The U.S. Agency for International Development (USAID) had been impersonated in a phishing attack that has led to the compromise of the protected health information (PHI) of around 12,000 Utah healthcare provider Revere Health patients. The phishing attack was quickly discovered by the Revere Health IT staff, which speedily secured the mailbox to prohibit unauthorized access. As per a breach notice posted by Revere Health, the inbox was just breached for about 45 minutes on June 21, 2021.
An investigation of the incident was started to find out if any data in the email account was read or copied. Although it wasn’t possible to ascertain if emails within the account were viewed or exfiltrated, Revere Health stated it has checked the Net and didn’t find any cases of patient information being exposed on the internet.
An evaluation of email messages and file attachments affirmed they included the PHI of patients of the Heart of Dixie Cardiology Department based in St. George. The data included medical record numbers, birth dates, names of provider, procedures, and insurance company names, although there’s no financial details or highly sensitive records.
Revere Health is convinced that the purpose of the attacker wasn’t to obtain access to patient information but to utilize the email account for a far more advanced phishing attack on Revere Health workers. Considering the limited window of opportunity and the confined nature of the information included in the account, the threat to patients is thought of to be minimal. Patients were informed to be cautious against any attempted data misuse.
Nobelium, the Russian threat group responsible for the SolarWinds supply chain attack, lately impersonated the US Agency for International Development in a phishing campaign. The campaign is continuing beginning in early 2021. The attackers acquired command of the Constant Contact email marketing account utilized by USAID, and the account was employed to send out persuasive phishing e-mails to over 350 companies. In that campaign, the objective was to send malware by impersonating real USAID email messages. At the end of May, the U.S. Department of Justice arrested two domains being utilized in the spear-phishing attacks.