Fortune 500 company Magellan Health Inc. reported that it was the target of an April 11, 2020 ransomware attack which led to the theft of personal information from one of its corporate servers.
Magellan’s customers include insurance insurers and other managed care organizations, trade unions, employers, military and government departments, as well as managers from third parties.
Magellan was compromised via Phishing Attack!
“On April 11, 2020, Magellan discovered it was targeted by a ransomware attack. The unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client,” In a violation report filed with the California Attorney General’s office, Magellan SVP & Chief Compliance Officer John J. DiBernardi Jr says.
Magellan retained cybersecurity firm Mandiant’s services immediately after the incident was discovered to help with the investigation, and reported the attack to law enforcement agencies.
As the investigation revealed, “a subset of data from a single Magellan corporate server” including confidential personal information could be stealed and exfiltrated by the threat actors behind the ransomware attack.
“In limited instances, and only with respect to certain current employees, the unauthorized actor also used a piece of malware designed to steal login credentials and passwords,” DiBernardi Jr said.
“The exfiltrated records include personal information such as name, address, employee ID number, and W-2 or 1099 details such as Social Security number or Taxpayer ID number and, in limited circumstances, may also include usernames and passwords.”
Magellan is not aware of any alleged fraud or misuse of stolen personal information that was taken during the attack, according to the notice letter sent to the affected parties.
Magellan Health was recently the target of a criminal ransomware attack on our company network, which resulted in a temporary systems outage and the exfiltration of certain confidential company and personal information. We are investigating the incident with forensic experts, notifying our customers, employees, impacted individuals, and appropriate government agencies, as applicable, and working with law enforcement authorities.
Unfortunately, these sorts of attacks are increasingly common. We take the safety, security, and reliability of our operations and services with the utmost seriousness. We have taken a number of additional measures to further strengthen our security policies and protocols. We are aggressively investigating this matter and will continue to provide updates to those impacted as the investigation continues.
Past Security Breaches
Last year, Magellan also revealed on September 17 and November 27 that Magellan Rx Management, National Imaging Associates, and three of its subsidiaries, Magellan Healthcare, have been affected by potential data reaches following phishing attack.
With the increase of Cyber Attacks during these times, it is important to stay vigilant and be able to identify phishing attacks like these.