Cyber Incident Victim: Jefferson Health
Date:
Nov 2020
Location:
United States of America
Summary
A phishing attack compromised an employee email account at Jefferson Healthcare, potentially exposing personal information of approximately 2,550 individuals including names, dates of birth, contact details, health insurance data, and medical treatment information. Limited financial data and Social Security numbers were accessed for 84 affected parties. The organization contained unauthorized access within days, confirmed no breach of electronic medical records or billing systems, and notified impacted individuals. Forensic analysis reviewed thousands of emails to assess exposure. Security enhancements included reinforced employee training on phishing prevention and policy reviews. Credit monitoring services were offered to those with heightened financial risk, alongside public commitments to improved information safeguards and transparency regarding the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 9, 2020, Jefferson Healthcare experienced a phishing attack targeting an employee’s email account, leading to unauthorized access discovered three days later on November 12. The attackers obtained sensitive personal information belonging to approximately 2,550 individuals, including full names, dates of birth, phone numbers, home addresses, and health insurance details. Compromised health information encompassed dates of service, diagnoses, and treatment records. Forensic analysis later confirmed that Social Security numbers and financial data were exposed in 84 specific cases. The breach remained confined to the compromised email account, with no evidence of intrusion into Jefferson Healthcare’s electronic medical record system or billing infrastructure. A police report was filed following the incident, though public disclosure was delayed until March 2025 pending completion of the forensic investigation, which involved manual review of 30,000 emails and attachments to determine the breach’s scope.
Jefferson Healthcare immediately terminated unauthorized access to the affected email account upon detection and initiated direct notifications to all impacted individuals. The organization offered one year of complimentary credit monitoring and identity protection through Experian to the 84 individuals whose financial data or Social Security numbers were exposed. Internal response measures included reinforced employee training programs focused on phishing recognition and a comprehensive review of information security policies. Brandie Manuel, Chief Patient Safety and Quality Officer, emphasized enhanced security system upgrades and continued vigilance against emerging threats. The forensic investigation concluded that attackers likely reviewed only a limited number of documents, with no systemic network penetration beyond the single email account. Jefferson Healthcare publicly acknowledged the breach’s impact on community trust and issued apologies to affected parties while reaffirming commitments to transparency and privacy safeguards.