Cyber Incident Victim: Aon
Date:
Nov 2021
Location:
United States of America
Summary
The provided articles do not contain any information about a cybersecurity incident involving Aon PLC. The breach details described exclusively concern Allaire Healthcare Group and Platinum Hospitalists, including email account compromises affecting patient data. Since no references to Aon PLC exist in the source material, no valid summary can be produced about this entity under the given constraints.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber incident occurred at Allaire Healthcare Group and Platinum Hospitalists, resulting in the unauthorized access to employee email accounts. The breach potentially compromised sensitive patient data, including names, Social Security numbers, and medical information. The attackers gained access through phishing emails, allowing them to view and potentially download the data.
The incident began when an unauthorized individual gained access to an employee email account at Allaire Healthcare Group. The company, which operates five residential healthcare facilities in the tri-state area, discovered the breach after detecting suspicious activity in the employee's email account. A forensic investigation was launched, which revealed that the breach was limited to a single email account that was accessed by the unauthorized individual. The investigation found that the attacker had access to the account for a period of time, during which they may have viewed or copied sensitive patient data.
The compromised data included protected health information of 13,148 individuals, including first and last names, Social Security numbers, Allaire-issued unique client identifier numbers, driver's license numbers, passport numbers, financial account numbers, payment card information, information regarding medical histories, treatment/diagnosis information, prescription information, and/or health insurance information. The investigation found no evidence to suggest that any of the compromised data was viewed or downloaded, and no reports have been received of any instances of actual or attempted misuse of the data.
A similar incident occurred at Platinum Hospitalists, where an unauthorized individual gained access to an employee email account. The company, which provides medical services to patients in the Las Vegas area, discovered the breach after detecting suspicious activity in the employee's email account. The investigation revealed that the attacker had access to the account for a period of time, during which they may have viewed or copied sensitive patient data.
The compromised data included individually identifiable protected health information, including patient names, dates of birth, dates of service, diagnosis and procedure codes, medical record numbers/patient account numbers, insurance identification numbers, and invoiced amounts. The investigation was unable to confirm the specific information that was compromised, but it is believed that the data mostly related to patients who were insured through Humana and received medical services from Platinum providers at acute hospitals and other medical facilities in the Las Vegas area.
In both incidents, the attackers gained access to the employee email accounts through phishing emails. Phishing is a type of social engineering attack where an attacker sends a fraudulent email that appears to be from a legitimate source, in an attempt to trick the recipient into revealing sensitive information or clicking on a malicious link. The attackers used this tactic to steal the employee's login credentials, which they then used to access the email account.
The incidents highlight the importance of robust email security measures and employee training to prevent similar breaches. Employee email accounts are a common target for cyber attackers, as they often contain sensitive information and provide access to other systems and data. Companies must take steps to protect these accounts, including implementing strong passwords and multi-factor authentication, as well as providing regular training to employees on how to identify and avoid phishing emails.
The incidents also demonstrate the need for companies to have robust incident response plans in place. In both cases, the companies were able to detect the breach and launch an investigation, which helped to contain the damage and prevent further unauthorized access. However, the incidents also highlight the need for companies to be proactive in their security measures, rather than simply reacting to incidents after they occur.
Overall, the cyber incidents at Allaire Healthcare Group and Platinum Hospitalists are a reminder of the importance of robust cybersecurity measures and employee training to prevent data breaches. Companies must take steps to protect sensitive data and prevent unauthorized access, and must be prepared to respond quickly and effectively in the event of a breach.