Phishing Email Leads to Potential Breach of Patient Information at Community Memorial Health System

Brook Zimmatore | September 6, 2017

The large amount of technologies and systems that we employ in modern operations have provided us with a completely new level of convenience and production. It allows us to transfer information in the blink of an eye and store large amounts of data. Unfortunately, this has also facilitated cyber attackers in their targeting of various systems and organizations. It seems like there is a new cyber attack or data breach every single day, with these resulting in huge damages or massive losses of data. In yet another incident, the Community Memorial Health System in Ventura County suffered a data breach that may have exposed nearly 1,000 patient’s information.

The Discovery of the Breach

The health system had announced on Tuesday that it will be notifying hundreds of patients that their personal information may have been compromised in a recent breach. The scenario began with an employee’s email account that had been compromised by a phishing attack on June 22nd. After the employee had alerted IT the next day, an investigation was begun to determine whether patient information had been accessed. It was then discovered that the compromised email account had contained personal information, and they brought in a forensic consultant to further review the incident. The consultant had said it was unlikely that any patient information had been accessed. According to the health system’s statement, while it seems unlikely that patient data was accessed, they will still be notifying everyone potentially affected as a matter of precaution. The email account had contained 959 patient’s personal information, and this included details like names, services dates, medical record numbers, certain health data, and some Social Security numbers. It did not include any form of financial data like credit card numbers or bank account information.

The health system appears to be taking the breach very seriously. They have since implemented further security measures to prevent future breaches, and provided additional training to employees. In addition, they are also offering two free years of identity protection and credit monitoring services to those potentially affected. These are all smart actions on the part of Community Memorial, as improper handling of a breach often leads to further consequences. A breach can of course result in immediate data and fund loss, but there are also the factors of reputation and customer trust damage, which can be worse when an organization does not show that they are comprehensively handling the issue.

Protecting Data with Anti-Phishing Solutions

Phishing methods like the above are an extremely common form of cyber attack. They are quite easy for a cyber criminal to formulate, and massive numbers of people continue to fall for them. Realistically, a phishing attack cannot be successful without human interaction. The attacker will purport themselves as a reputable source, such as a friend or business, in attempts to fool the individual into the scam. These campaigns can have a large variety of purposes. They may be attempting to gain illicit access to systems, infect devices with malware, or trick the victim into sending some sort of data to them. Organizations must ensure that they have comprehensive anti-phishing solutions in place to be able to prevent these types of incidents. Numerous things can come under this heading, such as employee education upon phishing indicators, cyber security systems, spam filters, and much more. Organizations that do not have the necessary implements and policies to prevent phishing attacks can easily find themselves compromised. Massive Alliance offers comprehensive anti-phishing solutions that can help to prevent attacks in the first place, as well as mitigate attacks that have already occurred.

CEO / Co-Founder
Brook Zimmatore is the Co-Founder & CEO at Massive.