Magellan Health Experiences a Ransomware Attack

A ransomware attack on Magellan Health, a Fortune 500 company, last April resulted in file encryption and theft of certain employee data.

Magellan Health detected the ransomware attack on April 11, 2020 when files encryption happened on its systems. The breach investigation results showed that the attacker was able to access its systems after an employee responded to a spear-phishing email received on April 6. The attacker fooled the employee by impersonating a Magellan Health client.

Magellan Health hired the cybersecurity company Mandiant to help with the breach investigation, which revealed that the attacker accessed a corporate server containing employee data and exfiltrated a part of that information before the file encryption. The attacker additionally downloaded malware which was employed to steal login information.

The information which the attacker stole were about the present employees of the company and included their names, employee ID numbers, addresses, W-2 and 1099 information, which listed the employees’ Social Security numbers and taxpayer IDs. The usernames and passwords of some employees were also stolen by the attacker.

Magellan Health is not aware of any efforts of using that information but instructed affected people to be careful as to the probability of identity theft and data misuse. Impacted persons were offered a free membership to Experian’s IdentityWorks identity theft detection and resolution service for three years.

Magellan Health is working with the authorities, who are strongly investigating the incident and have already taken steps to strengthen security to avert the occurrence of the same breaches later on.

It is still uncertain at this time how many people were impacted by the breach.

The ransomware attack occurred just a couple of months after Magellan Health found out that a few of its subsidiaries encountered phishing attacks, which enabled unauthorized persons to access the email accounts of employees in July 2019. The emails in the breached accounts held the protected health information (PHI) of 55,637 members from the following entities: Magellan Healthcare, Magellan Rx Management, and National Imaging Associates. The breach announcements were given in September and November 2019.