Cyber Incident Victim: Eastern Virginia Medical School

Eastern Virginia Medical School (EVMS) experienced a cybersecurity incident involving a phishing scam that potentially compromised employee data. The breach was discovered on Wednesday, January 29, 2020, based on the article's publication timeline referencing a prior Wednesday discovery before the February 4 report. EVMS President and Provost Richard V. Homan notified staff of the incident on Monday, February 3. The phishing attack enabled unauthorized access to files containing sensitive employee information, including bank account details and Social Security numbers. While the exact number of affected individuals wasn't disclosed, the breach impacted an unspecified portion of the workforce. The school did not confirm whether data was exfiltrated or merely accessed, characterizing the exposure as potential rather than confirmed. No evidence suggested patient data or student records were involved in this incident.

The compromised financial and identity information created significant risks for employees, including potential banking fraud and identity theft. EVMS initiated immediate efforts to strengthen email security systems following the discovery, though specific technical measures weren't detailed in available reports. The institution did not publicly disclose whether law enforcement was engaged or if external cybersecurity firms assisted in the response. No information was provided regarding credit monitoring services for affected personnel. The breach highlighted vulnerabilities in EVMS's email infrastructure that permitted the successful phishing attack, though the exact phishing mechanism remained unspecified. Financial and operational impacts to the institution itself were not quantified in available documentation.