Magellan Health Inc revealed that they have been affected by a ransomware attack on April 11, 2020, which resulted in the theft of personal information from one of its corporate servers.
Magellan Health, listed on the Fortune 500 list of the largest US corporations by total revenue, has customers with health plans and other managed care organizations, labor unions, employers, military and governmental agencies, as well as third-party administrators.
Magellan’s systems were accessed by unauthorized actors after sending a phishing email on April 6 that impersonated a Magellan client.
After being aware of the attack, the healthcare giant hired the services of cybersecurity firm Mandiant to help with the investigation and also reported the attack to law enforcement agencies.
The threat actors managed to steal and exfiltrate a subset of data from a single Magellan corporate server including sensitive personal information.
John J. DiBernardi Jr, SVP & Chief Compliance Officer of Magellan, reported in the breach notification that in some instances, the unauthorized actor also used a piece of malware designed to steal login credentials and passwords.
The exfiltrated records include personal information such as name, address, employee ID number, and W-2 or 1099 details such as Social Security number or Taxpayer ID number and, in limited circumstances, may also include usernames and passwords.”
The company stated that there has been no fraud attempts or misuse of stolen personal information stolen during the attack.
They assured that they have taken several additional measures to further strengthen the security policies and protocols. All the impacted users will be updated as the investigation continues.