Exploit: Business Email Compromise
Christie Clinic: Healthcare Provider
Risk to Business: 1.802 = Severe
Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.
Risk to Individual: 2.771 = Moderate
Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.
How It Could Affect Your Customers’ Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.
Source: security week