Breach at Southwest Washington Regional Surgery Center exposes sensitive information.

On November 6, 2018, Southwest Washington Regional Surgery Center (SWRSC), a medical facility in Vancouver, WA owned by PeaceHealth Ventures, notified 2,393 patients that their health information had been exposed due to an email phishing attack. Patient information such as names, addresses, Social Security numbers, driver's license numbers, credit card details, and medical information may have been stolen.

How did SWRSC respond to the attack?

As soon as the breach was identified, SWRSC launched an investigation with the assistance of a cybersecurity firm. The investigation included a manual review of all the emails in compromised employees' accounts. Security officials reported that the hackers accessed the account some time between May 27th and August 13th this year. SWRSC has taken steps to educate patients about ways to protect their information, including monitoring their bank statements and placing a security freeze on their credit files. Apart from this, the company has offered free credit monitoring services to affected clients. Following the breach, SWRSC initiated password changes for all accounts and enhanced email access protocols.

HIPAA Journal reported that there has been an upward trend in health care data breaches over the last few years. A few years ago, Anthem, the second biggest health insurance company in the U.S., was sued by the government over the largest breach in the healthcare sector owing to a phishing email, which exposed an estimated 80 million patient records.

Don't want to make the news for the wrong reasons? Download ManageEngine Exchange Reporter Plus, a wholesome Exchange mailbox monitoring and reporting tool, to ward off any mail-bound threats

How can ManageEngine help prevent such attacks?

ManageEngine Exchange Reporter Plus provides a host of reports that help you locate suspicious emails, both sent and received, based on keywords in their subject or body.

It also allows you to locate emails based on:

• Attachment name:Displays all messages in your organization that have a specific attachment name. By knowing the name of the malicious files, you can take necessary steps to ward off email-bound threats.
• Attachment type:Sort and isolate mailbox content based on file format attachments that are possible carriers of malicious software.
• Attachment size:Filter emails by size so you can easily spot the ones consuming too much space in your Exchange environment.

In attacks where the content and sender information vary, you can customize mailbox content reports to include all the keywords these different emails use to immediately detect malicious emails.

Get started now with your free, 30-day trial of ExchangeReporter Plus.