Oswego County Opportunities (OCO) in New York has reported that an unknown actor has recently accessed a small number of staff email accounts. OCO discovered the security breach because of notable suspicious email activity and immediately secured the email accounts. Third-party cybersecurity specialists investigated the breach to find out the nature and extent of the incident, and to identify which data, if any, the threat actor had accessed.
It cannot be determined whether any email messages in the account were viewed or acquired however the analysis of the impacted email accounts affirmed the inclusion of these types of data: names, Social Security numbers, addresses, driver’s license numbers, selected health data, and some credit card numbers. Some information of employees and vendors associated with OCO was also potentially exposed.
The data breach report has been submitted to the HHS’ Office for Civil Rights indicating that 7,766 persons were affected. OCO stated it has changed its email configurations and settings to give increased protection versus cyberattacks of this kind.
Washington University School of Medicine Reports Data Security Incident
Washington University School of Medicine based in St Louis, MO, has lately reported that patient data was compromised due to a data security incident recently. An unidentified actor acquired access to the email accounts of selected staff members from March 4, 2022 to March 28, 2022.
The University had a forensic investigation conducted to find out whether any email messages or file attachments were viewed or extracted during the attack, though it cannot be confirmed whether patient information was accessed or stolen. An analysis of all impacted email messages and file attachments was done and affirmed they included patient data like names, birth dates, addresses, health information, patient account numbers, clinical data, and medical insurance data and/or Social Security numbers for some patients.
Because of the breach, improvements were implemented to strengthen email security. Employee training was enhanced to help recognize and steer clear of suspicious email messages. Presently the data breach is not yet posted on the HHS’ Office for Civil Right web portal thus the number of patients affected is still uncertain; nevertheless, the School of Medicine stated the breach didn’t have an effect on all patients and researchers.