Magellan Health Ransomware Affects Over 364,000 People

The ransomware attack on Magellan Health in April 2020 is now published on the HHS’ Office for Civil Rights breach portal. There were 6 Magellan entities impacted, each of which reported the incident. A few other organizations likewise filed breach reports to affirm the effect on their patients and customers.

It is still premature to say precisely the number of persons impacted by the ransomware attack, although by July 1, 2020, the total is over 364,000. Hence, this breach incident is currently the third biggest healthcare data breach in 2020. Certain entities might have not documented the impact of the breach yet.

The entities which have affirmed being affected by the breach are mentioned below.

  • Merit Health Insurance Company – 102,748 people impacted
  • Magellan Healthcare, Maryland – 50,410 people impacted
  • Magellan Rx Pharmacy – 33,040 people impacted
  • Magellan Complete Care of Florida – 76,236 people impacted
  • Magellan Complete Care of Virginia – 3,568 people impacted
  • National Imaging Associate – 22,560 people impacted
  • University of Florida, Health Shands – 13,146 people impacted
  • University of Florida Jacksonville – 54,002 people impacted
  • University of Florida – 9,182 people impacted
  • Total people impacted were 364,892

Numerous healthcare ransomware attacks that were reported recently utilized brute force attacks on remote desktop services or took advantage of VPN vulnerabilities. But this attack is totally different as it utilized spear-phishing email which impersonated a Magellan customer. The attacker sent the email on April 6 and installed the ransomware under a week after.

In the substitute breach notification letter of Magellan submitted to the California Attorney General’s Office, it was stated that the attacker deployed malware that was created to swipe login information and passwords, and obtain access to just one of Magellan’s corporate server and stole personnel data. The attackers stole information linked to active personnel and contained these details: Address, employee ID number, and 1099 or W-2 information like Taxpaper ID number or Social Security number. For certain workers, the attacker likewise obtained their usernames and passwords.

The notice of breach incident published on the Magellan Health websites verifies that Patients of Magellan Health and its affiliates and subsidiaries were affected, too. These types of information were compromised: Treatment details, medical insurance account data, member ID, other details associated with health, telephone numbers, physical and email addresses. Social Security numbers were likewise impacted in some cases.

On the June 12, 2020 website notice, it was not mentioned if there was stolen protected health information (PHI) in the attack. In all instances, Magellan Health claims there is no proof found thus far that indicates the improper use of any patient or worker data.