoint detection and response sensors to alert on attacker behaviors post-compromise. Attacks that are stopped in the early stages have much less chance of causing significant damage. Individuals who may have been impacted by this instance should also keep a close eye on their account statements and credit reports for fraud and identity theft attempts.