Cyber Incident Victim: Egyptian Health Department
Date:
Dec 2023
Location:
United States of America
Summary
The Egyptian Health Department experienced a cybersecurity incident involving unauthorized access to folders containing sensitive employee and client/patient data. Potentially impacted employee information included names, Social Security numbers, government-issued IDs, financial account details, and insurance information, while client/patient data involved names, dates of birth, medical records, and health insurance claims. The organization engaged cybersecurity experts to investigate, implemented enhanced security controls including credential resets and restricted access protocols, and is notifying affected individuals while offering complimentary credit monitoring and identity theft protection services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 21, 2023, the Egyptian Health Department (EHD) discovered a cybersecurity incident involving unauthorized access to its systems. The organization immediately engaged a specialized cybersecurity firm to conduct a forensic investigation, which remained ongoing as of the February 20, 2024 public notice. Preliminary findings indicated that an unauthorized actor accessed certain EHD folders containing sensitive employee and client/patient data. While no evidence confirmed data exfiltration or misuse, EHD initiated a process to identify potentially impacted individuals for notification out of caution. The compromised employee data potentially included names, Social Security numbers, driver's licenses or government IDs, financial account information, and insurance details. For patients and clients, exposed information potentially encompassed names, dates of birth, medical records, and health insurance claims data. EHD planned to notify affected parties via mailed letters and provide complimentary credit monitoring and identity theft protection services, though the identification process was still underway at the time of publication.
In response to the breach, EHD implemented multiple technical safeguards to prevent recurrence. These measures included creating new domain controllers, relocating SMB network shares to dedicated virtual machines, conducting permission audits on shared folders, restricting SharePoint Server to internal access only, and resetting all credentials. The organization segregated programs requiring inbound connections to individual virtual machines and deployed Sentinel One and Huntress endpoint protection across all equipment. Administrative controls were tightened through limited domain admin rights and mandatory password protection for spreadsheets containing protected health information. EHD established a dedicated call center (888-893-4991) operational Monday-Friday from 8:00 am to 8:00 pm Central Time to address inquiries about the incident. The public notice detailed breach reporting obligations for residents of specific states including Massachusetts, Rhode Island, and Vermont, while providing nationwide resources such as FTC contact information and credit bureau details for fraud alerts and security freezes.