Magellan Health -Ransomware Attack and Data Breach

One of Fortune 500 companies, Magellan Health was struck by a ransomware attack and data breach in April 2020. The healthcare giant confirmed by stating that about 365,000 patients were affected in the sophisticated cyberattack. 

According to the investigation, the attack was launched with a fully planned process where hackers first installed malware to steal employee login credentials. Then they leveraged a phishing scheme to gain access to systems of Magellan after sending out a phishing email and impersonating as their client before deploying ransomware attack.

The data thieves were able to steal login credentials of employees, personal information, employee ID numbers, sensitive patient details such as W-2 information, Social Security numbers, or Taxpayer ID numbers.

The exfiltrated data included names, contact information, employee ID numbers, and W-2 or 1099 information, including Social Security numbers or taxpayer identification numbers. The hackers also leveraged malware to steal login credentials and passwords to a certain number of current Magellan employees.

The incident was reported to law enforcement authorities, including the FBI, and officials said they are currently working closely with those agencies around its investigation.

Magellan has since bolstered its security protocols for its network, email environment systems, and personal data.

The attack mirrors recent reports of a spike in double extortion attempts, where hackers first gain access to a network and lie in wait on the victim’s system, stealing data and gaining intel, before launching the final ransomware payload. check point  and the FBI  reported healthcare entities are a prime target for these sophisticated attacks, especially throughout the COVID-19 pandemic.