Email hack affects 1,500 associated with a charity
The hacking of an employee’s email account at Catholic Charities of Baltimore has resulted in patients being notified of a potential breach and a review of security measures.
The hack was a phishing attack conducted in mid-October 2016 in which an employee was tricked into clicking on a malicious link in an email sent to her. About a month later, the employee whose account was hacked reported to the IT department that she was not receiving email.
IT immediately discovered that 150 emails from the employee email account had been forwarded to a different account, with another 150 set up to be forwarded but with no indication that they were actually sent.
Catholic Charities has sent a letter to everyone in contact with the affected email account, about 1,500, and has given information on precautions to take.
Affected individuals also are being urged to call Catholic Charities if they are contacted by persons claiming to be associated with the organization.
Compromised data included names, addresses, phone numbers, dates of birth, insurance identification numbers, a unique Catholic Charities identifier assigned to individuals, name or type of providers, and diagnostic and treatment information.
A small number of individuals whose Social Security numbers were compromised are being offered one year of identity protection services.