The attack on California-based Gold Coast Health Plan went undetected, allowing attackers access to healthcare data serving as fuel for fraud.
On June 18th of this year, and employee at Gold Coast Health Plan fell victim to a phishing scam which gave attackers access to the victim’s email and access to health data. The data – which included member names, health plan identification numbers, dates of medical services, dates of birth and medical procedures – enabled attackers to attempt to commit a number of resultant attacks including medical fraud and attempting to move health plan funds into fraudulent accounts.
The attack wasn’t discovered until August 8th – nearly a month later – at which time authorities disabled the infected user account, identified the affected records, and notified customers of the breach.
In some ways Gold Coast is lucky – all that was impacted was 37K records (the fraudulent fund transfers were cited as being unsuccessful). With a month of access, cybercriminals can attempt to move laterally, gain elevated access to other systems, establish persistence within the victim network across multiple endpoints, and continue threatening activity for months to come.
These kinds of stories are a constant reminder that a user being prepared for single phishing attack can mean the difference between business as usual and needing to notify 37,000 customers that they need to monitor their credit reports.
Organizations employing Security Awareness Training can significantly reduce the likelihood of becoming a victim of a phishing attack by educating users on current attack and scam methods, preparing them to be vigilant when interacting with email and the web.