Exploit: Phishing scam
Beaumont Health: Healthcare provider
Risk to Small Business: 1.537 = Severe
A phishing scam gave hackers access to IT infrastructure containing patients’ protected health information. The breach was identified on March 29, 2020, but data was exfiltrated between May 23, 2019, and June 2, 2019, leaving patient data exposed for nearly a year. This incident has come to light as healthcare providers face cybersecurity threats while battling the COVID-19 crisis, and Beaumont Health will undoubtedly face both regulatory troubles and financial woes on a long road to recovery.
Individual Risk: 1.509 = Severe
Hackers accessed patients’ personally identifiable information and protected health information, including names, birth dates, Social Security numbers, and medical conditions. In some cases, hackers also accessed bank accounts and driver’s license information. Those impacted by the breach should immediately contact their financial service providers to notify them of the incident. In addition, they will need to closely monitor their accounts for suspicious or unusual activity. They should be especially critical of incoming messages, as hackers often use information from one breach to craft authentic-looking spear phishing campaigns that can compromise additional data.
Customers Impacted: 112,000
How it Could Affect Your Customers’ Business: Phishing scams are a significant risk to every company’s data. Especially during the COVID-19 pandemic, healthcare companies have seen a precipitous increase in these attacks, as hackers look to capitalize on the urgency and unease of the situation to trick employees into compromising critical data.