Post Attack, Aspire Health Subpoenas Google
On behalf of Aspire Health, Nelson, Mullins, Riley & Scarborough, LLP filed a federal case against John Doe 1 in Tennessee Middle District Court on September 21, 2018. Becker’s Health IT & CIO Report (HR) said the attack originated from an IP address in Eastern Europe with Google as the registrar; thus, Aspire returned to federal court on September 25 to file a motion to subpoena Google for more information on the unidentified suspect referred to as John Doe 1 in the court documents.
"The proposed subpoena to Google should provide information showing who has accessed and/or maintains the phishing website and the subscriber of the email account that John Doe 1 used in the phishing attack," Aspire attorney James Haltom wrote, according to HR. "This information will likely allow Aspire to uncover and locate John Doe 1."
Aspire reported that on September 3, 2018, a hacker gained access to the company’s internal email system earlier this month, whereby the malicious actor was able to forward in excess of 120 emails to an external email account. The emails reportedly contained confidential and protected patient data. No additional information on the number of patients impacted has been made public thus far, nor are there any details about the specific data included in the stolen information.
“This attack on Aspire Health is a type of email phishing attack that happens all too often. While the ultimate goal of the attacker can vary, the technique of using spear-phishing to lure an unsuspecting person to a fraudulent log-in page to then steal their email login credentials and data that flows through that account, happens regularly,” said Matthew Gardiner, cybersecurity strategist for Mimecast.
“Fortunately there are many solid defenses against this technique, including the use of multi-factor authentication, anti-phishing and email monitoring services, as well as focused user awareness training. Coupled together, these security controls can significantly reduce the risk of these types of attacks being successful.”
Source: Information Security Magazine