💣

Highmark Health Security Incident

15/12/2022 1012 days ago Resolved

Incident Overview

Situation Description

Highmark Health experienced a socially engineered phishing attack on December 15, 2022, which affected approximately 300,000 individuals and led to unauthorized access to an employee's email account.

Event Types

Malware / Destructive Attack

Industry Sector

Healthcare

Geographic Scope

National (US)

Response Actions

Revised Incident Response Plan Implemented Advanced Authentication

Impact Analysis

Event Types (1 identified)

Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

300,000

Data Types Compromised

PII (Personally Identifiable Information) PHI (Protected Health Information) Financial Data (Credit Cards, Bank Accounts)

Primary Impacts

Data Exposure Operational Disruption

Key Decisions Made

Highmark Health implemented stricter security protocols for IT help desks, including verifying requests with a callback to the employee's registered number and contacting their supervisor.; One major health system mandated that employees appear in person at the IT help desk for certain requests in response to falling victim to an IT help desk scam.

Technical Analysis

Attack Method

Phishing

Threat Actor Attribution

Scattered Spider

Additional Information

Social Engineering Threats in Healthcare February 14, 2024 executive summary Social engineering is a major threat to healthcare, exploiting human vulnerabilities to gain unauthorized access to sensitive information. According to the Carahsoft 2021 HIMSS Healthcare Cybersecurity Survey, socially engineered phishing attacks accounted for a staggering 45% of security incidents in healthcare systems. In 2023, healthcare organizations encountered a 279% increase in business email compromise (BEC) incidents. Socially engineered email attacks, including BEC, surged against the healthcare sector during this period. These statistics highlight the frequency and impact of social engineering tactics in the industry. Additionally, the FBI's 2022 report highlights a concerning trend of cybercriminals targeting healthcare payment processors via social engineering attempts, with incidents resulting in the redirection of funds. These kinds of attacks mean that there is an urgent need to understand and combat social engineering threats in healthcare. Lets look at social engineering threats in the healthcare space and what organizations can do to remain safe. tir snapshot In February 2023, Highmark Health, the second largest integrated delivery and financing system the U.S., was hit by a socially engineered phishing attack affecting around 300,000 individuals. The breach took place on December 15,2022, when a Highmark employee clicked on a malicious link that granted unauthorized access to their email account for a span of two days. It's important to remember that social engineering relies on manipulating individuals into divulging sensitive information or taking actions that compromise security. In phishing attacks, like the one mentioned above, social engineering tactics are used to take advantage of how people naturally behave. In January 2024, the American Hospital Association (AHA) became aware of a social engineering scam targeting IT help desks. This scheme involves using...

... (truncated for display)

Quick Facts

Company:: Highmark Health
Date:: 15/12/2022
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 14/02/2024

Source Information

Original Query

impact of "Scattered Spider" tactics on corporate incident response and employee training

View Original Source

Timeline

Information Published

14/02/2024

Incident Occurred

15/12/2022 (1012 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats