13 Accounts Compromised in Roper St. Francis Healthcare Phishing Attack

A large-scale phishing attack on Charleston, SC-based Roper St. Francis Healthcare has seen attackers gain access to the email accounts of 13 employees.

The phishing attack was detected on November 30, 2018 and action was taken to block access to a corporate email account. The investigation into the breach revealed further email accounts had been compromised. The affected accounts were accessed by the attacker between November 15 and December 1, 2018.

A third-party computer forensics firm was hired to investigate the breach, which revealed some of the compromised accounts contained patient information including names, medical record numbers, health insurance information, details about services received from Roper St. Francis Healthcare, and for a limited number of patients, Social Security numbers and financial information.

All affected patients were notified by mail on January 25, 2019 and have been offered complimentary credit monitoring services. While PHI was potentially accessed, no reports have been received to suggest any PHI has been misused.

The HHS’ Office for Civil Rights breach portal indicates the compromised email accounts contained the personal and health information of 35,253 patients.

Minnesota Department of Human Services Phishing Attack Impacts 3,000 Minnesotans

Minnesota Department of Human Services Commissioner Tony Lourey has announced that the email account of a county worker has been compromised as a result of a response to a phishing email.

The account was accessed by the attacker in September 2018. The account was used to send further phishing emails to the employee’s contacts.

An analysis of the compromised account revealed it included information such as names, phone numbers, email addresses, dates of birth, and information about child protection services. In total, the personal information of approximately 3,000 individuals was potentially compromised. 30 individuals also had their Social Security number, driver’s license number and/or financial information exposed.

The phishing attack was detected the following day and remote access to the account was blocked. The delay in issuing notifications was due to the time taken to analyze the emails in the account.

Since the attack occurred, a new tool has been deployed to block phishing emails and employees have received additional training.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.