Mashable, a major tech and culture news website had experienced a data breach which leaked the users’ personal information. This [...]
One of Fortune 500 companies, Magellan Health was struck by a ransomware attack and data breach in April 2020. The healthcare giant confirmed by stating that about 365,000 patients were affected in the sophisticated cyberattack.
According to the investigation, the attack was launched with a fully planned process where hackers first installed malware to steal employee login credentials. Then they leveraged a phishing scheme to gain access to systems of Magellan after sending out a phishing email and impersonating as their client before deploying ransomware attack.
The data thieves were able to steal login credentials of employees, personal information, employee ID numbers, sensitive patient details such as W-2 information, Social Security numbers, or Taxpayer ID numbers.
The exfiltrated data included names, contact information, employee ID numbers, and W-2 or 1099 information, including Social Security numbers or taxpayer identification numbers. The hackers also leveraged malware to steal login credentials and passwords to a certain number of current Magellan employees.
The incident was reported to law enforcement authorities, including the FBI, and officials said they are currently working closely with those agencies around its investigation.
Magellan has since bolstered its security protocols for its network, email environment systems, and personal data.
The attack mirrors recent reports of a spike in double extortion attempts, where hackers first gain access to a network and lie in wait on the victim’s system, stealing data and gaining intel, before launching the final ransomware payload. check point and the FBI reported healthcare entities are a prime target for these sophisticated attacks, especially throughout the COVID-19 pandemic.
Written by: 7 Defence
Cyber security 7 Defence
Pfizer and BioNTech claimed that regulatory documents related to their jointly developed Covid-19 vaccine were “unlawfully accessed” during a cyber-attack on the European Medicines Agency (EMA) on December 10, 2020. ...