Logins, personal information and tax info were all exfiltrated ahead of the ransomware attack, thanks to a phishing email. Magellan Health, the Fortune 500 insurance company, has reported a ransomware attack and a data breach. The company, which says it “empowers 1 in 10 Americans to lead healthier, more vibrant lives” according to its website, said the incident was discovered on April 11. It also said that it became apparent during a forensic investigation that the ransomware attack was the final stage in a longer campaign. The unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client,” according to a letter sent to victims and filed with the State of California. “Once the incident was discovered, Magellan immediately retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident. The investigation revealed that prior to the launch of the ransomware, the unauthorized actor exfiltrated a subset of data from a single Magellan corporate server, which included some of your personal information.”
Source: Threatpost
