The City of Philadelphia announced that it is investigating a five-month-old data breach where attackers “may have gained access” to City email accounts containing personal and protected health information.
The breach was discovered by officials on May 24th following suspicious activity in the City’s email environment, but investigators found that threat actors may have had access to accounts for at least two months after the City initially became aware of the incident between May 26, 2023 and July 28, 2023.
Also, in August, investigators became aware that the email accounts impacted may contain personal health data. The types of information disclosed may include individual’s:
- Name
- Address
- DOB
- SSN
- Contact information
- Medical diagnosis information
- Treatment-related information
- Limited financial information
- Claims information
City officials have not provided details on how the attackers breached the City’s email accounts or why they delayed disclosing the incident for five months.
Dave Ratner, CEO, HYAS had this to say:
“Too often bad actors are discovered to have had access for months or longer, staying hidden and stealing data at will. Organizations need to increase their focus on the real-time visibility and observability inside their environment, to determine what is anomalous and what isn’t, and ensure that breaches don’t lead to multiple-months of unfettered access. It’s for this reason (among others) that CISA and the NSA recommend the deployment of Protective DNS as part of a security-in-depth strategy for operational and business resiliency.”
This is a #fail given the threat actors had access for a significant amount of time. This is the perfect example as to why everyone needs to have the tools to detect and prevent these sorts of attacks in their early phases.
Like this:
Like Loading...
Related
This entry was posted on October 24, 2023 at 8:44 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
City Of Philadelphia Has Been Pwned…. And The Threat Actors Had Access For Months
The City of Philadelphia announced that it is investigating a five-month-old data breach where attackers “may have gained access” to City email accounts containing personal and protected health information.
The breach was discovered by officials on May 24th following suspicious activity in the City’s email environment, but investigators found that threat actors may have had access to accounts for at least two months after the City initially became aware of the incident between May 26, 2023 and July 28, 2023.
Also, in August, investigators became aware that the email accounts impacted may contain personal health data. The types of information disclosed may include individual’s:
City officials have not provided details on how the attackers breached the City’s email accounts or why they delayed disclosing the incident for five months.
Dave Ratner, CEO, HYAS had this to say:
“Too often bad actors are discovered to have had access for months or longer, staying hidden and stealing data at will. Organizations need to increase their focus on the real-time visibility and observability inside their environment, to determine what is anomalous and what isn’t, and ensure that breaches don’t lead to multiple-months of unfettered access. It’s for this reason (among others) that CISA and the NSA recommend the deployment of Protective DNS as part of a security-in-depth strategy for operational and business resiliency.”
This is a #fail given the threat actors had access for a significant amount of time. This is the perfect example as to why everyone needs to have the tools to detect and prevent these sorts of attacks in their early phases.
Share this:
Like this:
Related
This entry was posted on October 24, 2023 at 8:44 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.