Cyber Incident Victim: Corewell Health

The cyber incident involved multiple healthcare organizations, including Catholic Hospice, Priority Health, AccelHealth, and Comprehensive Health Services, which suffered from various types of cyber attacks. These incidents resulted in the potential exposure of protected health information, including names, Social Security numbers, medical information, and treatment details. The attacks were carried out through different methods, such as employee email breaches, malware, and unauthorized access to systems and data.

At Catholic Hospice, three employee email accounts were compromised, potentially exposing the personal health information of approximately 15,000 individuals. The hospice center engaged an independent forensics firm to investigate the incident and determine the scope of the breach. The investigation revealed that the compromised information may have included names, medical information, Social Security numbers, and treatment details. Catholic Hospice took steps to mitigate the incident, including changing passwords on the affected accounts and notifying the individuals whose information was potentially exposed.

Priority Health, another healthcare organization, discovered unauthorized access to some of its member portal accounts. The incident may have resulted in the exposure of personal health information, including names, birth dates, addresses, and limited medical information. Priority Health temporarily disabled all member portal accounts and required users to reset their passwords. The organization also began requiring multi-factor authentication for all accounts to enhance security. Additionally, Priority Health offered 24 months of identity theft protection to individuals whose information was potentially exposed.

AccelHealth, a Texas-based Federal Qualified Health Center, suffered a malware incident that restricted access to certain files on its servers. The incident may have resulted in the exposure of protected health information, including names, Social Security numbers, financial account numbers, and medical record numbers. AccelHealth determined that there was no actual or attempted misuse of the exposed information. The organization took steps to enhance its security measures, including implementing additional technical security controls and reviewing its data privacy policies and procedures. AccelHealth also offered credit monitoring to individuals whose information was potentially exposed.

Comprehensive Health Services, a healthcare organization based in Florida, detected unusual network activity and discovered that some personally identifiable information may have been accessed or acquired. The incident may have involved the exposure of Social Security numbers, names, and birth dates. Comprehensive Health Services took steps to secure its digital environment and launched an investigation into the incident. The organization notified individuals whose information was potentially exposed and provided them with information on how to protect their personal information.

The incidents highlight the ongoing risk of cyber threats to healthcare organizations and the importance of protecting sensitive information. The attacks demonstrate the various methods used by threat actors to compromise healthcare organizations, including employee email breaches, malware, and unauthorized access. The incidents also underscore the need for healthcare organizations to have robust security measures in place to prevent and respond to cyber incidents. The organizations involved in the incidents took steps to mitigate the damage and notify affected individuals, which is an important part of responding to a cyber incident.

The incidents involved the potential exposure of a range of sensitive information, including protected health information and personally identifiable information. The exposure of such information can have serious consequences for individuals, including identity theft and financial loss. The incidents also highlight the importance of implementing security controls, such as multi-factor authentication and encryption, to protect sensitive information. Additionally, the incidents demonstrate the need for healthcare organizations to have incident response plans in place to quickly respond to and contain cyber incidents.

The incidents involved various types of threat actors and attack methods, which can make it challenging for healthcare organizations to defend against cyber threats. The incidents demonstrate the importance of having a comprehensive cybersecurity program in place, including regular security assessments and employee training. The incidents also highlight the need for healthcare organizations to stay informed about the latest cyber threats and vulnerabilities, and to take steps to mitigate those risks. By understanding the methods used by threat actors and the risks associated with cyber incidents, healthcare organizations can take steps to protect themselves and their patients from the consequences of a cyber attack.

The cyber incidents involved multiple healthcare organizations and resulted in the potential exposure of sensitive information. The incidents demonstrate the ongoing risk of cyber threats to healthcare organizations and the importance of protecting sensitive information. The organizations involved in the incidents took steps to mitigate the damage and notify affected individuals, which is an important part of responding to a cyber incident. The incidents highlight the need for healthcare organizations to have robust security measures in place to prevent and respond to cyber incidents, and to stay informed about the latest cyber threats and vulnerabilities.