Menu
Browse

Cyber Threat Actor: EVERSANA

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

EVERSANA is a threat actor known by the alias EVERSANA and is associated with the United States of America based on publicly reported incidents. The actor came to attention in 2019 when it was identified as responsible for unauthorized access to patient data stored in a legacy technology environment. The compromise persisted for approximately three months before being detected through unusual email activity that triggered an investigation. The exposed information included names, addresses, Social Security numbers, driver’s license numbers, financial details, health records, treatment specifics, insurance data, and prescription information. After the investigation, EVERSANA updated the outdated systems involved but found no evidence that the accessed data had been misused or attempted to be misused. The total number of individuals affected and the exact method of discovery were not disclosed in the public reports.

The incident demonstrates that EVERSANA targets the healthcare sector, specifically organizations that maintain protected health information, and operates within the United States region where the victim organization is located. No public sources explicitly state the actor’s strategic objectives such as financial gain, espionage, or disruption, so those aspects remain unspecified in the available record. Regarding tactics, techniques, and procedures, the only referenced initial access vector is the detection of unusual email activity, suggesting an email‑based compromise, and the exploitation of legacy systems that had not been updated. No specific malware families, tooling styles, or post‑exploitation tools are mentioned in the reporting.

Attribution to any state sponsor, criminal consortium, or other affiliations has not been established in publicly available sources, and the actor’s ties remain unknown. The 2019 breach of patient data serves as the sole publicly reported operation that can be cited as a representative example of EVERSANA’s activity. This incident highlights the actor’s focus on exploiting outdated infrastructure within healthcare entities to obtain extensive personal and medical data, although the subsequent handling or use of that data has not been demonstrated in the open record.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources