University of Minnesota Physicians & McLeod Health Experience Email Account Breaches

University of Minnesota Physicians has been hit by a cybercriminal attack that result in access being gained to the email accounts of two members of staff. One corporate email account was rendered accessible from the time period between January 30 and January 31, 2020 and again on February 4, 2020.

After identifying the breach moves were swiftly put in place to safeguard the relevant email accounts. A team of cybersecurity specialist were contracted to ascertain the damage caused by the attack. Thankfully, nothing was discovered to suggest that emails on the server had been accessed or that private patient data had been illegally obtained, However it is not possible to completely eliminate that potential for data being accessed illegally.

After a further review of the impacted accounts showed that were holding the protected health information of specific patients. The range of data in the accounts varied greatly and may have included:

  • Names
  • Addresses
  • Birth and death dates
  • Contact details
  • Account numbers
  • Credit card information
  • Health insurance information

A small amount of those impacted also had their Social Security number stolen.

On March 30, 2020 notification letters were issued to impacted people. Now the breach investigation has been officially finished. Since the breach was discovered the University has introduced new security measures and conducted more security training for staff members. Additionally, impacted individuals have been provided with one year  of free credit monitoring and identity theft protection services through provider Kroll. It has been estimated that 683 individuals have been affected by the breach.

Meanwhile, South Carolina-based Mcleod Health has identified a HIPAA breach involving the infiltration of a staff email account which was accessed by unauthorized person. There was identification of suspicious email account activity on June 23, 2020. Following this the email account was immediately made secure.

An in-depth forensic investigation was completed to ascertain the extent of the the breach. This showed that the staff email account was infiltrated at some point between April 13, 2020 and April 16, 2020. On August 19, 2020, McLeod Health deduced that the determined the content of the email account had been stolen by a cybercriminal during that month.

Currently, McLeod Health is completing an investigation of the breached email account to see what range of information has been stolen by the hacker and which patients have been impacted. Alerts will be sent to those impacted when the review comes to an end.

Multi-factor authentication had previously been implemented by McLeod Health to stop impacted details from being used to obtain access to email accounts; however, some internal configuration had stopped it from being used on some devices. This is not being remedied and new security awareness training is being conducted for some members of staff.