Healthcare giant Magellan Health hit by ransomware attack

Fortune 500 company Magellan Health Inc announced today that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.

Magellan Health is a for-profit managed health care and insurance firm that ranks 417 on the Fortune 500 list of the largest US corporations by total revenue.

Magellan’s customers include health plans and other managed care organizations, labor unions, employers, military and governmental agencies, as well as third-party administrators.

Attackers phished their way inside Magellan’s systems

“On April 11, 2020, Magellan discovered it was targeted by a ransomware attack. The unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client,” Magellan SVP & Chief Compliance Officer John J. DiBernardi Jr says in a breach notification notice filed with the office of the Attorney General of California.

Magellan retained the services of cybersecurity firm Mandiant immediately after discovering the incident to help with the investigation and reported the attack to law enforcement agencies.

As the investigation unveiled, the threat actors behind the ransomware attack were able to steal and exfiltrate “a subset of data from a single Magellan corporate server,” including sensitive personal information.

“In limited instances, and only with respect to certain current employees, the unauthorized actor also used a piece of malware designed to steal login credentials and passwords,” DiBernardi Jr added.

“The exfiltrated records include personal information such as name, address, employee ID number, and W-2 or 1099 details such as Social Security number or Taxpayer ID number and, in limited circumstances, may also include usernames and passwords.”

According to the notice letter sent to affected parties, Magellan is not aware of any fraud attempts or misuse of stolen personal information stolen during the attack.

When reached by BleepingComputer, Magellan Corporate Communications Vice President Ljiljana Ackley shared the following official statement:

Magellan Health was recently the target of a criminal ransomware attack on our company network, which resulted in a temporary systems outage and the exfiltration of certain confidential company and personal information. We are investigating the incident with forensic experts, notifying our customers, employees, impacted individuals, and appropriate government agencies, as applicable, and working with law enforcement authorities. 

Unfortunately, these sorts of attacks are increasingly common. We take the safety, security, and reliability of our operations and services with the utmost seriousness. We have taken a number of additional measures to further strengthen our security policies and protocols. We are aggressively investigating this matter and will continue to provide updates to those impacted as the investigation continues.

Previous security incidents

Last year, Magellan also disclosed on September 17 and November 27 that Magellan Rx Management, National Imaging Associates, and Magellan Healthcare, three of its subsidiaries, were affected by potential data reaches following phishing attacks.

Magellan said that the attackers were able to gain access to employees’ email accounts on multiple dates, with the company discovering the incidents that exposed member protected health information on July 5 and July 12.

The compromised email accounts “contained information which may have included member’s name, date of birth, health plan member ID#, health plan, provider, diagnosis, drug, and authorization information,” according to Magellan.

In some cases, social security numbers (SSNs) were also exposed for members and providers who use them as taxpayer identification numbers (TIN).

The Company believes the employee may have been the target of a phishing scam and that the purpose of the unauthorized access to the email account was to send out email spam. – Magellan Health

“A third-party expert assisted in the investigation, which found no evidence that the hackers actually accessed, viewed or attempted to use the information in the employee’s email account,” Magellan added.

“It also found no compromise or unauthorized intrusion into any other Company systems containing member personal information.”

Update: Added Magellan Health statement.


Next Post

World’s biggest volcano is barely visible | Science

Wed May 13 , 2020
NOAA By Sid PerkinsMay. 12, 2020 , 11:15 AM Two small, guano-covered islands that peek above the waves in the central North Pacific Ocean are merely the tips of our planet’s largest single volcano, new research reveals. Pūhāhonu—Hawaiian for “turtle surfacing for air”—lies about 1100 kilometers northwest of Honolulu. It […]