Phishing Attack on Oregon State Hospital Prompts Early Notification

Exploit: Spear phishing attack

Oregon State Hospital: Public psychiatric hospital based in Salem, Oregon

Risk to Small Business: 1.555 = Severe: An employee clicked on a phishing email, which allowed hackers to gain access to the employee’s email account. Fortunately, IT administrators were able to identify the breach just 40 minutes after it occurred, limiting the exposure of patient information. Although the investigation isn’t complete, the company did reveal that an undetermined amount of patient information was exposed during the breach

Individual Risk: 2 = Severe: The phishing scam compromised names, dates of birth, medical record numbers, diagnoses, and treatment care plans. Although the company plans to notify impacted individuals in 4 to 6 weeks, anyone with records as the hospital should monitor their credentials for potential misuse.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing scams are entirely avoidable, and any data breach that results from a phishing scam is a self-inflicted wound for the company’s reputation. In addition to deploying robust security software, companies should conduct regular training to avoid unnecessary data breaches. MSPs should consider partnering with third-party cybersecurity services that provide robust employee training to avoid phishing scams.