1.2 million patients’ info exposed after MEDNAX phishing attack

Featured image

Share this article

1.2 Million Patients Info Exposed After MEDNAX Phishing Attack - Paubox

MEDNAX is a healthcare business associate that provides revenue cycle management and other administrative services. The company recently announced that it had suffered an email data breach, and 1,290,670 patients potentially had their protected health information (PHI) exposed.

What happened?

A hacker gained access to multiple email accounts of MEDNAX employees. While the Microsoft 365-hosted accounts were separate from MEDNAX’s internal network and systems, the hacker still had access to over 1.2 million patients’ PHI from company emails.

The potentially exposed information included patient names, addresses, birth dates, Social Security numbers, financial information, and more.

How did the hacker gain access to employee accounts?

The hacker was able to gain access after employees responded to phishing emails, which are designed to get people to share personal and online account information that hackers can use for their own gain.

The continued success of email phishing attacks proves that humans are the weakest security link. Companies should make it a priority to train employees on how to recognize phishing emails and other scams.

SEE ALSO: What Is Social Engineering and Why Healthcare Is Vulnerable

How MEDNAX responded to the phishing attack

The investigation said there was no evidence of PHI misuse, but the company is offering free identity monitoring services for one year for affected patients.

MEDNAX is also enhancing its security protocols following the email breach and has changed the passwords of affected email accounts. 

The company reported the data breach to the HHS Office of Civil Rights, but it didn’t file within 60 days of discovery. MEDNAX may face further fines for not reporting the hack within the appropriate timeline.

How to prevent phishing attacks

Covered entities should make HIPAA compliant email a top priority. Even business associates need rigorous security safeguards to protect PHI. HIPAA laws still apply to them, and they can face serious consequences for not following guidelines.

Paubox Email Suite Plus has key security features to protect you from cyberattacks. It has robust inbound security tools to prevent spam, virus, ransomware, and phishing emails from reaching your users’ inboxes. Our patented ExecProtect feature is also included to mitigate the risk of display name spoofing attacks.

Paubox also easily integrates with Google Workspace, Microsoft 365, or Microsoft Exchange and encrypts all emails by default with no need for portal logins or app downloads. It’s a great solution for protecting your emails with the best security features.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022