Hackers seeking to harvest confidential personal health data are launching attacks at nonprofits. Recently hit were People Inc. of New York, Natural Health Services and its parent company Sunniva Inc., and FBI National Academy Associates.
Alex Johnson wrote about the attack on People Inc. for SecurityIntelligence:
On May 29, People Inc. disclosed a data breach that involved personal health information (PHI) belonging to its former and current customers. The human services provider said it uncovered the incident back in February when it observed an instance of unauthorized access involving the email account of one of its employees.
Upon discovering the breach, the nonprofit organization reset the password for the affected account and engaged an independent digital forensics firm to figure out what had happened. This investigation found that unknown individuals had compromised two employee accounts containing customer information, including names, Social Security numbers, financial data and medical records.
People Inc. responded to its discovery by sending out notification letters to all affected customers with instructions to help safeguard their information against identity theft and an offer for complimentary identity protection services through Experian. In addition, the organization set up a toll-free call center to answer questions about the incident.
Security personnel can help their organizations defend against a data breach by taking a layered approach to email security. This method should use a security information and event management (SIEM) tool, perimeter protection and email scanning tools to defend against digital threats. Additionally, security professionals should leverage threat intelligence streams to remain aware of threat actors who seek to compromise employee accounts via email.