Magellan Health is warning customers that an April 11 ransomware attack may have affected their personal information.

A Mandiant investigation determined an “unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6” impersonating one of the company’s clients, the company said in a notice from Magellan Senior Vice President and Chief Compliance Officer John J. DiBernardi. Before launching ransomware the third party “exfiltrated a subset of data” from one of Magellan’s corporate servers that contained customer PII, including names, addresses, employee ID numbers and W-2 or 1099 details such as Social Security numbers or Taxpayer ID numbers. “In limited instances, and only with respect to certain current employees, the unauthorized actor also used a piece of malware designed to steal login credentials and passwords.” The company has found no evidence that the data has been misused.

“Phishing emails are used in over 92 percent of all data breaches, and healthcare is the number one target for hackers,” said Lucy Security CEO Colin Bastable.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.