New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Michigan Healthcare Facility Breached

Covenant Healthcare based in Saginaw, Michigan has disclosed a breach that could possibly affect around 45,000 patients. After partnering with third party security providers, the Covenant team revealed two compromised employee email accounts were the cause of the breach. Data that may have been accessible included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical diagnosis and clinical information, medical treatment, prescription information, doctors’ names, medical record numbers, patient account numbers, and medical insurance information. Covenant attempted to reach out to patients who could have potentially been affected by mail, however they stated they could not find records for everyone. Early evidence shows no evidence of information having been misused thus far, but that could change in the future. Covenant representatives released a statement that said, “We deeply apologize that this incident occurred and will take additional actions to maintain the privacy of personal information in our possession,” Covenant wrote in a statement. “We are committed to keeping your personal information safe and pledge to continually evaluate and modify our practices and internal controls to enhance security and privacy.”

Analyst Notes

Companies and especially medical care providers should not allow sensitive personal or health information to be sent through email systems, especially if the email is not encrypted. Access to business email accounts should be protected by Multi-Factor Authentication (MFA) and authentication logs should be frequently reviewed to find any anomalies that could suggest an email account has been compromised. Those who have been affected should consider using credit monitoring services going forward, and be on the lookout for medical insurance fraud. Filing a report with the FTC, requesting an IRS identity protection PIN, and proactively creating an account with state agencies responsible for unemployment benefits are all proactive steps that people can take to prevent further harm. Information that was accessed could also lead to increased phishing attempts and targeted spam campaigns. To protect themselves going forward, individuals should not open emails from unknown senders and avoid filling out attached online forms that ask for personal information.