Cyber Incident Victim: Morehead Memorial Hospital
Date:
Sep 2017
Location:
United States of America
Summary
A phishing attack compromised two employee email accounts at Morehead Memorial Hospital, potentially exposing sensitive patient and employee information. The breach involved health insurance payment summaries, treatment overviews, health plan details, and limited Social Security numbers. Upon detection, the hospital disabled affected accounts, reset network passwords, and engaged forensic experts to investigate. Authorities including the FBI and Homeland Security were notified, with impacted individuals offered free identity monitoring services. The institution established a dedicated website and assistance line to provide further details and support for those affected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Morehead Memorial Hospital publicly disclosed a data breach on September 15, 2017, following a phishing attack that compromised two employee email accounts. The hospital's IT team responded by immediately disabling access to the affected accounts upon detecting the potential security incident. They implemented a network-wide password reset as a containment measure and engaged external forensic consultants to conduct a comprehensive investigation. The forensic analysis confirmed unauthorized access to sensitive information belonging to patients and employees. Exposed data included health insurance payment summaries, treatment overviews, health plan details, and Social Security Numbers in a limited number of cases. While the hospital did not disclose the total number of affected individuals, the breach impacted both patient and employee populations. The investigation did not reveal evidence of intentional misuse of the compromised information at the time of disclosure. Hospital administrators notified federal law enforcement agencies, including the FBI and Department of Homeland Security, pledging full cooperation with their investigations.
The hospital initiated individual notifications through mailed letters dated September 15, 2017, describing the nature of the breach and protective measures available to victims. Affected individuals received offers for complimentary identity monitoring services covering a twelve-month period. Morehead Memorial established a dedicated incident webpage (http://morehead.org/data-incident) providing breach details and recommended protection steps. A toll-free assistance line (1-833-202-7408) operated during Eastern Time business hours to address inquiries about the incident. The organizational response combined technical containment measures with victim support services while maintaining transparency about the breach's scope and limitations. No ransomware or data destruction elements were reported in connection with the phishing incident. The hospital's disclosure emphasized ongoing efforts to enhance security protocols following forensic findings, though specific system upgrades or policy changes were not detailed in the public statement.