Phishing attack breaches insurance data of 37,000 patients for 1 month
California-based Gold Coast Health Plan breached the patient data of about 37,000 patients for more than a month after a phishing attack.
Hackers compromised the email account of one employee from June 18 to Aug. 1. Gold Coast officials said the attack was discovered on Aug. 8. The unauthorized access was stopped on the same day, and law enforcement was contacted for further investigation. The infected account was disabled.
The affected data included member names, health plan identification numbers, dates of medical services, dates of birth and medical procedures. This type of data is commonly used by cybercriminals for medical fraud.
According to officials, law enforcement said the hackers had been attempting to fraudulently move Gold Coast Health Plan funds into their account. Victims were notified by email and are being asked to keep an eye out on any suspicious medical bills on their credit reports.
Officials said they’ve since “maintained heightened monitoring” to prevent further unauthorized activity and added enhanced security measures to bolster security. Employees are also receiving additional education – especially around phishing attacks.
This is just the latest phishing attack victim this year – and one of many healthcare organizations where a breach went undetected for a number of months.
In July, Manitowoc County in Wisconsin reported the potential breach of personal health data for all individuals who had received health services throughout the county for about three months.
And Legacy Health was hit by a phishing attack in May, but the data of 38,000 patients was potentially breached in the weeks it took officials to discover the hack.
These types of attacks serve as reminders of the incredible importance of network monitoring and access control management, to detect abnormal access or user behavior.
Focus on Cybersecurity
In October, we take a deep dive into security strategy and pressing threats.