The community-based healthcare system, Methodist Hospitals, from Gary, Indiana disclosed that sensitive and medical information of over 68,000 people may have been exposed after a successful phishing attack. Methodist Healthcare provides surgical and medical hospital services, employs over 2500 employees, and is reported to have had over 195,000 patient encounters during 2018. A statement from Methodist Healthcare explains: “In June 2019, Methodist learned of unusual activity in an employee’s email account. We immediately commenced an investigation, working with third-party forensic investigators, to assess the nature and scope of the email account activity.” The report also says that on August 7th, 2019, the investigation determined that two employees fell victim to a phishing scheme that allowed a cybercriminal to gain access to their email accounts. The patient information that was possibly accessed includes the patient’s name, address, health insurance plan information, Social Security number, driver’s license number, passport number, username, password, payment card info, electronic signature, and the patient’s medical records. Methodist began sending notifications to all patients that may have had their information exposed and also reported the incident to state and federal agencies. The full statement provided by Methodist Healthcare can be found at this address: https://www[.]methodisthospitals.org/wp-content/uploads/2019/10/Methodist-Hospitals-Website-Notice[.]pdf
Analyst Notes
Anyone affected by this data breach is urged by Methodist Healthcare, “to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports and explanation of benefits forms for suspicious activity.” Companies and organizations that store customer or patient data in databases should consider implementing continuous monitoring of their internal computer systems, including critical servers holding sensitive data and employee workstations that can be abused by attackers as the conduit to breach internal systems. Companies may implement their own security operations center or consider a Managed Detection and Response solution, such as the services offered by Binary Defense.