Email Incidents Reported by Washington University School of Medicine & Oswego County Opportunities
Oswego County Opportunities (OCO) in New York has announced that a limited number of employee email accounts were recently accessed by an unknown actor. The security breach was identified when suspicious email activity was detected and the email accounts were immediately secured. Third-party cybersecurity experts were engaged to investigate the breach to determine the nature and scope of the attack, and what information, if any, had been accessed by the threat actor.
It was not possible to determine if any emails in the account had been viewed or obtained but the review of the affected email accounts confirmed they contained the following types of information: names, addresses, Social Security numbers, driver’s license numbers, certain health information, and a very limited amount of credit card numbers. The accounts also contained some employee information and information about vendors with connections to OCO.
The data breach has been reported to the HHS’ Office for Civil Rights as affecting 7,766 individuals. OCO said it has modified its email settings and controls to provide greater protection against cyberattacks of this nature.
Data Security Incident Reported by Washington University School of Medicine
Washington University School of Medicine in St Louis, MO, has recently announced that patient information has been exposed as a result of a recent data security incident. An unknown actor gained access to the email accounts of certain employees between March 4, 2022, and March 28, 2022.
A forensic investigation was conducted to determine if any emails or attachments were opened or obtained in the attack, although it was not possible to determine if patient data had been accessed or stolen. A review of all affected emails and attachments was conducted and confirmed they contained patient information such as names, dates of birth, addresses, medical records, patient account numbers, clinical information, and, for a limited number of patients, health insurance information and/or Social Security numbers.
In response to the breach, enhancements have been made to email security and employee training has been reinforced on how to identify and avoid suspicious emails. At present the data breach has not appeared on the HHS’ Office for Civil Right website so it is unclear how many patients have been affected; however, the School of Medicine said the breach did not affect all patients and research participants.