Social Engineering Causes Seattle Hospital 90K Databreach



UW Washington resized 600

Personal Health Information of 90,000 patients was accesssed by hackers because an employee opened an infected email attachment early October this year. When will they learn that employees are the weak link in IT Security and need effective security awareness training? This could easily have been prevented, but now will cause millions of dollars in damage and a lot of anguish for the patients who now could be the next target. 

Despite the fact UW Medicine claimed that patient information was not sought or targeted, that is likely wishful thinking. There is a market for complete patient records in the criminal dark web economy. A single patient's medical record is worth $30 - 50 on the black market, and the reason for that high number is that a person cannot "delete" their own medical history, like you could cancel a stolen credit card number.

Now 90,000 people need to watch their email, because the bad guys have all the information to send them highly targeted sprear-phishing email, for instance offering them new health care insurance at a very advantageous rate. 

UW Medicine said in their Press Release:

"In early October 2013, a UW Medicine employee opened an email attachment that contained malicious software (malware). The malware took control of the computer, which had patient data stored on it. UW Medicine staff discovered this incident the following day and immediately took measures to prevent any further malicious activity.

Data about patients may have included: name, medical record number, other demographics (which may include address, phone number), dates of service, charge amounts for services received at UW Medicine, Social Security Number or HIC (Medicare) number, date of birth.

The incident was referred to the FBI, and patients may be contacted by the FBI as part of its investigation. UW Medicine has also implemented a review, training and outreach effort as a result of this incident." 

Talk about closing the barn door after the horse has bolted...  

 

Related Pages: Social Engineering




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews