Incident Of The Week: Oregon DHS Target Of Phishing Attack

Nine employees phished causing data breach of 645,000 clients




A cyber attack that originally dates back to January was determined to be a targeted spear-phishing campaign, where nine Oregon Department of Human Services employees fell victim to emails compromising an estimated 350,000 patients. While the data breach was still under investigation by a third-party security team, it was not yet determine the exact number of patients impacted by the incident.

This week, it has been reported that the Oregon DHS recently began notifying about 645,000 clients that their personal data was potentially breached during this phishing attack. Nine employees fell for the email campaign providing their user credentials, giving hackers full access to more than 2 million emails.

PHI Involved In Cyber Attack

It took the Oregon DHS and Department of Administrative Services Enterprise Security Office approximately three weeks to detect the problems, which were reported by some of the nine employees involved with the malicious emails. Officials immediately reset passwords to stop unauthorized access and remote access.

See Related: “Healthcare CISO Explores A Recent Outbreak Of Breaches

On March 21, the Oregon DHS posted an update on the breach, but just started notifying the increased number of patients involved on June 19. While it was also reported that there was no malware installed on the network, and no other email accounts compromised, hackers had access to the accounts for 19 days – giving them access to patient data, case numbers, Social Security numbers and other protected health information.

In Minnesota in 2018, the DHS also experienced a phishing attack that breached data for months before it was detected. It was later determined that lack of staffing and resources made the attacks tough to detect, making government agencies a major target for hackers.

How To Detect A Phishing Attack

The most common phishing emails incorporate two elements: a sense of urgency or a request for help. This could mean an email saying that an invoice was overdue, or an email purporting to be from a colleague asking for help on a project at work.

Some phishing emails are so clever IT professionals have been duped as well. Enterprises can reduce the likelihood of a successful phishing attack through ongoing employee education and phishing-filtering software. They should also reduce the impact to the organization of a successful attack through endpoint protection, two-factor (or multi-factor) authentication, security patches, and changing passwords regularly.

Read Last Week’s Incident: “U.S. Customs And Border Protection Breach

RECOMMENDED