Magellan Health is warning customers that an April 11 ransomware attack may have affected their personal information.
A Mandiant investigation determined an “unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6” impersonating one of the company’s clients, the company said in a notice from Magellan Senior Vice President and Chief Compliance Officer John J. DiBernardi. Before launching ransomware the third party “exfiltrated a subset of data” from one of Magellan’s corporate servers that contained customer PII, including names, addresses, employee ID numbers and W-2 or 1099 details such as Social Security numbers or Taxpayer ID numbers. “In limited instances, and only with respect to certain current employees, the unauthorized actor also used a piece of malware designed to steal login credentials and passwords.” The company has found no evidence that the data has been misused.
“Phishing emails are used in over 92 percent of all data breaches, and healthcare is the number one target for hackers,” said Lucy Security CEO Colin Bastable.
“Ransomware attacks are incredibly disruptive and expensive to mitigate, and with so many staff working remotely all organizations are highly vulnerable,” he said, applauding Magellan’s response. “Mandiant is a highly regarded company, so Magellan Health has reacted positively.”
Noting that “stakes are high, and as with the Magellan ransomware attack of April 2020, exfiltrated records included personal information such as name, address, social security numbers, or taxpayer IDs,” Jonathan Deveaux, head of strategic partnerships for comforte AG, said, “This level of personal detail exposed may have long term impacts on individuals, not to mention possible delays in medical service during the pandemic.”
If the data had been anonymized, he said, “the unauthorized actor would have exfiltrated valueless data – nothing that would warrant a data breach notification to go out to hundreds of thousands (or millions) of individuals.”