Fortune 500 healthcare company Magellan Health Inc was recently targeted with a ransomware attack that compromised personal information stored in one of its corporate servers.
On 11th April, Magellan discovered that a criminal had gained access to its IT systems. “The unauthorised actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client,” said John J. DiBernardi Jr, SVP & Chief Compliance Officer at Magellan. The company says it immediately apprised the office of the Attorney General of California about the security incident.
Ranked 417 on the Fortune 500 list, Magellan Healths’ client list includes labour unions, employers, government and military agencies, health plans and other managed care organisations.
Magellan, along with cybersecurity firm Mandiant investigated the ransomware attack and discovered that the attacker was able to “exfiltrate a subset of data from a single Magellan corporate server," which included sensitive personal information of its clients.
Ransomware attack compromised credentials and personal data of Magellan customers
Personal information of clients accessed by the cyber criminal included names, addresses, employee ID number, Social Security numbers and Taxpayer ID number and may also include usernames and passwords.
"The exfiltrated records include personal information such as name, address, employee ID number, and W-2 or 1099 details such as Social Security number or Taxpayer ID number and, in limited circumstances, may also include usernames and passwords," DiBernardi Jr added.
Magellan soon informed law enforcement authorities, including the FBI about the security incident and sent across letters to its clients who might have been affected by the incident.
“To help prevent a similar type of incident from occurring in the future, we implemented additional security protocols designed to protect our network, email environment, systems, and personal information,” the letter stated. Magellan said it isn’t aware of any fraud attempts or misuse of stolen personal information yet.
Magellan's Corporate Communications Vice President Ljiljana Ackley told BleepingComputer that the security incident resulted “ in a temporary systems outage and the exfiltration of certain confidential company and personal information. We are investigating the incident with forensic experts, notifying our customers, employees, impacted individuals, and appropriate government agencies, as applicable, and working with law enforcement authorities.
“Unfortunately, these sorts of attacks are increasingly common. We take the safety, security, and reliability of our operations and services with the utmost seriousness. We have taken a number of additional measures to further strengthen our security policies and protocols. We are aggressively investigating this matter and will continue to provide updates to those impacted as the investigation continues,” she added.
As a precautionary measure, Magellan has advised its affected clients to review the “Information About Identity Theft Protection” reference guide attached along with the letter. The company is also offering a complimentary three-year membership of Experian’s IdentityWorks that will protect customers against identity theft.
Companies must implement robust disaster recovery plans to respond to ransomware attacks
Commenting on the security incident affecting Magellan, David Jemmett, CEO of Cerberus Sentinel, told TEISS, “In this climate of increased threat volume, it’s imperative healthcare organisations have a cybersecurity strategy in place, so they can continue to operate effectively and support and provide diagnoses for their patients. Hallmarks of resilient environments include redundant systems, rapid (or automated) response to changes in threat conditions and organisation-wide awareness of this unpredictable and unprecedented threat landscape.”
Niamh Muldoon, OneLogin’s Senior Director of Trust and Security, told TEISS: “As phishing attacks become increasingly common and increasingly sophisticated — often tailored to a targeted team with an organisation — companies cannot rely on defending against 100% of attacks.
"The best defence against ransomware is a robust business continuity or disaster recovery plan that incorporates security and privacy requirements and supports reducing the risks associated with ransomware attacks, as these attacks focus on making systems and data unavailable to end-users.
"It is critically important for businesses and organisations to have a crisis management programme in place that involves subject matter experts across the organisation, to ensure that the enterprise can make timely and informed risk-based decisions to help them through the ransomware crisis.
"Information Technology is now a critical part of every organisation, whether it is state-owned, commercial or non-profit and as a core part of their infrastructure, organisations must treat IT - and therefore IT Security - with the same detailed planning, maintenance and governance as physical buildings, finance and health and safety,” he added.
Image Source: Magellan Health Inc