Email hack affects 1,500 associated with a charity

The hacking of an employee’s email account at Catholic Charities of Baltimore has resulted in patients being notified of a potential breach and a review of security measures.

Catholic Charities-CROP.jpg

The hack was a phishing attack conducted in mid-October 2016 in which an employee was tricked into clicking on a malicious link in an email sent to her. About a month later, the employee whose account was hacked reported to the IT department that she was not receiving email.

Also see: How advanced analytics can shore up defenses against data theft

IT immediately discovered that 150 emails from the employee email account had been forwarded to a different account, with another 150 set up to be forwarded but with no indication that they were actually sent.

Catholic Charities has sent a letter to everyone in contact with the affected email account, about 1,500, and has given information on precautions to take.

Affected individuals also are being urged to call Catholic Charities if they are contacted by persons claiming to be associated with the organization.

Also See: 5 things to do when your organization gets hacked

Compromised data included names, addresses, phone numbers, dates of birth, insurance identification numbers, a unique Catholic Charities identifier assigned to individuals, name or type of providers, and diagnostic and treatment information.

A small number of individuals whose Social Security numbers were compromised are being offered one year of identity protection services.

For reprint and licensing requests for this article, click here.