A phishing attack on Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., resulted to the exposure of 87,000 plan members’protected health information (PHI). Data exposure happened because an employee responded to a phishing email. As in most phishing attacks, the employee thought that the phishing email was really from a legitimate request sent by a business partner.
The employee clicked the hyperlink contained in the email, which opened to a page asking for login credentials. When the employee inputted the credentials, the attacker was able to harvest the information and used it to remotely access the employee’s account.
The ULLI system is equipped with an alert function that warned the IT department about the unauthorized access. In 90 minutes from the time the alert was given, the IT team was able to stop the third-party access to the account and disconnected the device from the network. This happened on April 1, 2019. The immediate action significantly restricted the possibility for the hacker to access or steal the PHI included in emails and file attachments.
ULLI performed a forensic evaluation and confirmed that only one email account was compromised using one device. Nevertheless, that email account messages and attachments contained the PHI of plan members. Although the investigators found no proof of data access or data theft, the probability cannot be ruled out with a high level of confidence.
The potentially exposed protected health information was limited to the plan members’ names, addresses, birth dates, Social Security numbers, and certain personal health data of plan members and their family.
As a safety measure, ULLI offered all affected people a complimentary credit monitoring and identity theft protection services for 24 months.
ULLI submitted the breach report to the Department of Health and Human Services’ Office for Civil Rights, which indicated that about 87,400 patients were affected by the data breach.