This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A healthcare employee of Revere Health, the largest healthcare firm in Utah, was targeted in a phishing email attack that exposed some medical records for approximately 12,000 patients, including patients of cardiology practice in St. George.
According to a breach notification sent out by Revere Health on Friday, the employee’s mailbox was exposed for roughly 45 minutes on June 21 and leaked some private details about patients of the Heart of Dixie Cardiology Department in St. George. The phishing attack was rapidly identified by Revere Health IT team, which immediately secured the mailbox to prevent unauthorized access.
After a two-month investigation, Revere Health believes the aim of the attacker was not to secure access to patient data but to use the email account to launch more sophisticated phishing email attacks on other Revere employees. The company found the patients’ data wasn’t being shared online and deemed the breach to be a “low-level risk” to affected patients.
“From our detailed investigation of this incident, we believe that the intent of this attack was to harvest login credentials from individuals in our organization and not to gather patient information Our security logs suggest that the attacker had three objectives: (1) to spread phishing emails, (2) to gather active usernames
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Medical Data of 12,000 Patients Exposed Following Revere Health Phishing Attack