Updated Wed February 15, 2023
Published Under: Monthly Breach Deets
This month for our Monthly Breach Deets, we will highlight a phishing attack that posed as a trusted company to deceive an individual. Highmark Health experienced a phishing attack when an employee clicked the link in an unverified email. The employee then proceeded to share their credentials. This data breach occurred on December 13, 2022, and it was detected two days later by Highmark Health.
As stated by HIPAA Journal, it was later discovered that this affected over 300,000 patients and all from a simple click. All said and done, it costs Highmark Health $5,908,000, according to eRiskHub.
The data breach contained the following protected health information (PHI):
-
Names
-
Identification numbers
-
Addresses
-
Prescriptions
-
Phone numbers
-
Email Addresses
-
Financial information
-
The Social Security number of the individual that had entered their information
The data breach could have been prevented
Time after time, every data breach involves some kind of phishing attempt to steal password credentials, launch fraudulent transactions, or trick someone into downloading malware. Follow the eight best practices that Forbin uses 365 days of the year and this should significantly help decrease your chances of a phishing attack.
-
Conduct employee security awareness training with continuous refreshers
-
Scan emails for malware
-
Require secure passwords and multi-factor authentication
-
Never click on unverified links
-
Use a dedicated Wi-Fi network for your team that the public cannot access
-
Always keep your security software up to date
-
Install security systems
-
Repeat
VGM Forbin IT Experts Have You Covered
VGM Forbin would be happy to consult you on data security for all things tech and other ransomware security needs. Schedule a free consultation with our experts today!
Comments