On June 1st, the Florida Agency for Persons with Disabilities (FAPD) disclosed that a phishing attack had compromised a single email account. The email account contained information that had PHI of over 1,951 customers and/or guardians. Although no evidence was gathered that indicated the information was accessed, FAPD could not completely rule out that it had not been. As a result, FAPD is providing the potentially affected patients with breach credit monitoring services for the following year for free.
The Proficio Threat Intelligence Recommendations:
- Implement multi-factor authentication for email access of users that may access ePHI
- Validate that auditing has been enabled to prove what emails were accessed during a user session
- Limit email access to IP addresses geolocated within the organization’s place of business
General Info – Click Here