.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Umass Memorial Health
Nov 5, 2021 4:07:56 PM
The target: UMass Memorial Health, a Massachusetts-based healthcare network.
The take: 209,000 records of Personally Identifiable Information including: names, dates of birth, medical record numbers, health insurance information, and clinical treatment information with dates of services, diagnoses, procedure information, and prescription details.
The attack vector: The firm’s IT system was compromised when an employee fell for a phishing email. This granted the attackers access to all the files and programs to which the employee’s account was authorized to view.
This breach highlights the ongoing threat that phishing attacks pose for firms and remain one of the greatest security threats to an entire organization. Regular social engineering and awareness testing and training, along with tone-from-the-top messaging to emphasize the importance of critical thinking and caution are crucial to protecting sensitive information assets.
