Health Information of 350,000 Oregon DHS Clients Exposed After Phishing Attack

The Oregon Department of Human Services (DHS) recently notified the public that the personal health information of over 350,000 clients had been exposed. An investigation by the Oregon DHS security team determined the cause of the data breach: A phishing URL was clicked by nine employees, compromising employee email account information and mailboxes.

[READ: Caught in the Net: Unraveling the Tangle of Old and New Threats]

According to the press release, Oregon DHS employees received a spear-phishing email on January 8, 2019. The compromised mailboxes reportedly contained nearly 2 million emails. On January 28, it was confirmed that clients’ personal health information, or protected health information (PHI), had been accessible to unauthorized persons. Oregon DHS said that it was able to stop further unauthorized access to the compromised mailboxes, but it could not confirm if any PHI had been stolen or inappropriately used.

The clients’ exposed PHI is covered by the Health Insurance Portability and Accountability Act (HIPAA) and the incident is considered a breach under the Oregon’s Identity Theft Protection Act. Information that may have been potentially compromised in the data breach includes the following: first and last names, addresses, dates of birth, Social Security numbers, case number, and other information used to administer DHS programs.

Cybercriminals are using more varied schemes for phishing attacks to compromise email accounts, among other services. In January, the U.S. Secret Service shared information regarding spear-phishing emails that seem to link to an encrypted document. When users click on the URL, they will be asked to enter their email account credentials via a fake Office 365 login request form. If the users fall for it, cybercriminals gain access to their email accounts.

[Read: Outsmarting Email Hackers Using AI and Machine Learning]

Recommendations and Trend Micro Solutions

Phishing emails that steal email account credentials to take over mailboxes are still widely distributed. In 2018, the Trend Micro™ Cloud App Security™ solution detected and blocked 3,530,495 phishing emails that relied on highly deceptive tricks, for example, using legitimate-looking but bogus login pages, to harvest user credentials.

To avoid falling victim to credential phishing attacks and other advanced email threats, organizations should consider using advanced security technologies.

Cloud App Security, an additional security layer that can be used with existing email gateways, uses artificial intelligence (AI) and computer vision technology to help detect and block attempts at credential phishing. If a suspected phishing email is received by an employee, it will go through sender, content, and URL reputation analyses. After that, an inspection of the remaining URLs using computer vision and AI follows to check if a legitimate login page’s branded elements, login form, and other website components are being spoofed.

Aside from using advanced email solutions, organizations can also train employees by informing them of best practices against email threats and deploying our free phishing simulation and user training.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.