On March 15, 2021, SalusCare, the most global provider of behavioral healthcare services in Southwestern Florida experienced a cyber-breach attack. A data breach is an incident that involves the unauthorized or criminal viewing, access, or retrieval of data by an individual or a group of people. It is a type of security breach specially designed to steal or publish data to an unsecured or illegal location.
The attack on Saluscare, breach the data of its patient as well as its employee. It also said that 85,688 patient records along with the employee’s information have been replicated and potentially accessible as a result of a malware attack.
The Fort Myers-based supplier says “its info was last accessed within the week of March 15”. All the employees and the users were tricked and fooled by a fraudulent email. A phishing mail pops up in their email and asked for their security information, such as passwords, PIN, etc. and once they entered, their data gets directly saved into the hacker database. Tom Smoot, a lawyer for Saluscare said that “The organization’s complete database was downloaded to a cloud-based storage account handled by Amazon.”
According to the mental health and addictions provider, it appears that malware is exploiting a vulnerability in the structure of their Microsoft 365 software to access it. After this, Amazon was immediately notified after discovering this breach, and they have voluntarily suspended the culprit access to the stored data. Officials said they hope to find out if, and to what extent, the information was removed from the Amazon pails before access was suspended.
The president and CEO of SalusCare Stacey Cook also asserted a remark after this attack that “While we can’t change what has happened, know that we are taking every measure necessary to safeguard our patient’s and worker’s data and also we apologize for this breach.”
By: Navya Swarup
Campus Ambassador, WCSF