Cyber Incident Victim: HORNE LLP
Date:
Oct 2017
Location:
United States of America
Summary
A phishing attack compromised an employee email account at HORNE LLP, a business associate handling Medicaid services for Forrest General Hospital, leading to unauthorized access to protected health information. The exposed data included patient names, Medicaid identification numbers, Social Security numbers, dates of birth, account numbers, and service dates. While no confirmed misuse occurred, HORNE notified affected individuals and offered complimentary credit monitoring and identity theft resolution services for one year. The incident was reported to the U.S. Department of Health and Human Services, and HORNE enhanced its security protocols to prevent future breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 31, 2017, unauthorized access occurred to an employee email account at HORNE LLP, a business associate providing Medicaid reimbursement services to Forrest General Hospital. The incident was detected on November 1, 2017, when HORNE observed the compromised account sending phishing emails. HORNE immediately initiated an internal investigation and determined the employee had fallen victim to a phishing attack, with unauthorized access spanning from October 31 to November 1, 2017. The organization engaged a third-party forensic investigator to assess the breach's scope. By November 20, 2017, the investigator confirmed unauthorized access to specific emails within the account. Subsequent review of these emails revealed an attachment containing protected health information (PHI) for certain Forrest General Hospital patients, confirmed on November 27, 2017. The exposed data included patient names, Medicaid identification numbers, dates of birth, patient account numbers, dates of service, and Social Security numbers. HORNE could not confirm whether the unauthorized actor actually viewed or acquired the PHI-laden attachment but proceeded with notifications due to the potential risk.
HORNE implemented additional security safeguards following the investigation while maintaining existing protective measures. The firm notified Forrest General Hospital, which subsequently reported the incident to the U.S. Department of Health and Human Services as required. Beginning February 1, 2018, HORNE mailed notification letters to affected patients offering one year of complimentary credit monitoring and identity theft resolution services through Experian. A dedicated assistance line (855-367-5405) operated weekdays from 8:00 a.m. to 8:00 p.m. CST was established for patient inquiries. The breach notification emphasized HORNE's existing security protocols while acknowledging ongoing enhancements to information protection systems. No evidence of actual or attempted misuse of the exposed data was identified during the investigation. The incident impacted patients whose PHI was contained within the compromised email attachment accessed during the 48-hour unauthorized period.