On April 9, 2019, Massachusetts-based Baystate Health notified its patients that an email phishing attack may have exposed their health records. The exposed information included names, dates of birth, diagnoses, treatment information, medications, health insurance information, medicare numbers, and Social Security numbers.
Between February 7 and March 7, 2019, an attacker gained access to several medical center employees' email accounts via a phishing email. The medical center immediately enlisted the help of a third-party forensic security firm to contain the attack and secure the accounts.
The subsequent investigations revealed that only the information stored in the compromised email accounts was affected, and the database containing medical records was not impacted. Baystate sent letters to all the affected patients notifying them about the breach. Aside from that, the medical center is offering free credit monitoring and identity protection services for a year to its affected patients.
Since the incident, Baystate has taken steps to improve its security systems. The passwords of the email accounts have been changed, and the email logs are being monitored. More importantly, Baystate is providing phishing attack awareness training to all its employees.
Don't want to make the news for the wrong reasons? Download ManageEngine Exchange Reporter Plus, an Exchange mailbox monitoring and reporting tool that wards off email-bound threats.
Exchange Reporter Plus provides a host of reports that help you locate suspicious emails, both sent and received, based on keywords in their subject or body. Often the content and sender of malicious emails comes across as valid, tricking users into opening these emails and clicking on links embedded in them, causing serious damage to the business. This is why email attachments deserve scrutiny.
With Exchange Reporter Plus, it's easy to set up filters to guard against malicious attachments—whether they're TXT, PPT, or BAT files.
You can locate emails based on:
Get started now with your free, 30-day trial of Exchange Reporter Plus.
In addition to that, ManageEngine O365 Manager Plus offers advanced Office 365 mailbox content search capability that identifies phishing emails by analyzing internet message headers, subjects, attachments, and bodies of emails. With this feature, admins can identify the sender's email address, the platform used by the attacker to compose the email, and the servers it has passed through.
Start your free, 30-day trial of O365 Manager Plus today.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.