On May 31, 2019, Broome County, New York revealed that it suffered a data breach after attackers gained access to employee email accounts and HRMS systems via email phishing. The compromised information included names, dates of birth, Social Security numbers, credit card information, and contact details. Medical information including medical record numbers, patient identification numbers, diagnoses, treatment records, and health insurance claims were also exposed in the attack.
On January 2, 2019, Broome County detected some unusual activity in one of its employee accounts and subsequently launched an investigation with the help of a cybersecurity forensics team. The investigations revealed that attackers accessed employees' email and PeopleSoft accounts between November 20, 2018 and January 2, 2019. The attackers gained access to the users' credentials via a phishing email sent to unsuspecting employees.
On April 1, 2019, the county reported that the impacted individuals belonged to the following departments:
Broome County will be notifying all affected individuals regarding the breach. Apart from that, they have taken important security measures, including multi-factor authentication and training for employees to avoid such mishaps in the future.
Cyberattacks on government agencies are on the rise. Attackers use techniques like phishing, brute force, and credential stuffing to gain access to email accounts. Stay one step ahead of attackers by investing in a smart tool like Exchange Reporter Plus, which monitors and thwarts email-bound cybersecurity threats. Download a free, 30-day trial of Exchange Reporter Plus today.
Exchange Reporter Plus provides a host of reports that can help you locate suspicious emails, both sent and received, based on keywords in their subject or body. Appearing to be valid, these malicious emails trick users into opening them and clicking on the links embedded in them, which can cause serious damage.
With Exchange Reporter Plus, you can locate emails based on:
If you're using Exchange Online in your environment, O365 Manager Plus offers an advanced Office 365 mailbox content search capability that identifies phishing emails by analyzing internet message headers, subjects, attachments, and bodies of emails. With this feature, you can identify the sender's email address, the device and OS used to compose the email, and the servers that the email passed through.
Start your free, 30-day trial of O365 Manager Plus today to try out all these features.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.