Magellan Health, a Fortune 500 company, encountered a ransomware attack last April that resulted in the encryption of its files and theft of some employee information.
Magellan Health noticed the attack on April 11, 2020 after files on its systems were encrypted. According to the breach investigation results, the attacker accessed its systems because an employee received a spear-phishing email on April 6 and responded to it. The attacker misled the employee by means of impersonating a Magellan Health customer.
Magellan Health employed the cybersecurity firm Mandiant to investigate the breach and it confirmed that the attacker accessed a company server that contains employee information and exfiltrated a portion of that data prior to encrypting the file. The attacker furthermore deployed malware to steal login data.
The information stolen by the attacker included the company employees’ names, addresses, employment ID numbers, 1099 and W-2 data, which specified the taxpayer IDs and Social Security numbers of the employees. The attacker also stole the usernames and passwords of a number of employees.
Magellan Health does not know of any attempts to use the stolen data but informed the affected persons to watch out for signs of identity theft or data misuse. Affected persons received a three-year identity theft detection and resolution service from Experian’s IdentityWorks at no cost.
The authorities are investigating the attack while Magellan Health already took some steps fortifying security to prevent the same breaches from happening again.
It is unsure thus far how many individuals were affected by the attack.
This ransomware attack happened after several months when Magellan Health learned that some of its subsidiaries experienced phishing attacks resulting in the access of unauthorized persons to employees’ email accounts in July 2019. The email accounts contained the protected health information (PHI) of 55,637 members from National Imaging Associates, Magellan Healthcare, and Magellan Rx Management. The breach was announced in September and November 2019.
PHI of Houston Methodist Hospital Heart Patients Stolen
Houston Methodist Hospital sent notifications to 1,987 heart patients regarding the potential compromise of some of their PHI. Portable storage devices containing the PHI were stolen from a vendor representative’s vehicle in mid-February.
The person was an employee of a medical device manufacturer who run the 3D imaging systems inside the cardiac catheterization lab of the hospital. He left the hard drives in the vehicle where they were stolen. According to hospital policies, it is not allowed to take the hard drives out of the locked storage room. Doing so violates established technical safety measures and contractual responsibilities. The representative thought the room was just locked because it was a late hour of the day.
The medical images contained in the hard drives detailed a patient’s name, birth date, gender, and a code number. The images could only be viewed using specialized software. The Houston Methodist Hospital already reported the thievery to authorities and engaged a private investigator, however, the hard drives were not retrieved yet.