Menu
Browse

Cyber Incident Victim: Roper St. Francis Healthcare

Date:

Nov 2018

Location:

United States of America

Summary

Roper St. Francis Healthcare discovered that an unauthorized actor may have accessed some employees' email accounts after those employees fell for a phishing attack. The organization promptly secured the compromised accounts and began an investigation into the extent of the access. Notification letters were sent to affected patients and a dedicated call center was established to address concerns. While some sources indicate that thirteen employees were involved in the incident, those claims lack a verifiable source.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

On November 30, 2018, Roper St. Francis Healthcare learned that an unauthorized actor may have gained access to some employees’ email accounts between November 15 and December 1, 2018. Upon discovery, the organization immediately took steps to secure the compromised email accounts. An investigation was launched to determine the scope and nature of the unauthorized access. The incident was identified as a phishing attack that led to the compromise of employee credentials. The organization worked to contain the breach and prevent further unauthorized entry. Internal teams coordinated with IT security to restore the integrity of the email system.

Cyber Incident Image

Following the investigation, Roper St. Francis began mailing notification letters to affected patients on January 25, 2019. A dedicated call center was established to assist patients with questions and concerns related to the incident. The notice posted on the organization’s website on January 29 explained that patient information may have been involved in the breach. According to the article, two sites reported that 13 employees fell for the phishing attack, although neither source was cited. The organization continued to monitor the situation and provide updates as needed. These actions comprised the response to the email account compromise incident.

Sources
Sources available to members
1 source