In August 2019, bad actors sent emails to employees of UAB Medicine, an Alabama medical center, posing as executives and requesting that the employees fill out a survey and provide sensitive information, such as their username and password. Some employees fell for this scam and, subsequently, the attackers were able to gain access to employee emails that contained the medical information for 19,557 patients including patient names, birth dates, and diagnoses.
Another Alabama hospital, DCH Health System, suffered a ransomware attack in the same week, proving that the healthcare sector, with its troves of personal information, has been increasingly targeted in recent years. Affected patients should continuously monitor their credit reports for any suspicious activity, and employees should be vigilant of any incoming, malicious emails.
As for UAB Medical's phishing awareness, they state that employees are continually trained for cyberattacks and have increased employee education in relation to email and data security. They have also introduced MFA for all employee emails.