Analecta Cyber Company Blog: Investigation Underway into Spear Phishing Attack on Main Life Health

2016-03-25

Investigation Underway into Spear Phishing Attack on Main Life Health

Spear phishing is a scheme where an email appears to be from an individual or business that you know. However, the truth is, it isn't. It's usually a scheme used by hackers to access sensitive information from the user. These may include credit card and bank account numbers, user name and passwords, and even financial information stored on your computer.

A few weeks back, Main Line Health became a victim of this kind of hacking scheme, resulting in the hacker successfully accessing company employee data.

This is not the only time that spear phishing attacks have resulted in a breach of employee data. Just in the past two weeks, three other healthcare organizations reported that information about their employees had been emailed to scammers. These included Magnolia Health Corporation in California, St. Joseph’s Healthcare System in New Jersey and York Hospital in Maine.

Scam posed as executive email

A Main Line Health employee received the spear phishing email on February 16, 2016. But the breach was only discovered two weeks after. The employee replied to the email request for data, thinking that the email was legitimate. These appeared to have been sent from the internal email accounts of high-ranking executives from within each organization. Requested information included Social Security numbers and salary information. And the fact that it is tax season made the email request even more legit. Thus, when employees replied to the email, data went to the email scammers’ account, rather than to their executives.

Main Line overlooked the incident until the IRS issued an alert to those who recently suffered from phishing attacks. This prompted Main Line to perform an assessment of their internal policies and procedures in order to lessen their risks from this attack in the future. Ultimately, the company aims to enhance its security measures.

To protect against fraud, those affected were immediately informed of the incident and are being offered credit monitoring and identity theft protection services. In addition, every employee was urged to be even more vigilant and make efforts to educate themselves about the spear phishing attacks and their possible effects.

According to the IRS, there has been a roughly 400% increase in phishing and malware incidents this year. They warned everyone in healthcare organizations to pay attention to phishing emails especially during tax season. Furthermore, employees with access to employee's sensitive information were advised to implement extreme prudence in relation to these spear phishing attacks.