Patients' Data Stolen After an Email Phishing Scam Targets Children's Mercy Hospital

Children's Mercy Hospital Kansas

You need to keep your wits about you when you're online. A single lapse in concentration and you could give hackers the chance to do some real damage. When you're at work, the potential consequences of a cybersecurity blunder are even more serious. In the office, it's no longer just about your data. It could be the data of many more people that are at risk. In the case of Children's Mercy Hospital in Kansas, we're talking about tens of thousands of people, most of them kids.

The cyberattack on the hospital actually took place more than seven months ago, and, there's no way to sugarcoat this, it was completely avoidable. In January, Children's Mercy put up a breach notification on its website saying that an unauthorized party had downloaded personal details of some of the hospital's patients. The exposed information included names, date of birth, height, weight, clinical information, diagnosis, condition, admission date, discharge date, etc., and the crooks got their hands on it after pulling off the simplest of online scams – phishing.

The official announcement doesn't say much, but we can gather from it that a few employees unwittingly gave away their login credentials to hackers after clicking on email links they shouldn't have clicked on. On December 2, the hospital's IT team noticed unauthorized access to two inboxes, but instead of resetting all email passwords, they just shut off access to the affected accounts. Not surprisingly, over the next few weeks, the hackers broke into a few other email inboxes, and it was not until late January that the hospital's IT people realized that data had been exfiltrated.

At the time, Children's Mercy said that experts are still assessing the damage and cannot confirm how many patients have been affected. Right now, more than five months later, we have a definitive number. A spokesperson recently told The Kansas City Star that just over 63 thousand individuals have had their data leaked. The hospital representatives are still working on contacting all the victims, and they promise that every affected person will receive one year's worth of identity theft protection free of charge.

You can now see why so many organizations spend thousands on anti-phishing training for their employees. The fact that multiple accounts got compromised clearly shows that Children's Mercy employees simply didn't understand the threat. The hospital's IT team should have probably taken more serious precaution after the hacking of the first inboxes as well. Especially when you consider the fact that this is not the first cybersecurity incident related to Children's Mercy Hospital in Kansas, Missouri.

Last year, a physician working at the hospital was trying to create an educational resource, and he published the personal details of about 5,500 patients on the Internet. He thought that the data was protected by a password, but that turned out not to be the case.

Healthcare organizations in the US are required by law to disclose every single data breach, and there's a special portal that aggregates and makes the information public. According to it, on June 27, Children's Mercy Hospital reported a breach which affects a little under 1,500 individuals. No additional details are available, and there's no information on the hospital's website, so we can't be sure whether this incident is in any way connected to the phishing attacks from December and January. It's safe to say, however, that patients, and in this particular case, their parents, are probably feeling a bit uneasy about the whole thing.

Healthcare organizations are targeted by successful cyberattacks every day which shows that they're not very well prepared when it comes to securing patients' data. We can only hope that they'll soon start paying more attention to the problem. We can also be more aware of the threat of phishing. After all, you don't want to be the next person that will follow a link and will inadvertently expose the data of tens of thousands of innocent individuals.

By Duran
July 10, 2018
News
English
July 10, 2018
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Password Security

Is There Any Difference Between a Data Hack and a Data Breach?

You've heard of data breaches and data hacks. It's been all over the news in recent years with journalists using the words interchangeably, but are they the same? There are similarities to be sure, but they're not the... Read more

June 28, 2018
Password Security

What data breaches cost? Three of the world's most expensive data breaches

You know what to do to minimize the chances of having your personal information posted on a hacking forum. You know how to look out for phishing pages, you have an up-to-date anti-malware program, and you only use... Read more

April 30, 2018
How To

Importing LastPass Data Into Cyclonis Password Manager

When designing a good product, you always have to have a clear goal in your mind. When we set off to create Cyclonis Password Manager, our aim was to make your online life easier. Forcing you to re-enter or paste all... Read more

March 20, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.