Cyber Incident Victim: Premier Health Partners
Date:
Jun 2020
Location:
United States of America
Summary
Premier Health Partners experienced unauthorized access to certain employee email accounts, potentially compromising personal information of patients and clients affiliated with the Clinical Neuroscience Institute, Help Me Grow Brighter Futures, Samaritan Behavioral Health Inc., and CompuNet Clinical Laboratories. The organization detected unusual activity, secured the accounts, and initiated an investigation with forensic experts, though no evidence of actual data misuse was identified. A comprehensive review of the email contents is ongoing to determine the specific individuals and types of information affected, with notifications to be issued once this assessment concludes. Security enhancements and staff retraining are being implemented to mitigate future risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 8, 2020, Premier Health Partners detected unusual activity within certain employee email accounts, prompting immediate action to reset account passwords and initiate an internal investigation. The organization engaged computer forensic specialists to determine the scope and nature of the incident, which targeted accounts associated with four entities: Clinical Neuroscience Institute, Help Me Grow Brighter Futures, Samaritan Behavioral Health Inc., and CompuNet Clinical Laboratories. By July 17, 2020, forensic analysis confirmed unauthorized access to these accounts by an external actor unaffiliated with Premier Health. While investigators found no evidence of actual or attempted data misuse, they could not definitively rule out access to the contents of the compromised email accounts. This uncertainty led Premier Health to undertake a comprehensive review of all data within the affected accounts to identify specific records and determine which patients or clients might be impacted. The data review remained ongoing as of the August 10, 2020 public disclosure, delaying individual notifications until the analysis concluded.
Premier Health’s response included technical containment measures such as credential resets, augmented by organizational actions like staff retraining and implementation of additional security safeguards across its systems. The investigation focused on cataloging all personal information present in the breached accounts, though the organization emphasized no confirmation of data exfiltration or malicious use. Impacted data types were not specified in the disclosure, but the incident potentially affected patients and clients across the four named subsidiaries. Premier Health committed to notifying all individuals whose information was confirmed present in the accounts once the data review finalized, offering recipients guidance on monitoring personal accounts and credit reports for suspicious activity. The organization established a dedicated email address and mailing contact for inquiries but had not yet disseminated individual breach notifications by the time of its initial public statement nearly two months post-discovery.