Hackers targeted a hospital system in West Virginia; the attackers used a phishing attack for a data breach from the hospital’s system.
Monongalia health system, which also operates Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company, stated that hackers accessed email accounts between May 10 to Aug 15. These accounts had data related to patients, providers, employees, and contractors.
The company completed its investigation into the incident on October 29; the company concluded that an email phishing incident was responsible for the attack.
Mon Health first became aware of the incident after a vendor reported not receiving a payment from Mon Health on July 28, 2021. In response, Mon Health promptly launched an investigation, through which it determined that unauthorized individuals had gained access to a Mon Health contractor’s email account and sent emails from the account in an attempt to obtain funds from Mon Health through fraudulent wire transfers,” the company explained.
“Upon learning of this, Mon Health secured the contractor’s email account and reset the password, notified law enforcement, and a third-party forensic firm was engaged to assist with the investigation.”
The attack didn’t affect information from other hospitals, including Mon Health Preston Memorial Hospital and Mon Health Marion Neighborhood Hospital.
The company claims that “the purpose of the unauthorized access to the email accounts was to obtain funds from Mon Health through fraudulent wire transfers and to perpetrate an email phishing scheme, not to access personal information.”
Mon Health started notifying victims of the breach on December 21 and set up a free call center to answer queries.