A hospital system in West Virginia was comprised of unknown hackers through a phishing campaign and was used for stealing funds from the hospital.
The incident investigation revealed that hackers had access to the compromised email account of a contractor for a couple of months, which has sensitive information stored regarding the patients, workers, doctors, and hospital’s clients. It’s now secured, and they started notifying the victims.
Data Breach in an American Hospital
As hospitals turn critical amidst these pandemic times, hackers are aiming at them for getting rich in quick time. We’ve seen ransomware groups and other threat actors actively targeting healthcare firms lately, either for stealing senstive data or the money.
The latest development comes from Monongalia Health System, a hospital system from West Virginia, that has Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company running under it.
This week, the hospital system revealed that unknown hackers had access to several of their employees’ email accounts from May 10 to August 15, which stored sensitive information from patients, providers, employees, and contractors.
The hospital system realized the breach after being informed by a vendor who hasn’t received a payment from Mon Health on July 28, 2021. This quickly triggered Mon Health system to launch an investigation and find out that one of their contractor’s email account was compromised through a phishing email.
The account was then used to divert funds of hospitals to hackers’ accounts, instead of vendors. Mon Health system said it secured the “contractor’s email account and reset the password, notified law enforcement, and a third-party forensic firm was engaged to assist with the investigation.”
After ending the investigation on October 29th, it’s now sending alerts to victims and has set up a toll-free call center to clear any questions they have.