We've said it before and we'll say it again: hackers are sneaky. One of their favorite tricks is email that looks like it came from a legitimate source. The email will ask you to click a link, download an attachment or provide information you shouldn't.
We've told you in the past how to spot and avoid these types of emails. However, sometimes a hacker manages to send the right fake email to the right person, and they get everything they want. That's what just happened to one health-care provider.
The provider is Magnolia Health Corporation in Tulare, California. It operates five rehabilitation and nursing-home facilities, but it wasn't patient data that was stolen this time. Instead, the unknown hacker got every scrap of information on MHC's employees.
It started with a hacker gaining access to CEO Kensett Moyle's email account. We don't have the details on how, but it was likely through a targeted phishing scam or he reused a password from a compromised account. It even could have been an inside job.
Once the hacker had control of the account, he or she sent an email to another employee in the company requesting an Excel spreadsheet containing employee information. That information included "Names, Social Security Numbers, employee numbers, home addresses, birth dates, hire dates, seniority dates, salaries, job titles and departments, last date paid and place of employment (facility name)."
The employee, naturally, sent the information without question. That happened on February 3, and the company didn't even realize what had happened until February 10. MHC then sent a letter to employees acknowledging the hack and offering one year of free ID theft protection.