The Target: Mon Health, a healthcare services provider.
The Take: Exposure of Personally Identifiable Information including: names, addresses, birth dates, social security numbers, medical record numbers, treatment data, and insurance claim numbers.
The Vector: The firm suffered a BEC (business email compromise), in which the attacker impersonated a high-level member of the company to request payment, or in this case, get access to sensitive data.
This breach highlights the importance of regular IT threat awareness training to employ a measured approach to all requests for access or payment, no matter what the source. BEC attacks exploit employee’s willingness to get things done fast, and by using a robust cyber security posture, these attacks can be greatly mitigated.