Hackers breach New York's largest provider with phishing attacks

While only 744 patients were included in this month’s breach, Kaleida Health already notified 2,800 of its patients in July of a separate phishing incident.
By Jessica Davis
01:18 PM
Share
Hackers breach Kaleida Health

Buffalo General Hospital. Photo via WikiCommons

Kaleida Health, New York’s largest provider, is once again notifying patients of a phishing incident. This one involves 744 patients.

The organization discovered the incident on June 26, when it found an unauthorized third-party gained access to an employee’s email account. Officials said that after an investigation, the hacker was able to access a “small number of Kaleida Health email accounts.”

Included in those accounts were patient names, medical record number, diagnoses, treatment information and other clinical data. For some patients, it also included Social Security numbers. Officials said the financial information wasn’t included.

[Register Now: Upcoming HIMSS Healthcare Security Forum]

Kaleida is offering free credit monitoring for those impacted by the breach.

Hackers already hit the organization on May 24 and breached the records of 2,789 patients. The breach notifications sent to patients are nearly identical, except no Social Security numbers were breached during the first phishing attack in May.

[Also: The biggest healthcare breaches of 2017 (so far)]

While officials said in both letters that Kaleida is “enhancing security measures” to prevent future breaches, the best way to combat against phishing attacks is staff education.

Despite two attacks this summer, Kaleida is hardly alone as a target. 

Phishing attacks are launched by hackers in massive email campaigns, which are surgically-precise, targeted campaigns for users based on characteristics like job titles, interests or sub-groups.

“Sophisticated actors targeting a healthcare organization, instead of spamming domains, perform consumer sector spear-phishing for users they believe have elevated privileges,” said James Scott, a Senior Fellow at ICIT. “The objective is to get them to click, which will give the hackers access to move laterally across the network to gain better credentials -- such as an administrator.”

“Once inside, the hacker uses persistent ransomware or other types of malware on vulnerable devices,” he continued. “From there, they log in and exfiltrate data.”

While these attacks are easy to detect, Scott said most healthcare organizations don’t have the right cybersecurity tools in places such as layered protection, user analytics or machine learning able to detect abnormalities. 

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com