Hackers gain access to Starling Physician employee emails with phishing scam

Exploit: Phishing attack
Starling Physicians: Connecticut-based healthcare group

high-risk-meter
Risk to Small Business: 1.555 = Severe: Three employees fell for a phishing scam, providing hackers with access to their email accounts which contained patients’ personally identifiable information. The breach originally occurred on February 8th but wasn’t discovered until September. It’s taken the company two months to identify those impacted by the breach and send notifications. This lengthy response time will make it more difficult for patients to protect their information, while also opening the company up to increased regulatory scrutiny that could result in fines or penalties that will compound the financial implications of the breach.
high-risk-meter
Individual Risk: 2.142 = Severe: The compromised email accounts contained a limited number of patient data. Starling Physicians estimate that less than 1% of their patients are impacted, but the personal data includes patients’ names, addresses, dates of birth, passport numbers, Social Security numbers, and medical information. Starling Health is offering free credit and identity monitoring for patients whose Social Security numbers were exposed, and they are encouraging all victims to contact their financial institutions and to monitor their accounts for unusual activity.

How it Could Affect Your Customers’ Business: Despite the best efforts of cybersecurity software, some phishing emails will inevitably make their way into your employees’ inboxes. Fortunately, these emails aren’t malicious until acted upon by employees. Comprehensive awareness training can equip all employees to identify and neutralize possible threats. It’s a low level of effort, high impact form of defense that can make a significant impact on your company’s data security efforts and ultimately, your bottom line.

Risk Levels:

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


3 Essential Types Of Cyber Security Your Business Must HaveCLICK HERE!
+ +