Back to Email phishing

Email phishing

Data breach at Georgia-based Navicent Health exposes PHI of 278,000 patients

navicent-health-patients-information-breach

On April 17, 2019, Navicent Health, the second-largest hospital in Georgia, announced that it was the victim of a data breach. The protected Health Information (PHI) of its patients, such as names, dates of birth, addresses, billing information, appointment dates, and social security numbers, may have been stolen.

The incident.

In July 2018, Navicent Health discovered that some of its employees' email accounts were compromised in a data breach. The impacted email accounts contained the PHI of 270,000 patients. As soon the incident was discovered, Navicent hired a third-party forensics firm to investigate the breach. They also notified the affected patients and law enforcement authorities. The investigations revealed that the breach only involved email accounts, and it didn't extend to the network.

Navicent is offering identity protection services for a year to all its affected patients, and they've also urged the affected patients to review their account statements for any suspicious activity. Additionally, Navicent has taken steps to educate its employees on phishing scams.

According to HIPAA, all organizations must report data breaches within 60 days of discovering the incident. Although Navicent complied with this law, there was a considerable delay between when the hospital identified the breach and when they notified the authorities. Generally speaking, it's vital to analyze and report such incidents quickly. By investing in a smart Exchange reporting tool, it's easy to identify and thwart email-bound threats.

How can ManageEngine help:

Exchange Reporter Plus provides a host of reports that can help you locate suspicious emails, both sent and received, based on keywords in their subject or body. Often these malicious emails appear to be valid, tricking users into opening these emails and clicking on links embedded in them, which can cause serious damage.

With Exchange Reporter Plus, you can locate emails based on:

  • Messages by subject keyword. Use reports to identify particular keywords in the email subject lines.
  • Messages by body keyword. Identify all the messages in your mailbox that have a particular keyword in the body of the email.
  • Attachment name. Get a report of all emails in your mailbox that have an attachment with a specific name. With the names of the malicious files, you can take the necessary steps to stop email-bound threats.
  • Attachment type. Based on an attachment’s file extension, you can spot malicious software.
  • The number of emails received from a specific domain, sender, department, or external email address. Get reports on all incoming emails from an external email address, a blacklisted sender or domain, or a specific department.
  • Messages by subject keyword
    Messages by body keyword
    Attachments by file name keyword
    Attachments by file extension keyword

Click here to explore more features and gain granular insights into your Exchange environment.

Download a free, 30-day trial of ManageEngine Exchange Reporter Plus to try out all the features.

In addition to that, ManageEngine O365 Manager Plus offers an advanced Office 365 mailbox content search capability that identifies phishing emails by analyzing internet message headers, subjects, attachments, and bodies of emails. With this feature, you can identify senders' email addresses as well as the platform used by the attackers and the servers it has passed through.

Start your free, 30-day trial of O365 Manager Plus today.

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.