Woesnotgone (Woes-not-gone) Meadow
All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth. A portion of the residents are very familiar with one aspect of internet usage-email. They use this mostly for family communications, share pictures, or just bugging one another. One area that has been a problem and continues to be is phishing, and not the kind by Margie’s pond, by the south side of her home. New York Oncology Hematology recently experienced this.
Phishing has become such a lucrative and easy attack method, it's no wonder its prevalence has skyrocketed. The methodology for the attack is relatively straight forward, and is not an overly complex situation.
Attack
The phishing attack itself was launched and continued between April 20-27, 2018. The attackers sent their fraudulent emails with a link to be clicked on. Once the unfortunate user did this, the process of credential harvesting started. Of the mass number of emails sent, the attackers were successful with 14 users. Sometimes, all it takes is a handful of people clicking. The emails naturally appeared to be legitimate. The targets provided their username and passwords. The attack, clearly, was successful and compromised the system. The 14 email accounts were locked down once the issue was noted. The attack was detected and shut down. The triggering event was not published though. This could have been user detected, a user reported, or the enterprise (e.g. SIEM) detected this.
Affected Parties
There were 128,400 employees and patients affected by this. Overall, this did not affect the employees and patients who joined NYOH after April 27, 2018. As of November 2018, NYoh was not aware of any patient’s data being misused. These issues for the affected parties may not appear immediately, as the unauthorized parties with the data may choose to use this at their leisure. These may be used or sold without a time limit.
Remediation
NYOH contracted with a third party to conduct a forensic review. The report was delivered to NYOH on October 1, 2018. The report indicated one or more of the email accounts had PHI accessible to the attackers, and confidential and private health information was compromised to an unauthorized party. NYOH, due to the compromise, is offering the affected parties credit reporting services.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Resources
Daily Gazette Reporter. (2018, November 16). New york oncology hematology hit by email scam. Retrieved from https://dailygazette.com/article/2018/11/16/new-york-oncology-hematology-hit-by-email-scam
Dissent. (2018, November 17). New york oncology hematology notifying more than 128,400 employees and patients after phishing attack. Retrieved from https://www.databreaches.net/new-york-oncology-hematology-notifying-more-than-128400-employees-and-patients-after-phishing-attack/
New York Oncology Hematology. (2018). Phishing incident: What you need to know. Retrieved from https://newyorkoncology.com/security/
WGY News. (2018, November 17). New york oncology hematology reports data breach. Retrievd from https://wgy.iheart.com/content/2018-11-17-new-york-oncology-hematology-reports-data-breach/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.