Nine employees Oregon department of Human Services managed to fall for a targeted phishing attack which compromised 350,000 patients and 2 million Emails.
On a notice by the Cyber Security Team on January 28th determined that the email accounts were breached after nine employees fell to spear-phishing attack. The links they clicked on allowed hackers to access the employees email information. Oregon DHS hired a third party security team to investigate the incident and determine what information was exposed.
The investigation revealed that the compromised email accounts contained around 2 million emails which included personal and medical data of patients. The hacker had access to their full names, addresses, DOB’s , SSN’s and other details. During the investigation they did not find evidence that the data was copied from the systems.
This breach could have been avoided if there was proper cybersecurity awareness training regarding the types of threats that are out there. Cybersecurity training is a continued ongoing effort that should be taken serious by management.