Cyber Incident Victim: Multiple Sclerosis Center of Atlanta
Date:
May 2022
Location:
United States of America
Summary
Multiple Sclerosis Center of Atlanta experienced a ransomware attack compromising patient data. The incident involved unauthorized access to systems containing sensitive personal and medical information. Attackers exfiltrated data and threatened public release unless demands were met. The organization responded by securing systems, investigating the breach, and notifying affected individuals. Services were temporarily disrupted during containment efforts. Credit monitoring and identity protection services were offered to impacted patients to mitigate potential harm from the exposure of their private health records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2022, Intuit issued a warning regarding an ongoing phishing campaign targeting users of its QuickBooks accounting software. The campaign involved fraudulent emails impersonating Intuit’s support team, falsely claiming that recipients’ accounts had been temporarily suspended due to unresolved issues during a business information review. The messages instructed users to click a "Complete Verification" button, which redirected them to phishing sites designed to harvest personal credentials or deliver malware. Intuit clarified that the senders were unauthorized entities with no affiliation to the company, emphasizing that the use of its branding in these communications was illegitimate. This incident followed a similar phishing campaign in February 2022, where attackers threatened account deletion, indicating a persistent threat pattern against QuickBooks customers.
Intuit responded by alerting customers through a public advisory on May 26, 2022, after receiving multiple user reports about the fraudulent suspension notices. The company directed affected users to delete any downloaded files from the emails, perform system scans using updated anti-malware tools, and immediately change their account passwords. Intuit also reinforced phishing awareness through its support portal, providing guidelines to help users identify and avoid such scams. The campaign’s primary impact centered on credential theft and malware infection risks, though no specific data breaches or financial losses were confirmed in the advisory. The repeated nature of these attacks highlighted ongoing challenges in combating social engineering tactics aimed at exploiting trusted software brands and their customer bases.