City Of Philadelphia Has Been Pwned…. And The Threat Actors Had Access For Months

The City of Philadelphia announced that it is investigating a five-month-old data breach where attackers “may have gained access” to City email accounts containing personal and protected health information.
The breach was discovered by officials on May 24th following suspicious activity in the City’s email environment, but investigators found that threat actors may have had access to accounts for at least two months after the City initially became aware of the incident between May 26, 2023 and July 28, 2023.

Also, in August, investigators became aware that the email accounts impacted may contain personal health data. The types of information disclosed may include individual’s:

  • Name
  • Address
  • DOB
  • SSN
  • Contact information
  • Medical diagnosis information
  • Treatment-related information
  • Limited financial information
  • Claims information

City officials have not provided details on how the attackers breached the City’s email accounts or why they delayed disclosing the incident for five months.

Dave Ratner, CEO, HYAS had this to say:

   “Too often bad actors are discovered to have had access for months or longer, staying hidden and stealing data at will.  Organizations need to increase their focus on the real-time visibility and observability inside their environment, to determine what is anomalous and what isn’t, and ensure that breaches don’t lead to multiple-months of unfettered access. It’s for this reason (among others) that CISA and the NSA recommend the deployment of Protective DNS as part of a security-in-depth strategy for operational and business resiliency.”

This is a #fail given the threat actors had access for a significant amount of time. This is the perfect example as to why everyone needs to have the tools to detect and prevent these sorts of attacks in their early phases.

Leave a Reply

%d bloggers like this: