Cyber Incident Victim: Magnolia Health Corporation
Date:
Feb 2016
Location:
United States of America
Summary
Magnolia Health Corporation experienced a data breach when an unauthorized party spoofed the CEO's email to fraudulently obtain an employee information spreadsheet, compromising sensitive details including names, Social Security numbers, addresses, birth dates, salaries, job titles, and employment records for all staff. The breach was discovered approximately one week after the incident, prompting notification to employees, engagement with law enforcement for investigation, and the provision of identity theft prevention services for affected individuals. The organization also advised employees to implement credit fraud alerts while asserting implementation of unspecified measures to prevent future unauthorized disclosures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 3, 2016, Magnolia Health Corporation (MHC), a Tulare, California-based operator of five rehabilitation and nursing facilities, experienced a data breach initiated through a spoofed email impersonating CEO Kensett Moyle. An unauthorized actor fraudulently used Moyle’s email address to request an Excel spreadsheet containing comprehensive employee information. The attacker successfully obtained names, Social Security Numbers, employee numbers, home addresses, birth dates, hire dates, seniority dates, salaries, job titles, departments, last date paid, and facility names of employment. The breach impacted all MHC employees, though the exact number of affected individuals was not disclosed publicly, as the company’s website omitted employee counts and executives did not provide further comment. The stolen data encompassed highly sensitive personally identifiable information (PII) and financial details capable of facilitating identity theft or financial fraud.
MHC discovered the breach on February 10, 2016, seven days after the initial email compromise. Within two days of discovery, on February 12, the company notified all employees via a letter signed by CEO Moyle, which was subsequently published on the California Attorney General’s website. The notification outlined the breach’s mechanics and the specific data categories exposed. MHC engaged the Tulare County District Attorney’s office to investigate the incident and committed to implementing unspecified measures to prevent future unauthorized disclosures. As remediation, MHC offered affected employees one year of identity theft prevention and mitigation services and advised them to place fraud alerts on their credit files. The company did not disclose technical details about the email spoofing method, intrusion detection timeline, or specific security improvements undertaken. Public records confirmed the breach’s scope and response actions through filings with state authorities and third-party reporting by HIPAA Journal.