Close to 3,000 People’s Personal Details Potentially Affected in Iowa Veterans Home Data Breach

Media Division | April 24, 2017

Phishing campaigns can be one of the most common forms of cyber attacks that are out there.  They are continuously employed because they are easy for attackers to create and launch, and are often successful.  Many unsuspecting victims fall for phishing attacks simply because they are crafted to appear to be from a legitimate source, such as a reputable company or friend.  These attacks can be for a multitude of purposes, whether it be theft of data or funds, or to inject ransomware to extort an organization.  It appears that the theft of data was the intention in a recent cyber incident targeted toward the Iowa Veterans Home.

A statement from the IVH said that several email phishing campaigns had been targeted toward Google and the state of Iowa in February.  Three employees at IVH had fallen for the scam and gave the attackers their email credentials, which provided them access.  Fortunately, it appears that the accounts had not been accessed before they were quickly blocked.  But IVH is notifying current and former residents, as well as applicants as a matter of precaution.  If the information was accessed, the exposure could include details such as names, addresses, phone numbers, medical information, and even Social Security numbers. All of which can be potentially used for fraud, or sold by attackers among the black market for others to use.

How IVH Addressed the Incident

The IVH seems to have handled the breach quite rapidly and appropriately.  Addressing the immediate security hole and notifying those affected are two of the first crucial steps in addressing a cyber incident like this.  They also have a toll-free number that individuals can call for questions regarding the incident.  The quick reaction time by the IVH is commendable, as it may have prevented the information from actually being compromised. It also displays to their clientele that they are focused on addressing the incident so that there will be no further damage.

IVH now joins a slew of other phishing attack victims.  Even this year alone, there has been a multitude of organizations that have been targeted by phishing attacks that affected tax documents, sensitive data, and many other assets. Organizations like state agencies, healthcare facilities, and schools have all been affected in the past four months of the new year. Being that these attacks are often successful due to undereducation in regard to them, it is important that organizations inform their employees of the indicators of phishing attacks, as well as how to handle these types of emails.  This includes ensuring that they know not to click on suspicious and malicious links or attachments.

Protecting Organizations with Anti-Phishing Solutions

As mentioned above, phishing attacks are one of, if not the most common type of cyber attack. A single clever phishing email sent to an unsuspecting employee can lead to the infection of several networks and systems, as well as a multitude of damages or losses. It is critical that organizations have proper protection and anti-phishing solutions in place.  There are a variety of steps that need to be taken in the event of a successful phishing attack, such as addressing the breach, patching any security holes, and tracing the campaign. Tracing the campaign allows an organization to pursue further actions against it, whether it be legal or other methods of eliminating it.  Massive Alliance offers comprehensive anti-phishing solutions that can assist an organization in preventing these attacks, as well as addressing successful incidents.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.