Phishing Attack on Verity Health System Breaches Patient Data
In recent cyber-attack, hackers infiltrated the database of Verity Health System, a Redwood City-based network of 6 hospitals in California.
This was a deliberate, targeted and well-planned cyber-attack and the security breach had compromised the protected health information of certain patients by two separate phishing attacks.
According to officials, two phishing attack, one occurred in November and the other in mid-January gave hackers access to three employee web email accounts, including attachments with personal data.
Verity Health System and Verity Medical Foundation start to contact all patient who visited its specialist hospitals during the attack, to notify them that their protected health data was potentially breached by the phishing attack.
Initial investigation revealed that Verity Health System front-end workstations were infected with malware through which the hackers gained access to the database.
These were among the common fundamental failings that opened the door to Verity Health System worst data breach.
Further, the attack appeared to be an attempt to obtain employees usernames and password credentials rather than to obtain sensitive data contained in the compromised email account.
As a result of a response to a phishing email, the hacker obtained the user credentials and gained the access to the employee’s email account and sent further phishing emails to Verity Health employees and other individuals in the employee’s contact list.
The emails contained a hyperlink that directed the recipients to a malicious website, which allowed hackers to access the other network entry points.
The compromised email accounts contained a wide range of data that varied by the patient including names, patient ID numbers, addresses, treatment details, NRIC numbers, health insurance policy numbers, billing codes, Social Security numbers, lab test results, claims information, gender and race information, and dates of birth.
After detecting the unusual activity in the Verity Health System database, immediate security measures were taken by the authorities.
All unauthorized emails sent through the compromised account were deleted from the email system and email recipients who had clicked the hyperlink in the email also had their email accounts disabled as a precaution.
The officials also find IT staff and employees to be lacking in cybersecurity awareness and resources, and these lapses contributed to successful data exfiltration from Verity Health System database.
Thus, the organization is developing a new training module for all employees to raise awareness of the threat from phishing.
To Conclude
The cyber-attack was stealthy, even though the signs of the attack were observed by Verity Health System staff members. If immediate security measures were taken at the right time when an attack was ongoing, the security breach could have been stopped before it achieved its objectives.
This was not the first instances where Cyber-criminals targeted the private organizations, and it will not be the last.
Nowadays, cyber attackers have learned to make their malware infections more adaptable, resilient and more damaging and continuously improving their arsenal by developing new techniques to attack private organization and individuals. Common antivirus software cannot protect you from all cyber threats at the same time.
Though, we need to comprehensively upgrade our cyber defense systems and processes to more effectively guard against cybersecurity risks, as well as to respond in a timely and robust manner to prevent any intrusion in the future.
Note* - We recommend ITL Total Security and Malware crusher, among the best reputed anti-malware software which will help you to block Trojan, viruses, adware and other malware on your PC by creating a 24X7 shield against any cyber threat.
It consists of several features to protect your system from damage and keep you safe always. They are fully loaded with certain useful features like Real-Time Protection, Web Protection, Live updates, and many more.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
