New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Georgia Cancer Testing Facility Suffers Second Data Breach of 2022

CSI Laboratories, a cancer screening facility in Georgia, has suffered its second data breach this year. Officials state that this breach is unrelated to the one that was announced in March and affected around 312,000 people. Nearly 245,000 individuals are suspected to be affected by the recent incident. “There were entirely different systems involved. This [phishing] incident did not impact the network,” stated a spokeswoman from CSI. The two attacks are seemingly different in the sense that the first breach was believed to be an attempt to access patient information, while this time around it appears that the threat actors were attempting to commit payment fraud, even though some patient information was accessed as well. Threat actors were able to gain access to an employee email account via phishing. “We believe the access to a single employee mailbox occurred not to access patient information, but rather as part of an effort to commit financial fraud on other entities by redirecting CSI customer health care provider payments to an account posing as CSI using a fictitious email address,” CSI says.

Analyst Notes

CSI Laboratories says it bolstered its security efforts after the first attack, and that is likely true since the techniques used were different and affected different systems. With this specific case, an employee account was accessed via phishing. It is important to train employees on how to recognize phishing attempts. This can be done through simulations or phishing test emails. It is advised that employees think before they click, and if they find something to be suspicious, they report it. Personal information and login credentials should never be given out to unrecognized websites our other accounts via email.