Cyber Incident Victim: Roper St. Francis Healthcare
Date:
Nov 2018
Location:
United States of America
Summary
A phishing attack compromised employee email accounts at Roper St. Francis Healthcare, potentially exposing patient information. Unauthorized access occurred over a multi-week period before being detected, prompting immediate account security measures and an investigation. The healthcare provider initiated notifications to affected individuals approximately two months after discovering the incident, establishing a dedicated call center for inquiries. While external reports suggested thirteen employees fell victim to the phishing scheme, this detail remains unverified in official disclosures. The breach primarily involved unauthorized access to email systems containing sensitive patient data, necessitating individual outreach to those potentially impacted.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 30, 2018, Roper St. Francis Healthcare discovered that unauthorized actors potentially accessed several employee email accounts due to a phishing attack. The compromise occurred between November 15 and December 1, 2018, though the exact number of affected accounts remains unspecified in public disclosures. Upon identifying the intrusion, the organization immediately secured the breached email accounts and initiated a forensic investigation to determine the nature and scope of the incident. The investigation aimed to identify whether patient information had been accessed or exfiltrated during the unauthorized access period. While the specific methods used by the attackers to exploit the phishing emails were not detailed publicly, the incident highlighted the targeting of employee credentials as an entry vector.
The healthcare provider concluded that patient information might have been exposed through the compromised email accounts, though they did not specify the types of data potentially involved. On January 25, 2019, Roper St. Francis began mailing notification letters to affected patients and established a dedicated call center to address inquiries. The public disclosure via their website occurred on January 29, 2019, acknowledging the delay between the breach discovery and patient notifications as necessary for investigation completion. No further details were provided regarding technical containment measures beyond securing the accounts, nor were specifics shared about the forensic findings or the total number of impacted individuals. The incident underscored operational risks associated with phishing attacks targeting healthcare workforce members.