| Category | Details |
|---|---|
| Threat Actors | Hackers exploiting a compromised SAG-AFTRA Health Plan employee email account. |
| Campaign Overview | A data breach exposed union members’ sensitive healthcare information, including names, Social Security numbers, health plan participant IDs, and potentially claims and insurance details. |
| Target Regions | SAG-AFTRA Health Plan members, encompassing 160,000 union members (actors, journalists, singers, announcers, and artists). |
| Methodology | Phishing email leading to unauthorized access to an employee’s email account; no breach of the core health plan systems occurred. |
| Product Targeted | Personal and healthcare data stored in email accounts associated with the SAG-AFTRA Health Plan. |
| Malware Reference | Not explicitly mentioned, but phishing-related methods were used. |
| Tools Used | Phishing emails to gain access; exfiltration of email-stored sensitive information. |
| Vulnerabilities Exploited | Human error via phishing leading to email account compromise; delayed notification (over two months) allowed extended exploitation of exposed data. |
| TTPs | - Phishing to compromise email accounts. - Exfiltration of PII/PHI, enabling identity theft and creating risk profiles for victims. |
| Attribution | SAG-AFTRA Health Plan acknowledged the breach; hackers remain unidentified. |
| Recommendations | - Implement robust phishing training for employees. - Adopt advanced email security solutions. - Ensure rapid breach notification. - Provide impacted individuals with credit monitoring and identity theft protection. |
| Source | The Record |
Read full article: https://therecord.media/screen-actors-guild-health-plan-sued-over-data-breach
The above summary has been generated by an AI language model
Leave a Reply