{"id":19342,"date":"2022-06-15T03:10:11","date_gmt":"2022-06-15T11:10:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/06\/15\/news-13075\/"},"modified":"2022-06-15T03:10:11","modified_gmt":"2022-06-15T11:10:11","slug":"news-13075","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/06\/15\/news-13075\/","title":{"rendered":"Email compromise leads to healthcare data breach at Kaiser Permanente"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Wed, 15 Jun 2022 10:30:13 +0000<\/strong><\/p>\n<p>At least 69,000 people have been <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kaiser-permanente-data-breach-exposes-health-data-of-69k-people\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">impacted by a data breach<\/a> at Kaiser Permanente, a long-running managed healthcare consortium.<\/p>\n<p>The latest in a long-running series of healthcare attacks, the road to stolen data began on April 5 this year with an email compromise.<\/p>\n<h2>The direct path to data<\/h2>\n<p>A \u201csubstitute breach notice\u201d posted June 3 revealed details of the attack. Those directly impacted were notified separately. As Kaiser Permanente do not have everyone&#8217;s addresses on file, this <a href=\"https:\/\/healthy.kaiserpermanente.org\/content\/dam\/kporg\/final\/documents\/member-services-information\/policies\/substitute-notice-wa-en.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">breach notice<\/a> was released to help spread the word.<\/p>\n<p>It begins:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p><em>On April 5, 2022, Kaiser Permanente discovered that an unauthorized party gained access to an employee\u2019s emails. We terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident.<\/em><\/p>\n<p><em>We have determined that protected health information was contained in the emails and, while we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility.<\/em>&nbsp;<\/p>\n<\/blockquote>\n<p>Unfortunately a few hours was all it took to grab details affecting the 69k or so patients mentioned above. Data exposed includes:<\/p>\n<ul>\n<li>First and last name of patients<\/li>\n<li>Dates of service<\/li>\n<li>Medical records<\/li>\n<li>Lab test result information<\/li>\n<\/ul>\n<p>The attacker did not have access to credit card details and social security numbers. This is good news for those affected.<\/p>\n<h2>Did the attackers target one employee?<\/h2>\n<p>It\u2019s not every day you manage to compromise an account with access to so much data. The big question is whether or not this haul was the result of accident or design. From the breach notice:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p><em>After discovering the event, we quickly took steps to terminate the unauthorized party\u2019s access to the employee\u2019s emails. This included resetting the employee\u2019s password for the email account where unauthorized activity was detected. The employee received additional training on safe email practices, and we are exploring other steps we can take to ensure incidents like this do not happen in the future.<\/em><\/p>\n<\/blockquote>\n<p>\u201cAdditional training on safe email practices\u201d could mean one of many things. Perhaps the attackers got lucky off the back of a mass-mail phish attempt. Maybe they dredged up specific background information on the affected employee via social networking, LinkedIn, or even the company website. This attack may reveal itself to be something as basic as an easy to guess password.<\/p>\n<h2>The lurking menace of social engineering<\/h2>\n<p>There\u2019s also another issue: data stolen in breaches like this can be used for future social engineering attacks. As the breach notice notes:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p><em>We do not have any evidence of identity theft or misuse of protected health information as a result of this incident. However, we take this incident seriously, and this notice provides details of the incident and our response.&nbsp;<\/em><\/p>\n<\/blockquote>\n<p>Three months from breach to notification is still better than no notification. All the same: would anyone really know if these attacks have <a href=\"https:\/\/threatpost.com\/kaiser-permanente-breach\/179949\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">already been attempted<\/a>?<\/p>\n<h2>Healthcare attacks: big business for fraudsters<\/h2>\n<p>This certainly isn\u2019t the only healthcare breach in the news, with <a href=\"https:\/\/healthitsecurity.com\/news\/kaiser-permanente-discloses-data-breach-at-wa-health-plan-69k-impacted\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">fresh attacks and even multiple breaches<\/a> at some unfortunate organisations. The cost of a healthcare breach in 2021 was estimated to be <a href=\"https:\/\/healthitsecurity.com\/news\/healthcare-data-breach-costs-surged-during-pandemic\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">$9.23m a year<\/a>\u2014a $2m increase over 2020. Even healthcare software and billing services are <a href=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2022\/05\/us-healthcare-billing-services-group-hacked-affecting-at-least-half-a-million-individuals\/\">coming under attack<\/a> from criminals.<\/p>\n<p>Locking down networks and business practices of healthcare providers and those in their orbit has never been more important. The risk to patients, the business, and their finances are simply too great to ignore.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2022\/06\/email-compromise-leads-to-healthcare-data-breach-at-kaiser-permanente\/\">Email compromise leads to healthcare data breach at Kaiser Permanente<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2022\/06\/email-compromise-leads-to-healthcare-data-breach-at-kaiser-permanente\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Wed, 15 Jun 2022 10:30:13 +0000<\/strong><\/p>\n<p>We take a look at the latest healthcare breach, an email compromise of a healthcare employee and explore the fallout.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2022\/06\/email-compromise-leads-to-healthcare-data-breach-at-kaiser-permanente\/\">Email compromise leads to healthcare data breach at Kaiser Permanente<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[1191,4503,11172,11222,19683,5976,26553,26188],"class_list":["post-19342","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-attack","tag-cybercrime","tag-data-breach","tag-email","tag-employee","tag-healthcare","tag-kaiser-permanente","tag-stolen"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19342"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19342\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}