Spoofed CEO email causes data breach at health care provider - BLACKMORE RICOTECH

Spoofed CEO email causes data breach at health care provider

22nd February 2016

On February 3, 2016, an “unidentified third person” obtained an Excel spreadsheet containing the “personal information for all active employees” of the California rehabilitation and nursing home provider Magnolia Health Corporation by impersonating its CEO, Kensett “Kenny” J Moyle, and “using what appeared to be his email address”.

In a notification letter sent to all employees, the Magnolia Health CEO said: “It was not until February 10, 2016 that we realized that this information had not been requested by anyone at MHC and that it had been disclosed to an unauthorized third person whose identity is presently unknown.”

The breached information included: “Employee Number, Name, Address, City, State, Zip, Sex, Date of Birth, Social Security Number, Hire Date, Seniority Date, Salary/Hourly, Salary/Rate, Department, Job Title, Last Date Paid, and [name of applicable] Facility” for each person. Staff have been offered free identity theft prevention and mitigation services

Business email compromise

CEO fraud is a very lucrative scam for criminals. According to the FBI, 7,066 US businesses fell victim to business email compromise (BEC) between October 2013 and August 2015, losing $747,659,840.63.

“These totals, combined with those identified by international law enforcement agencies during this same time period, bring the BEC exposed loss to over $1.2 billion.”

Staff training

It’s essential that all staff are properly trained to recognize spoof emails. With an IT Governance Employee Phishing Vulnerability Assessment, you can see whether your staff are likely to put you at risk. The test will simulate a phishing campaign for a targeted sample of your employees, enabling you to assess your employees’ awareness of spoof email attacks and take remedial action in order to address any security gaps that are identified.

Coupled with our Phishing Staff Awareness Course, which educates staff on the risks of spoof emails, you can help your team understand how phishing works, what tactics cyber criminals employ, and how to spot and avoid phishing campaigns.

Article courtesy of IT Governance –  http://www.itgovernance.co.uk

Our valued clients include...
  • COMPLETE AND IRRECOVERABLE DATA DESTRUCTION
  • ON-SITE OR AT YOUR PREMISES IF REQUIRED
  • ENVIRONMENTAL RECYCLING - ZERO WASTE TO LANDFILL
  • ADISA ACCREDITED AND ENVIRONMENT AGENCY LICENCED
  • FULL ASSET ELECTRONIC AUDIT AND TRACKING
  • DATA PROTECTION ACT AND WEEE DIRECTIVE PAPERWORK SUPPLIED

To find out how BLACKMORE RICOTECH can manage your secure IT disposal, get in touch. Call 0800 880 3678 today

Stay Informed

If you would like to be kept up to date with changes to Data Protection or WEEE legislation, together with other important information that could affect your business, why not subscribe to our newsletter service? Rest assured, we will not share your information with anyone else and you can unsubscribe at any time. To stay informed, simply enter your email address and click the SUBSCRIBE button.

Footer logos